2. 程式人生 > 其它 >部署k8s-dashboard

部署k8s-dashboard

阿新 發佈:2021-10-04

部署dashboard

下載

[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

改檔名

[root@k8s-master1 ~]# mv recommended.yaml k8s-dashboard-v2.3.1.yaml

修改檔案

[root@k8s-master1 ~]# cat k8s-dashboard-v2.3.1.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort  # 新增
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001   # 新增
  selector:
    k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.3.1
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.6
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

部署dashboard介面

[root@k8s-master1 ~]# kubectl apply -f k8s-dashboard-v2.3.1.yaml

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

node節點驗證埠

# 埠:30001
[root@k8s-node1 ~]# ss -tanl
LISTEN                  0                        128                                               0.0.0.0:30001                                          0.0.0.0:*
LISTEN                  0                        128                                             127.0.0.1:44657                                          0.0.0.0:*

使用node節點在瀏覽器訪問 https://

製作admin登入yaml檔案

[root@k8s-master1 m44]# vim admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

檢視

[root@k8s-master1 m44]# kubectl get secrets -A

檢視指定的token

[root@k8s-master1 m44]# kubectl describe secrets admin-user-token-bdt8m -n kubernetes-dashboard

Name:         admin-user-token-bdt8m
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: a3f84662-3361-48f7-867a-8624df8129c4

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Iml5b25jdFBPYlBNNGNmU2RlQnpsY2czTzRHRFExMUtYejRMZzBNXzByWGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWJkdDhtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhM2Y4NDY2Mi0zMzYxLTQ4ZjctODY3YS04NjI0ZGY4MTI5YzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.a6FZZToLcFRtl4w7jTYUE0-SeoxFfhIXiy69aHzDzD5UOfKa-p-MgbIYvx3vAln1gPfQq8FKL1DnUi47mnscmXPXZtZ6cvf1zgGv_EOktaJzPtXzF2SetukeovWs2hhi9Xclg-jYDVAGda7G9gKnwUpykSPOo9wndWJnkDMi9A6j9mL49knTsI1MQl3vjUSJx3P3zzuSWZLfB__Ar63jA-tvfJfXrzLhuwCs71ZKKDhYs8mYdRgwFo0sXiZSpa2eGTxf16SrOwTXMUmECkU6bx0ScvbKo89Q8MeRB_Xsyhvt65i1gnasVxcmzLryGoaaz1P6hgPzgxhBZqncjF2MQA

製作nginx.yaml檔案

[root@k8s-master1 m44]# cat k8s-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: default
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.18.0
        ports:
        - containerPort: 80

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: test-nginx-service-label
  name: test-nginx-service
  namespace: default
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
    nodePort: 30004
  selector:
    app: nginx

部署nginx

[root@k8s-master1 m44]# kubectl apply -f k8s-nginx.yaml

使用node任意節點登入瀏覽器測試

修改nginx預設路徑內容如下:

Tomcat

配置

[root@k8s-master1 m44]# cat tomcat-k8s.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: default
  name: tomcat-deployment
  labels:
    app: tomcat
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tomcat
  template:
    metadata:
      labels:
        app: tomcat
    spec:
      containers:
      - name: tomcat
        image: tomcat
        ports:
        - containerPort: 8080

---
kind: Service
apiVersion: v1
metadata:
  labels:
    app: test-tomcat-service-label
  name: test-tomcat-service
  namespace: default
spec:
#  type: NodePort
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
#    nodePort: 30005
  selector:
    app: tomcat

部署tomcat

[root@k8s-master1 m44]# kubectl apply -f tomcat-k8s.yaml

deployment.apps/tomcat-deployment created
service/test-tomcat-service created

修改Tomcat的web介面配置

或者命令列改也可以

[root@k8s-master1 m44]# kubectl get pod
NAME                                 READY   STATUS    RESTARTS   AGE
net-test1                            1/1     Running   0          3h19m
net-test2                            1/1     Running   0          3h19m
net-test3                            1/1     Running   0          3h19m
nginx-deployment-67dfd6c8f9-r9wgp    1/1     Running   0          60m
tomcat-deployment-6c44f58b47-8kbdg   1/1     Running   0          33m

