GITHUB地址->https://github.com/zhtest000/cert-manager-webhook-antsdns
1 如果没有docker , install docker
curl -fsSL https://get.docker.com/ | sh sudo systemctl start docker sudo systemctl start docker.service systemctl enable docker docker version
2 install kubectl
注意版本
cd /usr/src curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.8/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl
3 install minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube
4 start minikube
>vm: minikube start --vm-driver=none --kubernetes-version=v1.23.8 --image-mirror-country=cn --extra-config=kubelet.cgroup-driver=systemd --force >os >minikube start --driver=docker --container-runtime=containerd --kubernetes-version=v1.23.8 --image-mirror-country=cn --extra-config=kubelet.cgroup-driver=systemd --force >
5 查看pods
minikube status minikube kubectl -- get pods -A
6 install cert-manager
正常 #kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml 国内需要用https://gh.api.99988866.xyz/镜像
kubectl apply -f https://gh.api.99988866.xyz/https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml minikube kubectl -- get pods -A
[root@control-plane ~]# minikube status minikube type: Control Plane host: Running kubelet: Running apiserver: Running kubeconfig: Configured [root@control-plane ~]# minikube kubectl -- get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE cert-manager cert-manager-b4b465456-rh464 1/1 Running 1 6h8m cert-manager cert-manager-cainjector-64d74f9c8f-nz699 1/1 Running 2 6h8m cert-manager cert-manager-webhook-66fff58cdf-b5hmw 1/1 Running 2 6h8m kube-system coredns-65c54cc984-x9llv 1/1 Running 1 6h10m kube-system etcd-control-plane.minikube.internal 1/1 Running 5 6h10m kube-system kube-apiserver-control-plane.minikube.internal 1/1 Running 4 6h10m kube-system kube-controller-manager-control-plane.minikube.internal 1/1 Running 4 6h10m kube-system kube-proxy-45xqz 1/1 Running 1 6h10m kube-system kube-scheduler-control-plane.minikube.internal 1/1 Running 4 6h10m kube-system storage-provisioner 1/1 Running 2 6h10m
[root@control-plane ~]# minikube kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.8", GitCommit:"a12b886b1da059e0190c54d09c5eab5219dd7acf", GitTreeState:"clean", BuildDate:"2022-06-16T05:57:43Z", GoVersion:"go1.17.11", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.8", GitCommit:"a12b886b1da059e0190c54d09c5eab5219dd7acf", GitTreeState:"clean", BuildDate:"2022-06-16T05:51:36Z", GoVersion:"go1.17.11", Compiler:"gc", Platform:"linux/amd64"}[root@control-plane ~]# minikube version minikube version: v1.28.0 commit: 986b1ebd987211ed16f8cc10aed7d2c42fc8392f
[root@control-plane ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE golang 1.18-alpine 6e22c844d83b About an hour ago 330MB golang <none> f37f1bcb329f 3 weeks ago 330MB quay.io/jetstack/cert-manager-webhook v1.10.1 fc05c5e52433 5 weeks ago 45.1MB quay.io/jetstack/cert-manager-controller v1.10.1 eb279e0c6ceb 5 weeks ago 60MB quay.io/jetstack/cert-manager-cainjector v1.10.1 9dd0abde8231 5 weeks ago 38.2MB registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase v0.0.36 866c1fe4e3f2 2 months ago 1.11GB kicbase/stable v0.0.36 866c1fe4e3f2 2 months ago 1.11GB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.23.8 09d62ad3189b 6 months ago 135MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.23.8 afd180ec7435 6 months ago 