环境 参考文档: https://masastack.github.io/helm/
docker 安装 Docker Desktop ,目前版本的 Docker Desktop 附带一个 kubernetes ,在设置里启用 kubernetes , 就可以跳过后续的 kubernetes 和 kubectl 的安装.
kubernetes 参考:https://kubernetes.io/zh-cn/docs/tasks/tools/
kubectl 参考:https://kubernetes.io/zh-cn/docs/tasks/tools/
coredns 修改(本地运行才需要) 把现有coreDns配置导出,然后修改
Powershell 1 2 kubectl -n kube-system get configmap/coredns -o yaml > coredns.yaml
修改 coredns.yaml 文件
在 .:53 配置节加入
coredns.yaml 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 hosts { 127.0.0.1 pm-ui-local-demo.masastack.com 127.0.0.1 pm-server-local-demo.masastack.com 127.0.0.1 auth-sso-local-demo.masastack.com 127.0.0.1 auth-server-local-demo.masastack.com 127.0.0.1 auth-ui-local-demo.masastack.com 127.0.0.1 dcc-server-local-demo.masastack.com 127.0.0.1 dcc-ui-local-demo.masastack.com 127.0.0.1 alert-server-local-demo.masastack.com 127.0.0.1 alert-ui-local-demo.masastack.com 127.0.0.1 mc-server-local-demo.masastack.com 127.0.0.1 mc-ui-local-demo.masastack.com 127.0.0.1 tsc-server-local-demo.masastack.com 127.0.0.1 tsc-ui-local-demo.masastack.com 127.0.0.1 scheduler-server-local-demo.masastack.com 127.0.0.1 scheduler-worker-local-demo.masastack.com 127.0.0.1 scheduler-ui-local-demo.masastack.com fallthrough }
这里的域名请参考 安装
应用修改到集群
Powershell 1 2 3 4 5 6 kubectl apply -f coredns.yaml # 重启coredns的容器 kubectl rollout restart deploy/coredns -n kube-system
helm windows 使用 winget 安装, 此方法目前有缺陷,可以使用其它方式安装 https://helm.sh/docs/intro/install/
1 winget install Helm.Helm
如果安装后不能执行 helm 命令,请修改用户的 Path 环境变量
旧的变量,应该如下格式:C:\Users\{{yourusername}}\AppData\Local\Microsoft\WinGet\Packages\Helm.Helm_Microsoft.Winget.Source_{{XXXXXXX}}
需要在这个后面加 \windows-amd64
dapr 参考:https://docs.dapr.io/operations/hosting/kubernetes/kubernetes-deploy/#install-dapr-a-private-dapr-helm-chart
1 2 helm upgrade --install dapr dapr/dapr --version=1.10 --namespace dapr-system --create-namespace --create-namespace --wait kubectl get pods --namespace dapr-system #验证安装
nginx-ingress 参考:https://kubernetes.github.io/ingress-nginx/deploy/
1 2 helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace kubectl get pods --namespace ingress-nginx #验证安装
修改 Hosts 文件 host 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 127.0.0.1 pm-ui-local-demo.masastack.com 127.0.0.1 pm-server-local-demo.masastack.com 127.0.0.1 auth-sso-local-demo.masastack.com 127.0.0.1 auth-server-local-demo.masastack.com 127.0.0.1 auth-ui-local-demo.masastack.com 127.0.0.1 dcc-server-local-demo.masastack.com 127.0.0.1 dcc-ui-local-demo.masastack.com 127.0.0.1 alert-server-local-demo.masastack.com 127.0.0.1 alert-ui-local-demo.masastack.com 127.0.0.1 mc-server-local-demo.masastack.com 127.0.0.1 mc-ui-local-demo.masastack.com 127.0.0.1 tsc-server-local-demo.masastack.com 127.0.0.1 tsc-ui-local-demo.masastack.com 127.0.0.1 scheduler-server-local-demo.masastack.com 127.0.0.1 scheduler-worker-local-demo.masastack.com 127.0.0.1 scheduler-ui-local-demo.masastack.com
