diff --git a/KubeGems/KubeGems连接Kubernetes.md b/KubeGems/KubeGems连接Kubernetes.md
new file mode 100644
index 0000000..dac3032
--- /dev/null
+++ b/KubeGems/KubeGems连接Kubernetes.md
@@ -0,0 +1,773 @@
+KubeGems连接Kubernetes
+
+------
+
+**作者:行癫<盗版必究>**
+
+## 一:Kubernetes集群部署
+
+#### 1.kubernetes环境
+
+ kubernetes高可用集群
+
+ kubernetes非高可用集群
+
+#### 2.kubernetes验证
+
+```shell
+[root@master ~]# kubectl get node
+NAME STATUS ROLES AGE VERSION
+master Ready control-plane,master 124d v1.25.1
+node-1 Ready 124d v1.25.1
+node-2 Ready 124d v1.25.1
+node-3 Ready 124d v1.25.1
+```
+
+## 二:KubeGems部署
+
+ KubeGems部署需要基于Kubernetes集群的环境,高可用集群和非高可用集群均可,在这里基于非高可用集群部署
+
+ kubernetes 1.20 及以上版本( 1.23+最佳 )
+
+#### 1.核心组件
+
+| 名称 | 描述 |
+| :------------------: | :---------------------------------------------------------: |
+| `kubegems-installer` | kubegems 安装程序,安装 kubegems 组件及依赖组件 |
+| `kubegems` | kubegems 核心组件,包含 UI 界面及相关 API 服务 |
+| `kubegems-local` | kubegems 边缘组件,安装在托管集群上,获取集群信息和执行操作 |
+
+#### 2.部署kubegems-installer
+
+ installer 是用于安装 kubegems 主要组件和插件的控制器
+
+```shell
+[root@master ~]# kubectl create namespace kubegems-installer
+[root@master ~]# kubectl apply -f https://github.com/kubegems/kubegems/raw/main/deploy/installer.yaml
+[root@master ~]# vi installer.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.0
+ meta.helm.sh/release-name: kubegems-installer
+ meta.helm.sh/release-namespace: kubegems-installer
+ creationTimestamp: null
+ name: plugins.plugins.kubegems.io
+spec:
+ group: plugins.kubegems.io
+ names:
+ kind: Plugin
+ listKind: PluginList
+ plural: plugins
+ singular: plugin
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Kind of the bundle
+ jsonPath: .spec.kind
+ name: Kind
+ type: string
+ - description: Status of the bundle
+ jsonPath: .status.phase
+ name: Status
+ type: string
+ - description: Install Namespace of the bundle
+ jsonPath: .status.namespace
+ name: Namespace
+ type: string
+ - description: Version of the bundle
+ jsonPath: .status.version
+ name: Version
+ type: string
+ - description: app version of the bundle
+ jsonPath: .status.appVersion
+ name: AppVersion
+ type: string
+ - description: UpgradeTimestamp of the bundle
+ jsonPath: .status.upgradeTimestamp
+ name: UpgradeTimestamp
+ type: date
+ - description: CreationTimestamp of the bundle
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ chart:
+ description: Chart is the name of the chart to install.
+ type: string
+ dependencies:
+ description: Dependencies is a list of bundles that this bundle depends
+ on. The bundle will be installed after all dependencies are exists.
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2. Invalid
+ usage help. It is impossible to add specific help for individual
+ usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described when
+ embedded. 3. Inconsistent validation. Because the usages are
+ different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual struct
+ is irrelevant. 5. We cannot easily change it. Because this type
+ is embedded in many locations, updates to this type will affect
+ numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ disabled:
+ description: Disabled indicates that the bundle should not be installed.
+ type: boolean
+ installNamespace:
+ description: InstallNamespace is the namespace to install the bundle
+ into. If not specified, the bundle will be installed into the namespace
+ of the bundle.
+ type: string
+ kind:
+ description: Kind bundle kind.
+ enum:
+ - helm
+ - kustomize
+ - template
+ type: string
+ path:
+ description: Path is the path in a tarball to the chart/kustomize.
+ type: string
+ url:
+ description: URL is the URL of helm repository, git clone url, tarball
+ url, s3 url, etc.
+ type: string
+ values:
+ description: Values is a nested map of helm values.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFrom:
+ description: ValuesFiles is a list of references to helm values files.
+ Ref can be a configmap or secret.
