在 Ubuntu 19.10 上使用 microk8s 來架構 Kubernetes 服務

###### tags: `Ubuntu` `Kubernetes` `microk8s` # 在 Ubuntu 19.10 上使用 microk8s 來架構 Kubernetes 服務 ## 安裝 ``` $ snap install microk8s --classic $ snap list microk8s Name Version Rev Tracking Publisher Notes microk8s v1.16.2 993 stable canonical✓ classic $ sudo usermod -a -G microk8s $USER $ newgrp microk8s #暫時先取得群組權限，重新啟動系統後就不需要執行這個指令了。 ``` ## 查看狀態 ``` $ microk8s.status microk8s is running addons: cilium: disabled dashboard: disabled dns: disabled fluentd: disabled gpu: disabled helm: disabled ingress: disabled istio: disabled jaeger: disabled knative: disabled linkerd: disabled metrics-server: disabled prometheus: disabled rbac: disabled registry: disabled storage: disabled $ microk8s.kubectl get nodes NAME STATUS ROLES AGE VERSION 9527 Ready <none> 6m16s v1.16.2 $ microk8s.kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 6m31s ``` ## 使用 dashboard https://microk8s.io/docs/addon-dashboard ``` $ microk8s.enable dashboard Applying manifest serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created service/monitoring-grafana created service/monitoring-influxdb created service/heapster created deployment.apps/monitoring-influxdb-grafana-v4 created serviceaccount/heapster created clusterrolebinding.rbac.authorization.k8s.io/heapster created configmap/heapster-config created configmap/eventer-config created deployment.apps/heapster-v1.5.2 created If RBAC is not enabled access the dashboard using the default token retrieved with: token=$(microk8s.kubectl -n kube-system get secret | grep default-token | cut -d " " -f1) microk8s.kubectl -n kube-system describe secret $token In an RBAC enabled setup (microk8s.enable RBAC) you need to create a user with restricted permissions as shown in: https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md ``` 先把 token 找出來等一下要用 ``` $ token=$(microk8s.kubectl -n kube-system get secret | grep default-token | cut -d " " -f1) $ microk8s.kubectl -n kube-system describe secret $token Name: default-token-kk2mz Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: default kubernetes.io/service-account.uid: 3f2b6305-fa1e-4e7a-ab24-a727253b216e Type: kubernetes.io/service-account-token Data ==== ca.crt: 1103 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlBPS1dvZDJWbzN6bms4QnRtbzg3U2RpQmdFNHFVVGdwV21YMU1qN3hhek0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLWtrMm16Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzZjJiNjMwNS1mYTFlLTRlN2EtYWIyNC1hNzI3MjUzYjIxNmUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.htCICXMXK_pVnd9XwJRNHAtXlgrjJQilfarEPv2RAqScJOkhD_fymWVuABYUnja_I3D4foXQ_MoxQGxUdAgjeIRz0ZcTiMRoAQcBTFQxCstNz7xVMeWz6Rfh1nd9YSXlr0LmzRY4sEPWLalyH48OtqePjVQGTlIUaLEfvzlG4aE0oWt_PiiMw8DlC3AKhYk_tyxdm34OjOBOfUiBINg1_-0DdAeLREU8dTvofOrY_jbIWGZDIiGlFjmlndpH1D_meF4l5KwgAtoQfayhTfkLXD6VL7BGoPz-74Q0ENhRLHnsHKvr6wl6a3aYaCyL-4I0x8DT2lb9Y0pe0d5M8qqm7A ``` 啟動 proxy 後可以透過 http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 這個網址跟上面找到的 token 來登入 ``` $ microk8s.kubectl proxy --accept-hosts=.* --address=0.0.0.0 ``` ## 參考文件 * https://www.inwinstack.com/2018/04/17/what-is-kubernetes-part1/ * https://microk8s.io/docs/