kubernetes学习14—Dashboard搭建和认证

原文:kubernetes学习14—Dashboard搭建和认证

本文收录在容器技术学习系列文章总目录

一、介绍

  Kubernetes Dashboard是Kubernetes集群的基于Web的通用UI。它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身

二、搭建dashboard

1、编写yaml文件

借鉴GitHub,修改了image的下载地址和pod的一些配置

[root@master ~]# vim dashboard.yaml

# Filename: dashboard.yaml
# Revision: 1.0
# Date: 2018/10/18
# Author: along
# Description: Build kubernetes dashboard

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque

---
# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
  # Allow Dashboard to create ‘kubernetes-dashboard-key-holder‘ secret.
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
  # Allow Dashboard to create ‘kubernetes-dashboard-settings‘ config map.
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update ‘kubernetes-dashboard-settings‘ config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Deployment ------------------- #

kind: Deployment
apiVersion: apps/v1beta2
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.0
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard

2、apply yaml文件,搭建dashboard

[root@master ~]# kubectl apply -f dashboard.yaml

secret/kubernetes-dashboard-certs created

serviceaccount/kubernetes-dashboard created

role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

deployment.apps/kubernetes-dashboard created

service/kubernetes-dashboard created

3、查看验证

(1)pod已经创建成功

[root@master ~]# kubectl get pods -n kube-system |grep dashboard

kubernetes-dashboard-68bf55748d-4zzph   1/1       Running   0          2m

(2)service也已经创建成功,并且有映射端口,此时已经可以登录了,但是无法登录,因为没有认证

[root@master ~]# kubectl get svc -n kube-system

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE

kubernetes-dashboard   NodePort    10.97.55.246   <none>        443:30000/TCP   2m

三、dashboard与kubernetes集群的认证,方案一:令牌认证

(1)有两种认证方法:

  口令

  kubeconfig

(2)并且在认证的时候,还可以管理限制dashboard用户的权限;为了让大家进一步理解:

  在方案一:口令认证时,dashboard用户的权限设为对所有名称空间都有admin的权限;

  在方案二:kubeconfig认证时,dashboard用户的权限设为只对default名称空间有admin权限;

1、授权,对所有名称空间都有admin的权限

(1)创建serviceaccount

[root@master ~]# kubectl create serviceaccount dashboard-serviceaccount -n kube-system

serviceaccount/dashboard-serviceaccount created

(2)创建clusterrolebinding

  使用clusterrolebinding绑定cluster-admin的clusterrole和dashboard-serviceaccount的serviceaccount,这样dashboard-serviceaccount的serviceaccount就在所有名称空间有了kubernetes的admin权限

[root@master ~]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-serviceaccount

clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created

2、获取令牌

(1)在secret中查找dashboard-serviceaccount

[root@master ~]# kubectl get secret -n kube-system |grep dashboard-serviceaccount-token

dashboard-serviceaccount-token-nz7xd             kubernetes.io/service-account-token   3         4m

(2)查看dashboard-serviceaccount中的口令

[root@master ~]# kubectl describe secret dashboard-serviceaccount-token-nz7xd -n kube-system

Name:         dashboard-serviceaccount-token-nz7xd
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=dashboard-serviceaccount
              kubernetes.io/service-account.uid=2af6061f-d1f0-11e8-8059-005056277243

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtc2VydmljZWFjY291bnQtdG9rZW4tbno3eGQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLXNlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMmFmNjA2MWYtZDFmMC0xMWU4LTgwNTktMDA1MDU2Mjc3MjQzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1zZXJ2aWNlYWNjb3VudCJ9.BAJVarqum57S_KepqOgcS1IimNEmDilhu4tIiWQKxaz0o5TKyXBZ5YqN3ZS5tJNQbLvDS6LuRRXdvH-MeKQnUpg08OhYDg1u9XE3Oygr7YF5Ad7yBw4czpPPN6iIJZ5qQJ8laOfPRb8qYVbR0R4MONin08lhzrkLBkRLwhAVJ_6zXXB9vaJLU9asTyA4YmDAZZi06zkYeeO8Rhqr2-Yeu4Ya7miLYVRv_ioqDlkqGEf6ILUriPjeJHohIEbgdslRXTnxgwkt2Uwsv3QRFKF2CisSBSW7P-9muuCrzSb2xQVop7WbAUyROdUuqQFmSON2UC0643e_iEW5DBaAAGQxbw