安装 1 2 3 helm upgrade --install masastack masastack/masastack --version 1.0.0-rc1 --namespace masastack --create-namespace --set 'global.suffix_identity=local' kubectl get pods --namespace masastack #验证安装 kubectl get ingress -n masastack # 查看绑定的域名
global.suffix_identity 用于定义自己的域名前缀, 本文使用的是 local,所以域名里有 -local
卸载 1 2 helm uninstall masastack -n masastack # helm uninstall masastack --namespace masastack
常用变量
变量名
备注
global.sqlserver.{ip, id, port, password}
使用外部数据库的时候配置,ip 地址,账号,端口和密码
global.redis.{ip, db, port, password}
使用外部 redis 的配置
global.elastic.{ip, port}
使用外部 elasticsearch 的配置
global.prometheus{ip, port}
使用外部 prometheus 的配置
global.suffix_identity
env 配置环境变量,针对本地多环境来使用
global.volumeclaims.{enabled, storageSize, storageClassName}
分别是启动 StorageClass 存储,指定存储空间大小,指定相应的 StorageClass,若无指定使用默认 sc
middleware-{redis, prometheus, sqlserver, otel, elastic}.service.type
ClusterIP, NodePort,默认为 ClusterIP,主要为服务提供外部方位时修改
middleware-{redis, prometheus, sqlserver, otel, elastic}.service.nodePort
例如,32200 ;结合 type 使用,指定需要的端口
生成临时的 tls 证书提供给 ingress 使用(可选,未校验) 1 2 3 4 kubectl create secret tls --cert=./tls.crt --key=./tls.key -n masastack helm upgrade -–install masastack masastack/masastack -–namespace masastack -–create-namespace -–set global.secretName --set global.domain # domain_name 修改为你自签证书中的<Common Name>
Country Name 国家名称: ZH
State or Province Name 省份: ZheJiang
Locality Name 城市: WenZhou
Organization Name 组织名称/公司名称: Masastack
Organizational Unit Name 组织单位名称/公司部门: Masastack
Common Name 域名: .masastack.com (这里是域名里的 代表的是泛域名)
Email Address 邮箱地址: 123@masastack.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@a.test]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt Generating a 2048 bit RSA private key ...........................................+++ ........................................................+++ writing new private key to 'tls.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:ZH State or Province Name (full name) []:ZheJiang Locality Name (eg, city) [Default City]:WenZhou Organization Name (eg, company) [Default Company Ltd]:Masastack Organizational Unit Name (eg, section) []:Masastack Common Name (eg, your name or your server's hostname) []:*.masastack.com Email Address []:123@masastack.com
1 2 [root@a.test]# ls tls.crt tls.key
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 [root@a.test]# cat tls.crt -----BEGIN CERTIFICATE----- MIIEATCCAumgAwIBAgIJAJOEQs4wPXutMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD VQQGEwJaSDERMA8GA1UECAwIWmhlSmlhbmcxEDAOBgNVBAcMB1dlblpob3UxEjAQ BgNVBAoMCU1hc2FzdGFjazESMBAGA1UECwwJTWFzYXN0YWNrMRgwFgYDVQQDDA8q Lm1hc2FzdGFjay5jb20xIDAeBgkqhkiG9w0BCQEWETEyM0BtYXNhc3RhY2suY29t MB4XDTIzMDEwOTE1MTcxNFoXDTI0MDEwOTE1MTcxNFowgZYxCzAJBgNVBAYTAlpI MREwDwYDVQQIDAhaaGVKaWFuZzEQMA4GA1UEBwwHV2VuWmhvdTESMBAGA1UECgwJ TWFzYXN0YWNrMRIwEAYDVQQLDAlNYXNhc3RhY2sxGDAWBgNVBAMMDyoubWFzYXN0 YWNrLmNvbTEgMB4GCSqGSIb3DQEJARYRMTIzQG1hc2FzdGFjay5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ziMVhIKDcq4vKMniTeN2k6fUcNn1 mnyBmgVql8VK+GHplK+AuMmXEUG0qZyf+69ckD/PtKmDUMQvk3zoU3/MkBh4DdUs Zfs61/iUy4ZRkvraMZQrzOmZ/B6nG9pqvzeopicGHsDz8GVpaC3qLysJZsV3PaNh 3tLoPlETODRkAAvWYzlMEdorhzg375Y30uXap2eGEYfYSDyyvD0LZveyfLVBm6iJ 9uQ86MLf4U3nKnYTKh6XsurZxke6K4gMm++SilmeUOPWwUcqGv3Y8mP05TSaOv30 fBYVsvlHq6ah3H5T3WoiZk1H5IJxUfJFEe6XfZ3SpcQ1wCljHKKmOodNAgMBAAGj UDBOMB0GA1UdDgQWBBTgwBY9JasUUUT5omN7HfMxZEWO0TAfBgNVHSMEGDAWgBTg wBY9JasUUUT5omN7HfMxZEWO0TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA A4IBAQCrfhnfg7HhLQ7sNxlaSlKqDi6il7AXrDq7z/xdv17NVXEKCCxq4wSJq9zG /x3pe5sDd4LiT0oYm9zl17LTiIK90nREqx0YSBgCh10y1j1chihHNso4FLqs5Esg FpLXk1cnr440mXluQLxUJt+pzdd1LAE7UDRmyZZAJdJWrdmFkNNhGQWeTXROgznb PFCP3UqsG+jhkRrFqOjMtJQXmj8AZa1J14yv5aTUVzkErVS4VqngNK+ETTGNiaXC 0faqJ49yLThphbVhvx9aGqlru34EmXfsp8h+VQRh1pVi/MNZcIFtcIh6GvMWNGlX gAcaZhAEE95MM16OmVXyKDgtqTtu -----END CERTIFICATE----- [root@a.test]# cat tls.key -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/ziMVhIKDcq4v KMniTeN2k6fUcNn1mnyBmgVql8VK+GHplK+AuMmXEUG0qZyf+69ckD/PtKmDUMQv k3zoU3/MkBh4DdUsZfs61/iUy4ZRkvraMZQrzOmZ/B6nG9pqvzeopicGHsDz8GVp aC3qLysJZsV3PaNh3tLoPlETODRkAAvWYzlMEdorhzg375Y30uXap2eGEYfYSDyy vD0LZveyfLVBm6iJ9uQ86MLf4U3nKnYTKh6XsurZxke6K4gMm++SilmeUOPWwUcq Gv3Y8mP05TSaOv30fBYVsvlHq6ah3H5T3WoiZk1H5IJxUfJFEe6XfZ3SpcQ1wClj HKKmOodNAgMBAAECggEAURwY1gadMn0Sj7rN9Lc/U2uJc1rtsODNefjqBXN86QE0 VpSbyvFZvlp70KxRIY5LT/doJKufa3qCHCRgk9aLmrPsxQgEd6wAm5es9S9D88cV 8aM5p3QV7Roi1EQBD1chcF4i7oGe0wl7uSFnGTstFeKx6oTUTJTv12pS2q/P5+Ep AIO+y8uyVWMe3xYAKi00y9ewPtxX42T9lRDqGrzfo8OnxPImH+Z4JLkKixZTUsqk ipldq5AmUGLKTJ5yfd+0XKVGqZxU17QHrMwfX/tlEBhURnFzihSi2NfTX/p0KAnm 5bQxHDzkY5grzyj0pXjaB6YgPHdSCLdq/lQNJlO5QQKBgQDxwcRXf9jp3AWlNY8L ho0cjB12pBsLScWSfkoeYbFy8x/+VqFbdeI5O0GoSxRpJq4CppwEgJzdqNUuHubZ 39g/XQdwKLtMjpa49poTqMYT4UnMoPb502U+R7j/26hyltzdU5uufM3lfX7fhC5W HtkQAptGSKPj7s4JWUgHxh93KQKBgQDLGvzGfy32thAL7CTzQYuOJFt1YEkUKQD7 4TbE5iE9SFaHp57qrujKdRakAuGi9EUufAmZ1Qqw3pwOUviS8MttSpzNDlJXAlMr ASAuYFQrwraUHtOi69Nr2EwlgPIThgAsq9ZL9wyMXY8d9CJDW3hVbEHpQoPzKFtz Ust3CBOHhQKBgQCCxDWowp2Y+YsQLuU97by8WUnCl8eNFo1IzQjYYC10qO+ASmmj KCOCo3vDRUE4E1UCWA6CHPM8rosJFGv4I607sN1KHK4bHfGHANScl6j0reKWTebp gR/9TRxTQQRfXxz+lq/Z9OYGIRiUXFIYAT2V/GLy5G3J560Iv4NHuTHh6QKBgQC8 TEXjZU9gtgQEeab8G11dp5lfJag615UA8BhNzaktXp5SX/W2T/ikko8t+TnlUJ++ 6+Iey2OA/LEjmoq3+CQxLAZZGZj+77nZWc7TEB2ZAIkyo63EEuzMxBg8gOJtdUM+ JwWjIeRxUd/4fjkxx2C1mYs1zaP1UAoQzcaykTtB3QKBgEkuz/m+4YoBZDrijtJg QPFxv48JdNNaMvN4CzFk94z9CuPZcdYoRmL1+xZNUM0eUbRG88dZgswhqXUHD067 OHoUyq+WExA99lTAGaRvGgnjJTxt8E2tZpHhV55IoPhJJFNtSN/aB1PcGuZ7+TNc vbRG7sTyTM2AkQiL0PLWQBBv -----END PRIVATE KEY-----
完成证书设置之后通过 kubectl 的命令来导入证书提供 masastack 使用
1 kubectl create secret tls masastack --cert=./tls.crt --key=./tls.key -n masastack
