Microk8s参考
URL: https://github.com/canonical/microk8s
添加镜像加速
/var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml
1
2
3
| server = "https://hub.x.xwnlearn.cn:4430"
[host."https://hub.x.xwnlearn.cn:4430"]
capabilities = ["pull", "resolve"]
|
/var/snap/microk8s/current/args/certs.d/gcr.io/hosts.toml
1
2
3
| server = "https://gcr.x.xwnlearn.cn:4430"
[host."https://gcr.x.xwnlearn.cn:4430"]
capabilities = ["pull", "resolve"]
|
/var/snap/microk8s/current/args/certs.d/registry.k8s.io/hosts.toml
1
2
3
| server = "https://registry-k8s.x.xwnlearn.cn:4430"
[host."https://registry-k8s.x.xwnlearn.cn:4430"]
capabilities = ["pull", "resolve"]
|
配置完毕重启服务 microk8s stop && microk8s start
镜像加速参考:https://github.com/dqzboy/Docker-Proxy
配置ALB(可选)
microk8s enable metallb:10.10.1.50-10.10.1.100
kubeflow
nfs sc
参考:https://microk8s.io/docs/how-to-nfs
nfs 配置
1
| /data/nfs 10.10.1.0/24(no_root_squash,rw,async,no_wdelay,all_squash,insecure_locks,sec=sys,anonuid=1024,anongid=100)
|
创建sc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| # sc-nfs.yaml
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi
provisioner: nfs.csi.k8s.io
parameters:
server: 10.10.1.49
share: /data/nfs
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- hard
- nfsvers=4.1
|
配置为默认sc
1
| kubectl patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
|
配置访问kuboflow
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| apiVersion: v1
kind: Service
metadata:
labels:
app: istio-ingressgateway-alb
install.operator.istio.io/owning-resource: unknown
istio: ingressgateway
istio.io/rev: default
operator.istio.io/component: IngressGateways
release: istio
name: istio-ingressgateway-alb
namespace: istio-system
spec:
ports:
- name: http2
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8443
selector:
app: istio-ingressgateway
istio: ingressgateway
sessionAffinity: None
type: LoadBalancer
|
kubeflow 多用户管理
URL: https://www.kubeflow.org/docs/components/central-dash/profiles/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| apiVersion: kubeflow.org/v1
kind: Profile
metadata:
## the profile name will be the namespace name
## WARNING: unexpected behavior may occur if the namespace already exists
name: kubeflow-xwn
spec:
## the owner of the profile
## NOTE: you may wish to make a global super-admin the owner of all profiles
## and only give end-users view or modify access to profiles to prevent
## them from adding/removing contributors
owner:
kind: User
name: admin@xwn.com
## plugins extend the functionality of the profile
## https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller#plugins
plugins: []
## optionally create a ResourceQuota for the profile
## https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller#resourcequotaspec
## https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/resource-quota-v1/#ResourceQuotaSpec
resourceQuotaSpec: {}
|
修改dex configmap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| issuer: http://dex.auth.svc.cluster.local:5556/dex
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
logger:
level: "debug"
format: text
oauth2:
skipApprovalScreen: true
enablePasswordDB: true
staticPasswords:
- email: user@example.com
hashFromEnv: DEX_USER_PASSWORD
username: user
userID: "15841185641784"
- email: admin@xwn.com
username: kubeflow-xwn
hash: $2y$12$hkOxzqRhFPB.5nkF8LDo3Og8zTndN1hriMThfN6ndIp0oSeBVGdZi
- email: admin@admin.com
username: kubeflow-admin
hash: $2y$12$hkOxzqRhFPB.5nkF8LDo3Og8zTndN1hriMThfN6ndIp0oSeBVGdZi
staticClients:
# https://github.com/dexidp/dex/pull/1664
- idEnv: OIDC_CLIENT_ID
redirectURIs: ["/oauth2/callback"]
name: 'Dex Login Application'
secretEnv: OIDC_CLIENT_SECRET
|
重启dex服务