metrics-server 使用ssl外部证书
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了metrics-server 使用ssl外部证书相关的知识,希望对你有一定的参考价值。
1、说明简单部署参考https://blog.51cto.com/juestnow/24098802、创建metrics-server 证书
cat << EOF | tee /apps/work/k8s/cfssl/k8s/metrics-server.json
"CN": "metrics-server",
"key":
"algo": "rsa",
"size": 2048
,
"names": [
"C": "CN",
"ST": "GuangDong",
"L": "GuangZhou",
"O": "niuke",
"OU": "niuke"
]
EOF
### 生成证书
cfssl gencert -ca=/apps/work/k8s/cfssl/pki/k8s/k8s-ca.pem -ca-key=/apps/work/k8s/cfssl/pki/k8s/k8s-ca-key.pem -config=/apps/work/k8s/cfssl/ca-config.json -profile=kubernetes /apps/work/k8s/cfssl/k8s/metrics-server.json | cfssljson -bare ./metrics-server
### 创建secret
kubectl -n kube-system create secret generic metrics-server-certs --from-file=metrics-server-key.pem --from-file=metrics-server.pem
kubectl get secret -n kube-system | grep metrics-server-certs
kubectl get secret metrics-server-certs -n kube-system -o yaml3、修改metrics-server-deployment
vi metrics-server-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
tolerations:
- effect: NoSchedule
key: node.kubernetes.io/unschedulable
operator: Exists
- key: NoSchedule
operator: Exists
effect: NoSchedule
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir:
- name: metrics-server-certs
secret:
secretName: metrics-server-certs
containers:
- name: metrics-server
image: juestnow/metrics-server-amd64:v0.3.3
imagePullPolicy: Always
command:
- /metrics-server
- --tls-cert-file=/certs/metrics-server.pem
- --tls-private-key-file=/certs/metrics-server-key.pem
- --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP
volumeMounts:
- name: tmp-dir
mountPath: /tmp
- name: metrics-server-certs
mountPath: /certs
nodeSelector:
metrics: "yes"4、执行yaml
kubectl apply -f metrics-server-deployment.yaml5、查看metrics-server 状态
[[email protected] vpa]# kubectl get pod -n kube-system | grep metrics-server
metrics-server-658bb99b66-z6xg4 1/1 Running 0 22h
kubectl get pod metrics-server-658bb99b66-z6xg4 -n kube-system -o yaml
查看内容是否改变或者打开dashboard
查看services
[[email protected] vpa]# kubectl get service -n kube-system | grep metrics-server
metrics-server ClusterIP 10.64.53.220 <none> 443/TCP 45d
https://10.64.53.220 
正常打开获取api地址
metrics-server 自签名证书部署完成 建议在生产环境使用
以上是关于metrics-server 使用ssl外部证书的主要内容,如果未能解决你的问题,请参考以下文章
Exchange2016多租户方式单SSL证书登录外部客户端登录