+ items:
+ properties:
+ kind:
+ description: Kind is the type of resource being referenced
+ enum:
+ - ConfigMap
+ - Secret
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ optional:
+ description: Optional set to true to ignore referense not found
+ error
+ type: boolean
+ prefix:
+ description: An optional identifier to prepend to each key in
+ the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ version:
+ description: Version is the version of helm chart, git revision, etc.
+ type: string
+ type: object
+ status:
+ properties:
+ appVersion:
+ description: AppVersion is the app version of the bundle.
+ type: string
+ creationTimestamp:
+ description: CreationTimestamp is the first creation timestamp of
+ the bundle.
+ format: date-time
+ type: string
+ message:
+ description: Message is the message associated with the status In
+ helm, it's the notes contens.
+ type: string
+ namespace:
+ description: Namespace is the namespace where the bundle is installed.
+ type: string
+ phase:
+ description: Phase is the current state of the release
+ type: string
+ resources:
+ description: Resources is a list of resources created/managed by the
+ bundle.
+ items:
+ description: 'ObjectReference contains enough information to let
+ you inspect or modify the referred object. --- New uses of this
+ type are discouraged because of difficulty describing its usage
+ when embedded in APIs. 1. Ignored fields. It includes many fields
+ which are not generally honored. For instance, ResourceVersion
+ and FieldPath are both very rarely valid in actual usage. 2. Invalid
+ usage help. It is impossible to add specific help for individual
+ usage. In most embedded usages, there are particular restrictions
+ like, "must refer only to types A and B" or "UID not honored"
+ or "name must be restricted". Those cannot be well described when
+ embedded. 3. Inconsistent validation. Because the usages are
+ different, the validation rules are different by usage, which
+ makes it hard for users to predict what will happen. 4. The fields
+ are both imprecise and overly precise. Kind is not a precise
+ mapping to a URL. This can produce ambiguity during interpretation
+ and require a REST mapping. In most cases, the dependency is
+ on the group,resource tuple and the version of the actual struct
+ is irrelevant. 5. We cannot easily change it. Because this type
+ is embedded in many locations, updates to this type will affect
+ numerous schemas. Don''t make new APIs embed an underspecified
+ API type they do not control. Instead of using this type, create
+ a locally provided and used type that is well-focused on your
+ reference. For example, ServiceReferences for admission registration:
+ https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead of
+ an entire object, this string should contain a valid JSON/Go
+ field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container within
+ a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that triggered
+ the event) or if no container name is specified "spec.containers[2]"
+ (container with index 2 in this pod). This syntax is chosen
+ only to have some well-defined way of referencing a part of
+ an object. TODO: this design is not final and this field is
+ subject to change in the future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ upgradeTimestamp:
+ description: UpgradeTimestamp is the time when the bundle was last
+ upgraded.
+ format: date-time
+ type: string
+ values:
+ description: Values is a nested map of final helm values.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ version:
+ description: Version is the version of the bundle. In helm, Version
+ is the version of the chart.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ meta.helm.sh/release-name: kubegems-installer