3、网页通过令牌登录

(1)使用https协议打开https://192.168.130.103:30000(任意节点的IP都可以)

输入dashboard-serviceaccount的口令

(2)打开成功,并且对所有名称空间都有admin权限

四、dashboard与kubernetes集群的认证,方案二:configing认证

1、授权,只对default名称空间有admin的权限

(1)创建serviceaccount

[root@master ~]# kubectl create serviceaccount def-ns-dashboard-sa -n default

serviceaccount/def-ns-dashboard-sa created

(2)创建rolebinding

使用rolebinding绑定cluster-admin的clusterrole和def-ns-dashboard的serviceaccount,这样def-ns-dashboard的serviceaccount就只有default这一个名称空间的admin权限

[root@master ~]# kubectl create rolebinding def-ns-dashboard-rb --clusterrole=cluster-admin --serviceaccount=default:def-ns-dashboard-sa

rolebinding.rbac.authorization.k8s.io/def-ns-dashboard-rb created

2、获取令牌

(1)在secret中查找def-ns-dashboard-sa

[root@master ~]# kubectl get secret

NAME                              TYPE                                  DATA      AGE

def-ns-dashboard-sa-token-b8plm   kubernetes.io/service-account-token   3         1m

(2)查看def-ns-dashboard-sa中的口令

[root@master ~]# kubectl describe secret def-ns-dashboard-sa-token-b8plm

Name:         def-ns-dashboard-sa-token-b8plm
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=def-ns-dashboard-sa
              kubernetes.io/service-account.uid=8b040303-d287-11e8-be88-005056277243

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1kYXNoYm9hcmQtc2EtdG9rZW4tYjhwbG0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmLW5zLWRhc2hib2FyZC1zYSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhiMDQwMzAzLWQyODctMTFlOC1iZTg4LTAwNTA1NjI3NzI0MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZi1ucy1kYXNoYm9hcmQtc2EifQ.VqAgyqN8_F4mjawWtZ5TzvFioKA50u4MUL_4ypBxWrr-XU8TciM8EX1OcGm9vAjUW_m5QZangS7VW3rVYPcqKMqaYKE8vN-l9wTC5CzTnxPHMghTx8sTTkPWnqHt7C7v8cVRNfeRAWygWMp1B8Chx5pAK2l9t095uZy_w59qFQdoAKeAcxiH5K6kz9sx8VwEXVr9nRH8bFqvtr3yXCdYo2e2qSQXOpNddlyrEOYXrIUlamNyImgcbfkNLV0Qkt5sdfSLSJdaB2opLWD8pST88m73r6KG2c_aMmyZ7mTCUeNd1BwCOnLSto4V2xPXCtHA6ELvB5afh9irpCj4e5VgPw

3、定义一个kubeconfig认证文件

(1)在一个新的kubeconfig文件下,创建一个集群dashboard

[root@master ~]# kubectl config set-cluster dashboard --certificate-authority=/etc/kubernetes/pki/ca.crt --server="https://192.168.130.103:6443" --embed-certs=true --kubeconfig=/root/def-ns-dashboard.conf

Cluster "dashboard" set.

