ThinkChat🤖让你学习和工作更高效,注册即送10W Token,即刻开启你的AI之旅 广告
mysql-5.5安装 yum install mariadb mariadb-server 创建xcloud 数据库 create database xcloud; create database monitoring; grant all on xcloud.* to xcloud@'%' identified by 'redhat'; grant all on monitoring.* to monitoring@'%' identified by 'redhat'; mysql -u'xcloud' -p'redhat' -h harbor.sinux.com.cn -B xcloud < xcloud.sql 导入平台镜像 docker load --input ele-noah.tar docker load --input xcloud.tar docker push harbor.sinux.com.cn/noah-cloud/xcloud:782b208735d7b4eef59652a585a63baa84080bd7 docker push harbor.sinux.com.cn/noah-cloud/ele-noah:5a25e244c45bd1cf07c19e64c23f08e6767fa4cd 创建平台服务 kubectl apply -f noah-ns.yaml kubectl apply -f ele-noah.yaml -f xcloud.yaml kubectl apply -f noah-demo.sinux.com.cn.yaml --insecure-bind-address=0.0.0.0 ### 创建管理用户及绑定用户权限 cat admin-user.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-cluster.local namespace: kube-system --- ### 绑定RBAC用户角色 apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-cluster.local roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-cluster.local namespace: kube-system 执行kubectl create命令 kubectl create -f admin-user.yaml ### 获取token 现在我们需要找到新创建的用户的Token,以便用来访问集群: kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-cluster.local | awk '{print $1}') 输出类似: Name: admin-cluster.local-token-xpm5v Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name=admin-cluster.local kubernetes.io/service-account.uid=0610610c-84e7-11e8-98de-00163e02d9ff Type: kubernetes.io/service-account-token Data ==== ca.crt: 1090 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi1jbHVzdGVyLmxvY2FsLXRva2VuLXhwbTV2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLWNsdXN0ZXIubG9jYWwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNjEwNjEwYy04NGU3LTExZTgtOThkZS0wMDE2M2UwMmQ5ZmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tY2x1c3Rlci5sb2NhbCJ9.cAWNuOVtS5kO1fk_rnLfAC1ABHzWm0PciDLyUgk_49IAVfd3_Ni7TM6taOC3OB_ExZywT6qTbHZycrLzIJrgkao9J6-p5affPVmcRjWI-Lypr6alDC_mb5h4Vari80iKnucCNpqQ9uSfmBgQNeBDaWHBlfa578fAq6S2PfBRtOkVlqthnVmCtbeEFcr5OmrHR1MdyP1fubksYwEqg2QWQCndBCnlefplRfheyOFRbNcFdCBYONc7zgqxfKLNRRPRfTj2dPVM8KIfUgTP7G_ap1RIEOtWDDvyUok9hEWHAapykKhvtC6ijvfHiA9CtGFB_R75Tj_RihsYdhyJIctEBw ### 允许ngress-NginX传递自定义header --- apiVersion: v1 kind: ConfigMap metadata: name: ingress-nginx namespace: kube-system labels: k8s-app: ingress-nginx data: map-hash-bucket-size: '128' ssl-protocols: "SSLv2 TLSv1 TLSv1.1 TLSv1.2" enable-underscores-in-headers: "true"