+ meta.helm.sh/release-namespace: kubegems-installer
+ labels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kubegems-installer
+ helm.sh/chart: kubegems-installer-1.21.0
+ name: kubegems-installer
+ namespace: kubegems-installer
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ annotations:
+ meta.helm.sh/release-name: kubegems-installer
+ meta.helm.sh/release-namespace: kubegems-installer
+ labels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kubegems-installer
+ helm.sh/chart: kubegems-installer-1.21.0
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ name: kubegems-installer-view
+rules:
+- apiGroups:
+ - plugins.kubegems.io
+ resources:
+ - plugins
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ annotations:
+ meta.helm.sh/release-name: kubegems-installer
+ meta.helm.sh/release-namespace: kubegems-installer
+ labels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kubegems-installer
+ helm.sh/chart: kubegems-installer-1.21.0
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ name: kubegems-installer-edit
+rules:
+- apiGroups:
+ - plugins.kubegems.io
+ resources:
+ - plugins
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ annotations:
+ meta.helm.sh/release-name: kubegems-installer
+ meta.helm.sh/release-namespace: kubegems-installer
+ labels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kubegems-installer
+ helm.sh/chart: kubegems-installer-1.21.0
+ name: kubegems-installer
+ namespace: kubegems-installer
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: kubegems-installer
+ namespace: kubegems-installer
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ annotations:
+ meta.helm.sh/release-name: kubegems-installer
+ meta.helm.sh/release-namespace: kubegems-installer
+ labels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kubegems-installer
+ helm.sh/chart: kubegems-installer-1.21.0
+ name: kubegems-installer
+ namespace: kubegems-installer
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/name: kubegems-installer
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: installer
+ app.kubernetes.io/instance: kubegems-installer
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: kubegems-installer
+ helm.sh/chart: kubegems-installer-1.21.0
+ spec:
+ containers:
+ - args:
+ - installer
+ - --enableleaderelection
+ - --probeaddr=:8080
+ - --metricsaddr=:9100
+ env:
+ - name: LOG_LEVEL
+ value: debug
+ image: docker.io/kubegems/kubegems:latest
+ imagePullPolicy: IfNotPresent
+ livenessProbe:
+ failureThreshold: 6
+ httpGet:
+ path: /healthz
+ port: probe
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ name: installer
+ ports:
+ - containerPort: 8080
+ name: probe
+ protocol: TCP
+ - containerPort: 9100
+ name: metrics
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 6
+ httpGet:
+ path: /healthz
+ port: probe
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ resources:
+ limits: {}
+ requests: {}
+ serviceAccountName: kubegems-installer
+```
+
+ 验证
+
+```shell
+[root@master ~]# kubectl -n kubegems-installer get po
+NAME READY STATUS RESTARTS AGE
+kubegems-installer-757d4c64db-cf2x2 1/1 Running 0 20m
+```
+
+#### 2.安装local-path-provisioner
+
+ kubegems 需要持久化一些重要数据,安装local-path-provisioner
+
+```shell
+[root@master ~]# kubectl create namespace local-path-storage
+[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/kubegems/kubegems/main/deploy/addon-local-path-provisioner.yaml
+[root@master kubegems]# vi addon-local-path-provisioner.yaml
+# https://github.com/rancher/local-path-provisioner/tree/master/deploy/chart
+apiVersion: plugins.kubegems.io/v1beta1
+kind: Plugin
+metadata:
+ name: local-path-provisioner
+ namespace: local-path-storage
+spec:
+ kind: helm
+ url: https://github.com/rancher/local-path-provisioner/archive/refs/tags/v0.0.22.tar.gz
+ path: local-path-provisioner-0.0.22/deploy/chart/local-path-provisioner
+ version: 0.0.22
+ values:
+ storageClass:
+ defaultClass: true
+ provisionerName: rancher.io/local-path
+ nodePathMap:
+ - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
+ paths:
+ - /data
+```
+
+#### 3.部署 kubegems
+
+```shell
+[root@master ~]# kubectl create namespace kubegems
+[root@master ~]# export STORAGE_CLASS=local-path # 改为您使用的 storageClass
+[root@master ~]# export KUBEGEMS_VERSION=v1.21.1 # change to specify kubegems version
+[root@master ~]# wget https://raw.githubusercontent.com/kubegems/kubegems/main/deploy/kubegems-mirror.yaml
+apiVersion: plugins.kubegems.io/v1beta1
+kind: Plugin
+metadata:
+ name: kubegems
+ namespace: kubegems
+spec:
+ kind: helm
+ url: https://charts.kubegems.io/kubegems
+ values:
+ global:
+ imageRegistry: registry.cn-beijing.aliyuncs.com
+ kubegemsVersion: latest
+ storageClass: local-path # change me to use a production storage class
+ mysql:
+ image:
+ repository: kubegems/mysql
+ persistence:
+ enabled: true
+ size: 20Gi
+ redis:
+ image:
+ repository: kubegems/redis
+ master:
+ persistence:
+ enabled: true
+ size: 5Gi
+ volumePermissions:
+ enabled: true
+ image:
+ repository: kubegems/bitnami-shell
+ argo-cd:
+ image:
+ repository: kubegems/argo-cd
+ redis:
+ image:
+ repository: kubegems/redis
+ gitea:
+ image:
+ repository: kubegems/gitea
+ persistence:
+ enabled: true
+ size: 10Gi
+ chartmuseum:
+ image:
+ repository: kubegems/chartmuseum
+ persistence:
+ enabled: true
+ size: 5Gi
+ ingress:
+ hostname: dashboard.kubegems.io
+[root@master ~]# sed -i -e "s/local-path/${STORAGE_CLASS}/g" -e "s/latest/${KUBEGEMS_VERSION}/g" kubegems-mirror.yaml
+[root@master ~]# kubectl create -f kubegems-mirror.yaml
+```
+
+ 验证
+
+```shell
+[root@master ~]# kubectl -n kubegems get pod
+NAME READY STATUS RESTARTS AGE
+kubegems-api-7856cddc86-zxf2m 1/1 Running 6 (148m ago) 152m
+kubegems-argo-cd-app-controller-57c756777c-qgtkb 1/1 Running 0 152m
+kubegems-argo-cd-repo-server-84bc9df4cd-cvhmk 1/1 Running 0 152m
+kubegems-argo-cd-server-58d6ccc99-mqb4k 1/1 Running 0 152m
+kubegems-chartmuseum-74d498759c-rl49v 1/1 Running 0 152m
+kubegems-charts-init-v1.21.1-2tn8s 0/1 Completed 0 152m
+kubegems-dashboard-777875598f-7pfvx 1/1 Running 0 152m
+kubegems-gitea-0 1/1 Running 0 152m
+kubegems-init-v1.21.1-gpvrw 0/1 Completed 5 152m
+kubegems-msgbus-7c6c4c66c-kq8xw 1/1 Running 6 (148m ago) 152m
+kubegems-mysql-0 1/1 Running 0 152m
+kubegems-redis-master-0 1/1 Running 0 136m
+kubegems-worker-85c8d75ff7-2b7rr 1/1 Running 6 (148m ago) 152m
+```
+
+#### 4.访问kubegems仪表板
+
+ 你需要编辑kubegems插件,为dashbnoard组件开启nodeport:
+
+```shell
+[root@master ~]# kubectl -n kubegems edit plugins.plugins.kubegems.io kubegems
+只添加nodeport
+apiVersion: plugins.kubegems.io/v1beta1
+kind: Plugin
+metadata:
+spec:
+ kind: helm
+ url: https://charts.kubegems.io/kubegems
+ values:
+ dashboard:
+ service:
+ type: NodePort
+ global:
+ kubegemsVersion: v1.21.1
+ storageClass: local-path
+ ingress:
+ hostname: dashboard.kubegems.io
+```
+
+ 使用 ingress 或其他方式访问
+
+注意:
+
+ kubegems 默认创建了 hostname 为 `dashboard.kubegems.io` 的 ingress, 同时默认绑定了 `default-gateway`的`ingressClass`。 如果您想更改为其他域名,或者绑定到其他网关可以编辑kubegems插件
+
+ `default-gateway`是平台默认网关,要使用它,你需要启用`网关-gateway`插件
+
+```shell
+[root@master ~]# kubectl -n kubegems edit plugins.plugins.kubegems.io kubegems
+apiVersion: plugins.kubegems.io/v1beta1
+kind: Plugin
+metadata:
+spec:
+ kind: helm
+ url: https://charts.kubegems.io/kubegems
+ values:
+ global:
+ kubegemsVersion: v1.21.1
+ storageClass: local-path
+ ingress:
+ hostname: dashboard.kubegems.io
+ ingressClassName: default-gateway