/root/def-ns-dashboard.conf 文件已经生成

[root@master ~]# ll /root/def-ns-dashboard.conf

-rw------- 1 root root 1568 Oct 18 13:36 /root/def-ns-dashboard.conf

(2)使用def-ns-dashboard-sa的serviceaccount,创建一个用户def-ns-dashboard-user

[root@master ~]# kubectl config set-credentials def-ns-dashboard-user --kubeconfig=/root/def-ns-dashboard.conf --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1kYXNoYm9hcmQtc2EtdG9rZW4tYjhwbG0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmLW5zLWRhc2hib2FyZC1zYSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhiMDQwMzAzLWQyODctMTFlOC1iZTg4LTAwNTA1NjI3NzI0MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZi1ucy1kYXNoYm9hcmQtc2EifQ.VqAgyqN8_F4mjawWtZ5TzvFioKA50u4MUL_4ypBxWrr-XU8TciM8EX1OcGm9vAjUW_m5QZangS7VW3rVYPcqKMqaYKE8vN-l9wTC5CzTnxPHMghTx8sTTkPWnqHt7C7v8cVRNfeRAWygWMp1B8Chx5pAK2l9t095uZy_w59qFQdoAKeAcxiH5K6kz9sx8VwEXVr9nRH8bFqvtr3yXCdYo2e2qSQXOpNddlyrEOYXrIUlamNyImgcbfkNLV0Qkt5sdfSLSJdaB2opLWD8pST88m73r6KG2c_aMmyZ7mTCUeNd1BwCOnLSto4V2xPXCtHA6ELvB5afh9irpCj4e5VgPw

User "def-ns-dashboard-user" set.

(3)在这个kubeconfig文件下,创建一个上下文关系def-ns-dashboard-user@dashboard

[root@master ~]# kubectl config set-context def-ns-dashboard-user@dashboard --cluster=dashboard --user=def-ns-dashboard-user --kubeconfig=/root/def-ns-dashboard.conf

Context "def-ns-dashboard-user@dashboard" created.

(4)在这个kubeconfig文件下,使用def-ns-dashboard-user@dashboard这个上下文关系

[root@master ~]# kubectl config use-context def-ns-dashboard-user@dashboard --kubeconfig=/root/def-ns-dashboard.conf

Switched to context "def-ns-dashboard-user@dashboard".

(5)通过view查看验证

[root@master ~]# kubectl config view --kubeconfig=/root/def-ns-dashboard.conf

apiVersion: v1

clusters:

- cluster:

    certificate-authority-data: REDACTED

    server: https://192.168.130.103:6443

  name: dashboard

contexts:

- context:

    cluster: dashboard

    user: def-ns-dashboard-user

  name: def-ns-dashboard-user@dashboard

current-context: def-ns-dashboard-user@dashboard

kind: Config

preferences: {}

users:

- name: def-ns-dashboard-user

  user:

    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1kYXNoYm9hcmQtc2EtdG9rZW4tYjhwbG0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmLW5zLWRhc2hib2FyZC1zYSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhiMDQwMzAzLWQyODctMTFlOC1iZTg4LTAwNTA1NjI3NzI0MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZi1ucy1kYXNoYm9hcmQtc2EifQ.VqAgyqN8_F4mjawWtZ5TzvFioKA50u4MUL_4ypBxWrr-XU8TciM8EX1OcGm9vAjUW_m5QZangS7VW3rVYPcqKMqaYKE8vN-l9wTC5CzTnxPHMghTx8sTTkPWnqHt7C7v8cVRNfeRAWygWMp1B8Chx5pAK2l9t095uZy_w59qFQdoAKeAcxiH5K6kz9sx8VwEXVr9nRH8bFqvtr3yXCdYo2e2qSQXOpNddlyrEOYXrIUlamNyImgcbfkNLV0Qkt5sdfSLSJdaB2opLWD8pST88m73r6KG2c_aMmyZ7mTCUeNd1BwCOnLSto4V2xPXCtHA6ELvB5afh9irpCj4e5VgPw

4、网页通过kubeconfig登录

(1)将/root/def-ns-dashboard.conf 文件上传到windows机器上,把/root/def-ns-dashboard.conf这个kubeconfig文件导入到登录时的页面,就可以成功登录

(2)登录成功,但是只有default这个名称空间的admin权限

至此,我们已经成功搭建了dashboard;并且完成了对K8S集群的认证;

