部署metrics-server

https://cloud.tencent.com/developer/article/1773808

metrics.yaml

--kubelet-insecure-tls=True

cd /data/work
cat > proxy-client-csr.json <<EOF
{
  "CN": "aggregator",
  "hosts": [
    "127.0.0.1",
    "172.16.40.11",
    "172.16.40.12",
    "172.16.40.13",
    "172.16.40.101",
    "172.16.40.201",
    "10.255.0.1",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Guangdong",
      "L": "Shenzhen",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}

EOF

cfssl gencert  -profile=kubernetes  -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json  proxy-client-csr.json | cfssljson -bare proxy-client

cp -a proxy-client*.pem    /etc/kubernetes/ssl/



kube-apiserver.conf
 --enable-aggregator-routing=true \
 --runtime-config=api/all=true \
 --requestheader-allowed-names=aggregator \
 --requestheader-group-headers=X-Remote-Group \
 --requestheader-username-headers=X-Remote-User \
 --requestheader-extra-headers-prefix=X-Remote-Extra- \
 --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem \
 --proxy-client-cert-file=/etc/kubernetes/ssl/proxy-client.pem \
 --proxy-client-key-file=/etc/kubernetes/ssl/proxy-client-key.pem \

基础环境搭建

安装kubectl

搭建etcd集群

安装Kubernetes组件

基础环境部署

安装 containerd 容器运行时

安装kubuadm

使用 kubeadm 初始化集群

部署 calico 组件

部署k8s集群

安装Calico、helm、istio-base、istiod、gateway

部署bookinfo测试案例

部署可观测平台

实现金丝雀发布

部署metrics-server

https://cloud.tencent.com/developer/article/1773808