+```
+
+ 获取 ingress 访问地址
+
+```shell
+[root@master ~]# PORT=$(kubectl -n kubegems-gateway get svc default-gateway -ojsonpath='{.spec.ports[0].nodePort}')
+[root@master ~]# ADDRESS=$(kubectl -n kubegems get ingress kubegems -ojsonpath='{.spec.rules[*].host}')
+[root@master ~]# echo http://$ADDRESS:$PORT
+```
+
+#### 5.浏览器访问
+
+ 用户:admin
+
+ 密码:demo!@#admin
+
+```shell
+[root@master ~]# kubectl get svc -n kubegems | grep dashboard
+kubegems-dashboard NodePort 10.103.140.101 80:32317/TCP,9100:30420/TCP 173m
+```
+
+
+
+## 三:连接Kubernetes集群
+
+#### 1.获取集群kubeconfig
+
+ 获取current-context(clusters.cluster.name)
+
+```shell
+[root@master ~]# CURRENT_CONTEXT=`kubectl config current-context`
+```
+
+ 获取current-cluster
+
+```shell
+[root@master ~]# CURRENT_CLUSTER=`kubectl config view --raw -o=go-template='{{range .contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context "cluster" }}{{end}}{{end}}'`
+```
+
+ 获取certificate-authority-data
+
+```shell
+[root@master ~]# certificate-authority-data=`kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster "certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')`
+```
+
+ 用户:dashboard-admin;获取token
+
+```shell
+[root@master ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}'
+```
+
+ kubeconfig文件创建
+
+```shell
+[root@master ~]# cat kubeconfig
+apiVersion: v1
+clusters:
+- cluster:
+ certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EUXlOakUwTXpjME1Wb1hEVE15TURReU16RTBNemMwTVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUdZCkVpaTM5Y1ZFWjZvK3FvZmNnb2ErL0phb0M3NkkwbnJOS2gwR3NMZjRqVExxdm0vREl2QXNaOHlFQ2RUK0E0bVIKbnArZ0Fmbit2UkdiUXpRdVdKT21jUXF3cWowK0p1WUN2Z0hoSjZrQ2s0YUZCaTd2bWErbnFBOFZ6ZkhYeldMWApqcGhOMVluS2c2UThDdGdPVzh6cGxzSEg4VU0xaHRqTmVuYkM0WkRtMm5BRHBqT3plRVlzQldGY0lHTGV5THZBCjBXb3Z3Z0ZJYldONjhQaW02V3pDYVpCOTljN0VMVGl5aDJsOUVZYzArdlR4K24rcTdpd0c3U1BLSmIwTzVWa3gKeUNqK2s2eDVjRklkLzl1dmZJNGs3bk5aS1pQeU1oY2JhdEpBb3J5Y0xHYVQybTA3TW9LTTkzZmZkbWd1VW0xRwo5bWZBSHNYLzV3TEF6T3hzMmU4Q0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZJUFJsR1NOb3kxUzhubmpmVVV5QzJjK0JMQVRNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRjA1NTg5Mk8wa0J0dnhvKzlSUwppZ1BNNVRUWEg4VHo0eHh2SlFwbytVY09ZSVZvc2xScGE3ZWlxWi9qd3V5bW9TaDRVeGxBVVBMVFlpa0VxQ01hClF0MHpBTmY5NUJ6eDJhbFhkSFViMVRLN1JkZXE4NjFMSCs4UUxnVlFzSEpCWHRja3FxcFgrWEhaWkU4SkQwYmQKZmhXd3JHSitJTTRVbW1sQ1ZaaGhTNDMyUUtTNFkyNzFuTGtUeXdTQ29HMnpKUGtRUVo4eVJsNG1HWk01VGM3Rwp1bmEySGtJVmhFWk85czNYYW5FSnZjZFQ4ajgyQVpYN2NlZWowdTRHN3pIVjhhUitwUGtFMW0wTXJmQUF4UE9PCjg0Y0hqdW1uRVNIL1NBWVE0NWtsRnlJM0RObDM4RHBGRE12eGgvMXpOQkE5d3cxdEJFQlc4ZnowSzZpVTBhZncKRURzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ server: https://10.0.0.220:6443
+ name: kubernetes-admin@kubernetes
+contexts:
+- context:
+ cluster: kubernetes-admin@kubernetes
+ user: dashboard-admin
+ name: kubernetes-admin@kubernetes
+current-context: kubernetes-admin@kubernetes
+kind: Config
+preferences: {}
+users:
+- name: dashboard-admin
+ user:
+ token: eyJhbGciOiJSUzI1NiIsImtpZCI6InFsRE1GQi1KQnZsZHpUOGZ4WGc1dlU1UHg3UGVrcC02TUNyYmZWcHhFZ3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4teGxoenIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTM4ZThjZTMtODQ4ZS00ZDk0LWFiY2YtNGQ4MjRkZWViNjk3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.anEX2MBlIo0lKQCGOsl3oZKBQkYujg6twLoO8hbWLAVp3xveAgpt6nW-_FrkG0yy9tIyXa6lpvu-c99ueB4KvKrIF0vJggWT3fU73u75iIwTbqDSghWy_BRFjt9NYuUFL4Mu-sPqra0ELgxYIGSEVuQwmZ8qOFjrQQQ2pKjxt8SsUHGLW-9FgmSgZTHPvZKFnU2V23BC2n_vowff63PF6kfnj1bNzV3Z1YCzgZOdy3jKM6sNKSI3dbcHiJpv5p7XF18qvuSZMJ9tMU4vSwzkQ_OLxsdNYwwD_YfRhua6f0kgWO23Z0lBTRLInejssdIQ31yewg9Eoqv4DhN1jZqhOw
+```
+
+2.KubeGems连接
+
+
+
+
+
+
+
+
+
+
+
+
+
+#### 2.查看kubernetes节点
+
+
+
+#### 3.查看资源概览
+
+
+
+#### 4.组件管理
+
+
\ No newline at end of file