mysql-5.5安装
apt install mariadb mariadb-server
创建xcloud 数据库
create database xcloud;
create database monitoring;
grant all on xcloud.* to xcloud@'%' identified by 'redhat';
grant all on monitoring.* to monitoring@'%' identified by 'redhat';
mysql -u'xcloud' -p'redhat' -h harbor.sinux.com.cn -B xcloud < xcloud.sql
导入平台镜像
docker load --input ele-noah.tar
docker load --input xcloud.tar
docker push harbor.sinux.com.cn/noah-cloud/xcloud:782b208735d7b4eef59652a585a63baa84080bd7
docker push harbor.sinux.com.cn/noah-cloud/ele-noah:5a25e244c45bd1cf07c19e64c23f08e6767fa4cd
创建平台服务
kubectl apply -f noah-ns.yaml
kubectl apply -f ele-noah.yaml -f xcloud.yaml
kubectl apply -f noah-demo.sinux.com.cn.yaml
--insecure-bind-address=0.0.0.0
### 创建管理用户及绑定用户权限
cat admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-cluster.local
namespace: kube-system
---
### 绑定RBAC用户角色
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-cluster.local
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-cluster.local
namespace: kube-system
执行kubectl create命令
kubectl create -f admin-user.yaml
### 获取token
现在我们需要找到新创建的用户的Token,以便用来访问集群:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-cluster.local | awk '{print $1}')
输出类似:
Name: admin-cluster.local-token-xpm5v
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=admin-cluster.local
kubernetes.io/service-account.uid=0610610c-84e7-11e8-98de-00163e02d9ff
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1090 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi1jbHVzdGVyLmxvY2FsLXRva2VuLXhwbTV2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLWNsdXN0ZXIubG9jYWwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNjEwNjEwYy04NGU3LTExZTgtOThkZS0wMDE2M2UwMmQ5ZmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tY2x1c3Rlci5sb2NhbCJ9.cAWNuOVtS5kO1fk_rnLfAC1ABHzWm0PciDLyUgk_49IAVfd3_Ni7TM6taOC3OB_ExZywT6qTbHZycrLzIJrgkao9J6-p5affPVmcRjWI-Lypr6alDC_mb5h4Vari80iKnucCNpqQ9uSfmBgQNeBDaWHBlfa578fAq6S2PfBRtOkVlqthnVmCtbeEFcr5OmrHR1MdyP1fubksYwEqg2QWQCndBCnlefplRfheyOFRbNcFdCBYONc7zgqxfKLNRRPRfTj2dPVM8KIfUgTP7G_ap1RIEOtWDDvyUok9hEWHAapykKhvtC6ijvfHiA9CtGFB_R75Tj_RihsYdhyJIctEBw
### 允许ngress-NginX传递自定义header
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx
namespace: kube-system
labels:
k8s-app: ingress-nginx
data:
map-hash-bucket-size: '128'
ssl-protocols: "SSLv2 TLSv1 TLSv1.1 TLSv1.2"
enable-underscores-in-headers: "true"