diff --git a/操作文档/1、K8S搭建/利用国内源搭建k8s集群.md b/操作文档/1、K8S搭建/搭建k8s集群.md similarity index 95% rename from 操作文档/1、K8S搭建/利用国内源搭建k8s集群.md rename to 操作文档/1、K8S搭建/搭建k8s集群.md index 921277cc..8b1aa7ec 100644 --- a/操作文档/1、K8S搭建/利用国内源搭建k8s集群.md +++ b/操作文档/1、K8S搭建/搭建k8s集群.md @@ -1,4 +1,4 @@ -## 利用国内源搭建$k8s$集群【版本 V1.29】 +## 搭建$k8s$集群【版本 V1.29】 ### 一、前期准备 @@ -649,7 +649,19 @@ curl 10.10.14.201:31129 -### 四、资料 +### 四、管理工具$kubepi$ + +``` +docker run --privileged -d --restart=unless-stopped -p 8888:80 1panel/kubepi + +# 用户名: admin +# 密码: kubepi + +cat ~/.kube/config | grep server: | awk '{print $2}' +https://10.10.14.200:6443 +``` + +### 五、资料 **KubePi 是一个现代化的 K8s 面板** diff --git a/操作文档/1、K8S搭建/配置文件/helm-v3.8.0-linux-amd64.tar.gz b/操作文档/1、K8S搭建/配置文件/helm-v3.8.0-linux-amd64.tar.gz new file mode 100644 index 00000000..65825fcf Binary files /dev/null and b/操作文档/1、K8S搭建/配置文件/helm-v3.8.0-linux-amd64.tar.gz differ diff --git a/操作文档/1、K8S搭建/配置文件/recommended.yaml b/操作文档/1、K8S搭建/配置文件/recommended.yaml new file mode 100644 index 00000000..fcc0e7bd --- /dev/null +++ b/操作文档/1、K8S搭建/配置文件/recommended.yaml @@ -0,0 +1,310 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + type: NodePort + ports: + - port: 443 + targetPort: 8443 + nodePort: 31111 + selector: + k8s-app: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-certs + namespace: kubernetes-dashboard +type: Opaque + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + spec: + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: kubernetes-dashboard + #image: kubernetesui/dashboard:v2.7.0 + image: registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.7.0 + imagePullPolicy: Always + ports: + - containerPort: 8443 + protocol: TCP + args: + - --auto-generate-certificates + - --namespace=kubernetes-dashboard + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + - name: kubernetes-dashboard-certs + mountPath: /certs + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + scheme: HTTPS + path: / + port: 8443 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + volumes: + - name: kubernetes-dashboard-certs + secret: + secretName: kubernetes-dashboard-certs + - name: tmp-volume + emptyDir: {} + serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + ports: + - port: 8000 + targetPort: 8000 + selector: + k8s-app: dashboard-metrics-scraper + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: dashboard-metrics-scraper + template: + metadata: + labels: + k8s-app: dashboard-metrics-scraper + spec: + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: dashboard-metrics-scraper + #image: kubernetesui/metrics-scraper:v1.0.8 + image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.8 + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + volumes: + - name: tmp-volume + emptyDir: {} diff --git a/操作文档/驿来特公众号配合基础数据需要做的修改工作.md b/操作文档/驿来特公众号配合基础数据需要做的修改工作.md new file mode 100644 index 00000000..8a91ce5d --- /dev/null +++ b/操作文档/驿来特公众号配合基础数据需要做的修改工作.md @@ -0,0 +1,34 @@ +### 修改内容 + +#### 1、人员数据表变更 + +- 现状:使用了驿来特数据库中t_operate_workers_info数据表来获取需要绑定微信open_id的人员 +- 修改:不再使用t_operate_workers_info表中的人员数据,需要与新增加的基础数据中人员t_sys_loginperson进行绑定 +- 同时,t_sys_loginperson表中,telephone字段需要修改为必填写项,否则无法实现原来功能的替换。t_sys_loginperson表中的wx_openid用来保存公众号open_id。 + +> **注**:需要前端配合修改手机号为必填写项,而且不能重复。 + + + +#### 2、菜单数据变更 + +- 现状:功能菜单是写死的3个,不能随数据而变化 +- 修改:需要根据基础数据表中的接口数据组织菜单 + +> **注**:需要根据当前人员的角色信息,返回菜单数据,前端根据数据进行页面制作 + + + +#### 3、安全检查变更 + +- 现状:微信公众号的所有接口,没有进行安全方面的校验.并且,现在后端不知道当前的操作人员是谁 +- 修改:需要根据登录人员的jwt或者open_id进行人员的身份校验,可以随时获取到当前人员是谁。 + +> **注**:后端准备使用 **类似** 于gw-charge中jwt的代码,实现一个公众号自己的jwt(当然,后期也可能修改为与小程序共享同一个jwt,但肯定不能是全局统一的jwt,因为小程序网关与后台网关使用JWT也不一样),在用户进入公众号管理界面时提供给前端,前端一直保持并且每次发起接口访问时都需要进行携带。 + + + +#### 4、数据权限功能增加 + +- 原来没有数据权限的概念,需要增加上,为以后的功能接口做准备。 +