我们可以通过dashboard创建和管理Pod、service、存储卷... ... 这里就不再演示了。

原文地址:https://www.cnblogs.com/lonelyxmas/p/10621840.html

时间: 2024-10-19 17:39:58

kubernetes学习14—Dashboard搭建和认证的相关文章

kubernetes实践之二:Kubernetes可视WEB UI Dashboard搭建

Kubernetes可视WEBUI Dashboard搭建 支持浏览器:火狐 一.Dashboard下载地址 git clone https://github.com/kubernetes/kubernetes/ 二.部署Dashboard需要文件 [root@k8s_master ui]# ll 总用量 28 -rwxr-xr-x 1 root root  833 3月  20 19:13 dashboard-cert.sh -rwxr-xr-x 1 root root  264 3月  20

kubernetes学习资源

参考文章: 1.kubernetes学习资源 1. <Kubernetes与云原生应用>系列之Kubernetes的系统架构与设计理念 2.[docker专业介绍的网站dockerinfo](DockerInfo-Docker容器技术教程,Docker信息传播和服务平台) 3.[docker专业介绍的网站dockone](DockOne.io) 4.[Stuq课程-从理论到生产环境实战:掌握Docker大规模部署和管理](从理论到生产环境实战:掌握Docker大规模部署和管理) 5.[kube

学习笔记---springMVC搭建

最近工作不是很忙,写项目总结总结学习和工作中的技术,标记... 我的环境配置: 操作系统 win 7 开发工具 STS web服务器 tomcat7 java jdk1.6 1. 项目的创建,我是参考下面这篇文章 http://fruzenshtein.com/setup-of-dynamic-web-project-using-maven/ 2. 相关jar包的引入 pom.xml中spring的配置 1 <properties> 2 <org.springframework-vers

JavaWeb学习之环境搭建

1. HTML(Hyper Text Markup Language) , 超文本标记语言. HTML文件的后缀名一般是: .htm , .html 表单(form): 浏览器内核: WebKit , trident Javascript:alert(‘?’);  --->java脚本语言 我的第一个html程序: 代码如下: 1 <html> 2 <head> 3 <title> 龚细军的网站</title> 4 </head> 5 6

深度学习开发环境搭建

深度学习开发环境搭建 https://www.cnblogs.com/ai-developer/p/10022115.html 工欲善其事,必先利其器.首先我们需要花费一些时间来搭建开发环境. 1.安装python.python是人工智能开发首选语言. 2.安装virtualenv.virtualenv可以为一个python应用创建一套隔离的运行环境,避免不同版本的python或第三方库互相影响.类似的虚拟环境还有anaconda,anaconda自带常用库,因此安装包有几百兆,与anacond

Canonical发布企业级Kubernetes 1.14重点让使用者简单管理

红帽甫推出最新版本的Kubernetes 1.14,而Canonical也随之宣布提供企业级Kubernetes 1.14解决方案,释出基于最新版Kubernetes,使用kubeadm进行管理部署的最新版Charmed Kubernetes 1.14,以及单节点版MicroK8s 1.14.Charmed Kubernetes是经过Canonical认证的多云Kubernetes解决方案,除了提供上游的Kubernetes二元档案,其重点在于让使用者能简单地进行Kubernetes部署.扩展.

kubeadm安装高可用kubernetes v1.14.1

前言 步骤跟之前安装1.13版本的是一样的 区别就在于kubeadm init的configuration file 目前kubeadm init with configuration file已经处于beta阶段了,在1.15版本已经进入到了v1beta2版本 虽然还没到GA版,但是相对于手动配置k8s集群,kubeadm不但简化了步骤,而且还减少了手动部署的出错的概率,何乐而不为呢 环境介绍: 系统版本:CentOS 7.6 内核:4.18.7-1.el7.elrepo.x86_64 Kub

Kubernetes 生产环境安装部署 基于 Kubernetes v1.14.0 之 部署规划

1. 安装规划 1.1 部署节点说明 etcd集群规划 etcd 中心集群 192.168.2.247192.168.2.248192.168.2.249 etcd 事件集群 192.168.2.250192.168.2.251192.168.2.252 Kubernetes master节点集群规划 192.168.3.10192.168.3.11192.168.3.12192.168.3.13192.168.3.14 Kubernetes master vip 192.168.4.1192.

基于 Kubernetes v1.14.0 之heapster与influxdb部署

1.部署准备 说明:所有的容器组都运行在kube-system 命名空间 github 项目地址 https://github.com/kubernetes-retired/heapster.git mkdir heapster git clone https://github.com/kubernetes-retired/heapster.git cd heapster/deploy/kube-config/influxdb 2.influxdb 部署 2.1.创建influxdb pvc 源