如何分析metrics-serverTLS
这期内容当中小编将会给大家带来有关如何分析metrics-server TLS,文章内容丰富且以专业的角度为大家分析和叙述,阅读完这篇文章希望大家可以有所收获。
创新互联,为您提供网站建设、成都网站制作、网站营销推广、网站开发设计,对服务铜雕雕塑等多个行业拥有丰富的网站建设及推广经验。创新互联网站建设公司成立于2013年,提供专业网站制作报价服务,我们深知市场的竞争激烈,认真对待每位客户,为客户提供赏心悦目的作品。 与客户共同发展进步,是我们永远的责任!
下载metrics-server
准备证书
cat << EOF | tee /opt/kubernetes/ca_json/metrics-server.json { "CN": "metrics-server", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "Shanghai", "L": "Shanghai", "O": "k8s", "OU": "System" } ] } EOF
生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes metrics-server.json | cfssljson -bare ./metrics-server
kube-apiserver需添加的参数
--proxy-client-cert-file=/opt/kubernetes/ssl/metrics-server.pem --proxy-client-key-file=/opt/kubernetes/ssl/metrics-server-key.pem --requestheader-allowed-names=aggregator --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --enable-aggregator-routing=true
创建secret
kubectl create secret generic metrics-server-certs --from-file=metrics-server-key.pem --from-file=metrics-server.pem -n kube-system
修改metrics-server-deployment.yaml
--- apiVersion: v1 kind: ServiceAccount metadata: name: metrics-server namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: name: metrics-server namespace: kube-system labels: k8s-app: metrics-server spec: selector: matchLabels: k8s-app: metrics-server template: metadata: name: metrics-server labels: k8s-app: metrics-server spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} - name: metrics-server-certs #添加 secret: #添加 secretName: metrics-server-certs #添加 containers: - name: metrics-server image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 imagePullPolicy: IfNotPresent args: - --cert-dir=/tmp - --tls-cert-file=/certs/metrics-server.pem #添加 - --tls-private-key-file=/certs/metrics-server-key.pem #添加 - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP #添加 - --secure-port=4443 ports: - name: main-port containerPort: 4443 protocol: TCP securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - name: tmp-dir mountPath: /tmp - name: metrics-server-certs #添加 mountPath: /certs #添加 nodeSelector: kubernetes.io/os: linux kubernetes.io/arch: "amd64"
kubectl create -f metrics-server/deploy/kubernetes/
注:master上需配置kubelet并启动
上述就是小编为大家分享的如何分析metrics-server TLS了,如果刚好有类似的疑惑,不妨参照上述分析进行理解。如果想知道更多相关知识,欢迎关注创新互联行业资讯频道。
分享名称:如何分析metrics-serverTLS
网址分享:http://scyanting.com/article/ipohhg.html