kubectl get secret -n kubernetes-dashboard
kubectl describe secret dashboard-admin-token-xp78c(自己的东西(上面输出)) -n kubernetes-dashboard
#################################################################minikube#################################################################
#################################################################minikube#################################################################
#################################################################minikube#################################################################
curl -LO https://storage.googleapis.com/minikube/releases/1.18.1/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
#其他参数都是废物, 只用一个cn就够了,--driver是为了声明容器驱动,不用就没有进入到Minikube操作docker的麻烦,但是系统隔离性不好
minikube start --image-mirror-country='cn' --driver='docker'
kubectl get pod --all-namespaces
# 必须使用非root用户
adduser doc
passwd doc
groupadd docker
visudo
#添加 doc ALL=(ALL) ALL
sudo usermod -aG docker $USER && newgrp docker
systemctl restart docker
#暴露端口,给外部访问
kubectl proxy --port=8001 --address='0.0.0.0' --accept-hosts='^.*' & #8001是待会外网访问的端口,0.0.0.0代替的是127.0.0.1
#在阿里云开放端口
http://47.243.166.91:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
#################################################################istio#################################################################
#################################################################istio#################################################################
#################################################################istio#################################################################
#minikube 是doc用户添加的,所以 istioctl install --set profile=demo -y 必须用doc执行,否则报没开启8080端口错误
istioctl install --set profile=demo -y
####官方文档https://istio.io/latest/zh/docs/setup/getting-started/
kubectl label namespace default istio-injection=enabled
kubectl get services
kubectl get pods
####官方文档的这里有错误, 不能直接复制粘贴
kubectl exec "$(kubectl get pod -l app=ratings -o jsonpath='{.items[0].metadata.name}')" -c ratings -- curl -s productpage:9080/productpage | grep -o "<title>.*</title>"
istioctl analyze
# 如果端口被占用:
#Warning [IST0103] (Pod hello-minikube-6ddfcc9757-mdt2m.default) The pod is missing the Istio proxy. This can often be resolved by restarting or redeploying the workload.
#Info [IST0118] (Service hello-minikube.default) Port name (port: 8080, targetPort: 8080) doesn't follow the naming convention of Istio port.
kubectl delete services hello-minikube
kubectl delete deployment hello-minikube
systemctl delete pod hello-minikube-6ddfcc9757-mdt2m.default
#No validation issues found when analyzing namespace: default.
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
echo "$INGRESS_PORT"
echo $SECURE_INGRESS_PORT
export INGRESS_HOST=$(minikube ip)
echo "$INGRESS_HOST"
#192.168.49.2
minikube tunnel
kubectl get svc istio-ingressgateway -n istio-system
#支持外部负载均衡
# export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
# export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
# export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo "$GATEWAY_URL"
echo "http://$GATEWAY_URL/productpage"
#验证正确结果
curl -s http://${GATEWAY_URL}/productpage | grep -o "<title>.*</title>" #只输出部分
curl -s http://${GATEWAY_URL}/productpage #全部输出
curl -s http://192.168.49.2:31753/productpage | grep -o "<title>.*</title>"
#使用这个命令后
kubectl expose deployment/productpage-v1 --type="NodePort" --port=9080 --name=productpage-v1
curl -s http://192.168.49.2:32288/productpage | grep -o "<title>.*</title>"
# 这样也可以
kubectl expose deployment/productpage-v1 --type="NodePort" --port=9080 --name=productpage-v222
curl -s http://192.168.49.2:32299/productpage | grep -o "<title>.*</title>"
curl -s http://172.19.1.193:32133/productpage | grep -o "<title>.*</title>"
<<eof
#######################################结果这里所有都是多余的,只需要kubectl port-forward --address 0.0.0.0 service/productpage 7080:9080
##################自己猜的,竟然猜中了
kubectl get svc
kubectl delete svc productpage-v1
kubectl expose deployment/nginx --type="NodePort" --port=80 --name=nginx
kubectl expose deployment/ productpage-v1 –type=NodePort
kubectl expose deployment/productpage-v1 --type="NodePort" --port=9080 --name=productpage-v1
echo $(kubectl get ingress istio-system -n istio-system -o jsonpath='{..ip} {..host}') $(kubectl get ingress bookinfo -o jsonpath='{..host}')
kubectl expose deployment/productpage-v1 --type="NodePort" --port=9080 --name=productpage-v222
curl -s http://0.0.0.0:9080/productpage | grep -o "<title>.*</title>"
eof
kubectl port-forward --address 0.0.0.0 service/productpage 7080:9080
eval $(minikube docker-env)
eval $(minikube docker-env)
####证明这样是可以成功的
1、用doc用户进入minikube内使用docker玩。
2、pull 的时候加degist
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
export INGRESS_HOST=$(minikube ip)
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo "$GATEWAY_URL"
minikube ip #输出的就是192.168.49.2
# 那就变成了代理,minikube的IP了
curl -s http://localhost:20001/kiali
#设置nginx 正向代理
#kiali的配置:
# server {
# # 端口
# listen 8211;
# # 地址
# server_name localhost;
# # DNS解析地址
# resolver 8.8.8.8;
# # 代理参数
# location / {
# # $http_host就是我们要访问的主机名
# # $request_uri就是我们后面所加的参数
# proxy_pass http://localhost:20001;
# }
# }
<<eof 这些都是digest引起的试错
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner:v5 registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-minikube/storage-provisioner:v5
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.4 registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/metrics-scraper:v1.0.4@sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.1.0 registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
minikube cache add registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/metrics-scraper:v1.0.4@sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf
minikube cache add registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
minikube image load registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
wget https://raw.githubusercontent.com/doop-ymc/gcr/master/docker_tag.sh
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6 registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetesui/dashboard:v2.1.0@sha256:7f80b5ba141bead69c4fee8661464857af300d7d7ed0274cf7beecedc00322e6 (global image repository)
eof