-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
165 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,165 @@ | ||
| --- | ||
| title: "使用 shipwright 在 Kubernetes 上构建容器镜像" | ||
| description: "Shipwright 是一个可扩展的框架,用来在 Kubernetes 上构建容器镜像" | ||
| author: 马景贺(小马哥) | ||
| categories: ["Security"] | ||
| tags: ["Cloud Native","container image"] | ||
| date: 2021-11-16T13:05:42+08:00 | ||
| type: "post" | ||
| --- | ||
|
|
||
|
|
||
| ## k3s 的安装 | ||
|
|
||
| 执行如下命令安装 k3s: | ||
|
|
||
| ``` | ||
| curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh - | ||
| [INFO] Finding release for channel stable | ||
| [INFO] Using v1.28.5+k3s1 as release | ||
| [INFO] Downloading hash rancher-mirror.rancher.cn/k3s/v1.28.5-k3s1/sha256sum-amd64.txt | ||
| [INFO] Downloading binary rancher-mirror.rancher.cn/k3s/v1.28.5-k3s1/k3s | ||
| [INFO] Verifying binary download | ||
| [INFO] Installing k3s to /usr/local/bin/k3s | ||
| [INFO] Skipping installation of SELinux RPM | ||
| [INFO] Creating /usr/local/bin/kubectl symlink to k3s | ||
| [INFO] Creating /usr/local/bin/crictl symlink to k3s | ||
| [INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr | ||
| [INFO] Creating killall script /usr/local/bin/k3s-killall.sh | ||
| [INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh | ||
| [INFO] env: Creating environment file /etc/systemd/system/k3s.service.env | ||
| [INFO] systemd: Creating service file /etc/systemd/system/k3s.service | ||
| sh: 1014: restorecon: not found | ||
| sh: 1015: restorecon: not found | ||
| [INFO] systemd: Enabling k3s unit | ||
| Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service. | ||
| [INFO] systemd: Starting k3s | ||
| ``` | ||
| 查看 k3s 是否安装成功: | ||
|
|
||
| ``` | ||
| #查看 k3s 版本 | ||
| k3s --version | ||
| k3s version v1.28.5+k3s1 (5b2d1271) | ||
| go version go1.20.12 | ||
| # 查看 k3s 集群 | ||
| kubectl get nodes | ||
| NAME STATUS ROLES AGE VERSION | ||
| vm-0-12-ubuntu Ready control-plane,master 38s v1.28.5+k3s1 | ||
| ``` | ||
|
|
||
|
|
||
|
|
||
|
|
||
| ## 安装 cert-manager | ||
|
|
||
| ``` | ||
| customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created | ||
| customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created | ||
| customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created | ||
| customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created | ||
| customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created | ||
| customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created | ||
| namespace/cert-manager created | ||
| serviceaccount/cert-manager-cainjector created | ||
| serviceaccount/cert-manager created | ||
| serviceaccount/cert-manager-webhook created | ||
| configmap/cert-manager-webhook created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-view created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-edit created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created | ||
| clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created | ||
| clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created | ||
| role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created | ||
| role.rbac.authorization.k8s.io/cert-manager:leaderelection created | ||
| role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created | ||
| rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created | ||
| rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created | ||
| rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created | ||
| service/cert-manager created | ||
| service/cert-manager-webhook created | ||
| deployment.apps/cert-manager-cainjector created | ||
| deployment.apps/cert-manager created | ||
| deployment.apps/cert-manager-webhook created | ||
| mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created | ||
| validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created | ||
| ``` | ||
|
|
||
|
|
||
|
|
||
| ## 安装 Operator Lifecycle Manager | ||
|
|
||
| ``` | ||
| $ curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.26.0/install.sh | bash -s v0.26.0 | ||
| customresourcedefinition.apiextensions.k8s.io/catalogsources.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/clusterserviceversions.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/installplans.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/olmconfigs.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/operatorconditions.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/operatorgroups.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/operators.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/subscriptions.operators.coreos.com created | ||
| customresourcedefinition.apiextensions.k8s.io/catalogsources.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/clusterserviceversions.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/installplans.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/olmconfigs.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/operatorconditions.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/operatorgroups.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/operators.operators.coreos.com condition met | ||
| customresourcedefinition.apiextensions.k8s.io/subscriptions.operators.coreos.com condition met | ||
| namespace/olm created | ||
| namespace/operators created | ||
| serviceaccount/olm-operator-serviceaccount created | ||
| clusterrole.rbac.authorization.k8s.io/system:controller:operator-lifecycle-manager created | ||
| clusterrolebinding.rbac.authorization.k8s.io/olm-operator-binding-olm created | ||
| olmconfig.operators.coreos.com/cluster created | ||
| deployment.apps/olm-operator created | ||
| deployment.apps/catalog-operator created | ||
| clusterrole.rbac.authorization.k8s.io/aggregate-olm-edit created | ||
| clusterrole.rbac.authorization.k8s.io/aggregate-olm-view created | ||
| operatorgroup.operators.coreos.com/global-operators created | ||
| operatorgroup.operators.coreos.com/olm-operators created | ||
| clusterserviceversion.operators.coreos.com/packageserver created | ||
| catalogsource.operators.coreos.com/operatorhubio-catalog created | ||
| Waiting for deployment "olm-operator" rollout to finish: 0 of 1 updated replicas are available... | ||
| deployment "olm-operator" successfully rolled out | ||
| deployment "catalog-operator" successfully rolled out | ||
| Package server phase: Installing | ||
| Package server phase: Succeeded | ||
| deployment "packageserver" successfully rolled out | ||
| ``` | ||
|
|
||
|
|
||
| ## Install Operator | ||
|
|
||
| ``` | ||
| $ kubectl create -f https://operatorhub.io/install/stable/gitlab-runner-operator.yaml | ||
| subscription.operators.coreos.com/my-gitlab-runner-operator created | ||
| ``` | ||
|
|
||
| ## 查看安装的 operator | ||
|
|
||
| ``` | ||
| $ kubectl get csv -n operators | ||
| NAME DISPLAY VERSION REPLACES PHASE | ||
| gitlab-runner-operator.v1.15.1 GitLab Runner 1.15.1 gitlab-runner-operator.v1.15.0 Succeeded | ||
| ``` |