53.5MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.23.8 db4da8720bcb 6 months ago 112MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.23.8 2b7c5a039984 6 months ago 125MB registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.5.1-0 25f8c7f3da61 14 months ago 293MB registry.cn-hangzhou.aliyuncs.com/google_containers/coredns v1.8.6 a4ca41631cc7 14 months ago 46.8MB hello-world latest feb5d9fea6a5 15 months ago 13.3kB registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.6 6270bb605e12 16 months ago 683kB registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner v5 6e38f40d628d 21 months ago 31.5MB registry.cn-hangzhou.aliyuncs.com/google_containers/k8s-minikube/storage-provisioner v5 6e38f40d628d 21 months ago 31.5MB ghcr.io/helm/tiller v2.17.0 3f39089e9083 2 years ago 88.1MB k8s.gcr.io/kube-proxy v1.18.0 43940c34f24f 2 years ago 117MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy v1.18.0 43940c34f24f 2 years ago 117MB k8s.gcr.io/kube-apiserver v1.18.0 74060cea7f70 2 years ago 173MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver v1.18.0 74060cea7f70 2 years ago 173MB k8s.gcr.io/kube-controller-manager v1.18.0 d3e55153f52f 2 years ago 162MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager v1.18.0 d3e55153f52f 2 years ago 162MB k8s.gcr.io/kube-scheduler v1.18.0 a31f78c7c8ce 2 years ago 95.3MB registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler v1.18.0 a31f78c7c8ce 2 years ago 95.3MB anjone/kicbase latest 11589cdc9ef4 2 years ago 964MB k8s.gcr.io/pause 3.2 80d28bedfe5d 2 years ago 683kB registry.cn-hangzhou.aliyuncs.com/google_containers/pause 3.2 80d28bedfe5d 2 years ago 683kB k8s.gcr.io/coredns 1.6.7 67da37a9a360 2 years ago 43.8MB registry.cn-hangzhou.aliyuncs.com/google_containers/coredns 1.6.7 67da37a9a360 2 years ago 43.8MB k8s.gcr.io/etcd 3.4.3-0 303ce5db0e90 3 years ago 288MB registry.cn-hangzhou.aliyuncs.com/google_containers/etcd 3.4.3 303ce5db0e90 3 years ago 288MB registry.cn-hangzhou.aliyuncs.com/google_containers/tiller v2.14.3 2d0a693df3ba 3 years ago 94.2MB gcr.io/k8s-minikube/storage-provisioner v1.8.1 4689081edb10 5 years ago 80.8MB registry.cn-hangzhou.aliyuncs.com/google_containers/storage-provisioner v1.8.1 4689081edb10 5 years ago 80.8MB
7 test
EST_ZONE_NAME=example.com. go test -v .
8 build
国内在Dockerfile
WORKDIR /workspace #后面追加2 行
ENV GO111MODULE=on ENV GOPROXY=https://goproxy.cn,direct
make build
make 较慢,下载依赖有时会超时,需要重新make
[root@control-plane webhook-example]# make build docker build -t ""webhook":"latest"" . Sending build context to Docker daemon 249.2MB Step 1/15 : FROM golang:1.18-alpine AS build_deps ---> 6e22c844d83b Step 2/15 : RUN apk add --no-cache git ---> Running in 3c8db80bc3d5 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz (1/6) Installing brotli-libs (1.0.9-r9) (2/6) Installing nghttp2-libs (1.51.0-r0) (3/6) Installing libcurl (7.87.0-r0) (4/6) Installing libexpat (2.5.0-r0) (5/6) Installing pcre2 (10.42-r0) (6/6) Installing git (2.38.2-r0) Executing busybox-1.35.0-r29.trigger OK: 16 MiB in 22 packages Removing intermediate container 3c8db80bc3d5 ---> fefa28720b45 Step 3/15 : WORKDIR /workspace ---> Running in 449c6ae04119 Removing intermediate container 449c6ae04119 ---> 56bf602b71f8 Step 4/15 : ENV GO111MODULE=on ---> Running in 3cc67f37e18e Removing intermediate container 3cc67f37e18e ---> dcba5db5c75f Step 5/15 : ENV GOPROXY=https://goproxy.cn,direct ---> Running in 6237104eb344 Removing intermediate container 6237104eb344 ---> 2dbd73cd3d91 Step 6/15 : COPY go.mod . ---> c0dce0a7ee77 Step 7/15 : COPY go.sum . ---> 0790cd66b7c8 Step 8/15 : RUN go mod download ---> Running in 5dcf147de732 Removing intermediate container 5dcf147de732 ---> 6dd2c70fd8fd Step 9/15 : FROM build_deps AS build ---> 6dd2c70fd8fd Step 10/15 : COPY . . ---> 58e0a22ac4e0 Step 11/15 : RUN CGO_ENABLED=0 go build -o webhook -ldflags '-w -extldflags "-static"' . ---> Running in 3d7c3a6cdd4d Removing intermediate container 3d7c3a6cdd4d ---> c7004c3efaaf Step 12/15 : FROM alpine:3.9 3.9: Pulling from library/alpine 31603596830f: Pull complete Digest: sha256:414e0518bb9228d35e4cd5165567fb91d26c6a214e9c95899e1e056fcd349011 Status: Downloaded newer image for alpine:3.9 ---> 78a2ce922f86 Step 13/15 : RUN apk add --no-cache ca-certificates ---> Running in e3ba3fd31b86 fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz (1/1) Installing ca-certificates (20191127-r2) Executing busybox-1.29.3-r10.trigger Executing ca-certificates-20191127-r2.trigger OK: 6 MiB in 15 packages Removing intermediate container e3ba3fd31b86 ---> 1e422ad9c988 Step 14/15 : COPY --from=build /workspace/webhook /usr/local/bin/webhook ---> 7552e1a1d235 Step 15/15 : ENTRYPOINT ["webhook"] ---> Running in a6a276394014 Removing intermediate container a6a276394014 ---> 2b034e66c51b Successfully built 2b034e66c51b Successfully tagged webhook:latest [root@control-plane webhook-example]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE webhook latest 2b034e66c51b About a minute ago 62.6MB
9 install helm
cd /usr/src wget https://get.helm.sh/helm-v2.14.3-linux-amd64.tar.gz tar zxf helm-v2.14.3-linux-amd64.tar.gz cd linux-amd64/ mv helm /usr/local/bin/ chmod +x /usr/local/bin/helm echo 'source <(helm completion bash)' >> /etc/profile source /etc/profile helm version
10 pack webhok
cd /usr/src/cert-manager-webhook helm lint ./ helm package ./ helm install cert-manager-webhook-0.1.1.tgz
cd /usr/src/webhook-example helm install --name webhook \ --namespace cert-manager \ --set features.apiPriorityAndFairness=true \ --set image.repository=webhook \ --set image.tag=latest \ --set logLevel=2 \ ./deploy/example-webhook
11 view webhook
minikube kubectl -- get pods -A
[root@control-plane src]# minikube kubectl -- get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE cert-manager cert-manager-b4b465456-rh464 1/1 Running 2 (71m ago) 8h cert-manager cert-manager-cainjector-64d74f9c8f-nz699 1/1 Running 4 (69m ago) 8h cert-manager cert-manager-webhook-66fff58cdf-b5hmw 1/1 Running 4 (69m ago) 8h cert-manager webhook-example-webhook-856d5ccc6c-kmnp4 1/1 Running 0 11m kube-system coredns-65c54cc984-x9llv 1/1 Running 2 (71m ago) 8h kube-system etcd-control-plane.minikube.internal 1/1 Running 6 (71m ago) 8h kube-system kube-apiserver-control-plane.minikube.internal 1/1 Running 5 (71m ago) 8h kube-system kube-controller-manager-control-plane.minikube.internal 1/1 Running 5 (71m ago) 8h kube-system kube-proxy-45xqz 1/1 Running 2 (71m ago) 8h kube-system kube-scheduler-control-plane.minikube.internal 1/1 Running 5 (71m ago) 8h kube-system storage-provisioner 1/1 Running 4 (69m ago) 8h kube-system tiller-deploy-74bcf4c66c-4n8pj 1/1 Running 0 14m
331434376
15629529961