[root@k8s-master2 m44]# kubectl exec -it tomcat-deployment-6c44f58b47-8kbdg bash

檢視IP地址

[root@k8s-master1 m44]# kubectl get svc
NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes            ClusterIP   10.200.0.1       <none>        443/TCP        6h8m
test-nginx-service    NodePort    10.200.102.14    <none>        80:30004/TCP   76m
test-tomcat-service   ClusterIP   10.200.205.191   <none>        80/TCP         48m

驗證pod

Nginx動靜分離Tomcat

配置haproxy(在原來的基礎上新增即可)

[root@ha1 ~]# vim /etc/haproxy/haproxy.cfg
listen longxuan-m44-nginx-80
  bind 172.31.1.200:80
  mode tcp
  server 172.31.1.16 172.31.1.16:30004 check inter 3s fall 3 rise 5
  server 172.31.1.17 172.31.1.17:30004 check inter 3s fall 3 rise 5
  server 172.31.1.18 172.31.1.18:30004 check inter 3s fall 3 rise 5

配置keepalived

[root@ha1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        172.31.1.188 dev eth0 label eth0:1
        172.31.1.200 dev eth0 label eth0:2
    }
}

重啟haproxy 和 keepalived

[root@ha1 ~]# systemctl restart keepalived.service
[root@ha1 ~]# systemctl restart haproxy.service

進入到Nginx的pod

[root@k8s-master1 m44]# kubectl exec -it nginx-deployment-67dfd6c8f9-r9wgp bash

# 檢視是什麼系統
root@nginx-deployment-67dfd6c8f9-r9wgp:/# cat /etc/issue
Debian GNU/Linux 10 \n \l

# 更新
root@nginx-deployment-67dfd6c8f9-r9wgp:/# apt update

# 下載可用軟體
root@nginx-deployment-67dfd6c8f9-r9wgp:/# apt install -y procps vim iputils-ping net-tools curl

# nginx的pod可以curl到Tomcat
root@nginx-deployment-67dfd6c8f9-r9wgp:/# curl test-tomcat-service/m44/index.jsp
longxuan.vip 123 tomcat web

# 新增location配置
root@nginx-deployment-67dfd6c8f9-r9wgp:/# vim /etc/nginx/conf.d/default.conf
location /m44 {
    proxy_pass http://test-tomcat-service;
}

# 重新載入
root@nginx-deployment-67dfd6c8f9-r9wgp:/# vim /etc/nginx/conf.d/default.conf

訪問測試 VIP (做本地域名解析就可以使用域名訪問)

http://172.31.1.200/

http://172.31.1.200/m44

在任意一臺主機都可以訪問

[root@k8s-master3 ~]# curl 172.31.1.200
<h1>123456 longxuan vip web</h1>

相關推薦

在master節點上部署k8s-dashboard元件

vim kubernetes-dashboard.yml # Copyright 2017 The Kubernetes Authors.## Licensed under the Apache License, Version 2.0 (the \"License\");# you may not use this file except in compliance with the Lic

部署k8s-dashboard

部署dashboard 下載 [root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

使用docker run或docker-compose部署k8s dashboard

哈嘍,分享一個使用docker run或docker-compose部署k8s dashboard的方法,方便大家快速部署k8s dashboard, 而不用必須在k8s叢集內部部署dashboard pod, 個人感覺很簡潔和直觀,尤其便於初學者熟悉和理解k8s dashob

k8s-生產環境部署django專案k8s-dashboard管理系統

1. k8s-生產環境部署django專案k8s-dashboard管理系統 gitee地址: https://gitee.com/scajy/django-k8s-dashboard.git

k8s——dashboard ui部署

目錄一、部署Dashboard UI1.1 概述1.2 在master01節點上操作1.2.1 在k8s工作目錄中建立dashborad工作目錄1.2.2 上傳Dashboard.zip壓縮包,並解壓(不要放在/opt/k8s/dashboard目錄)1.2.3 把6個yaml檔案和1個指令碼

K8S-dashboard部署

K8S版本:1.17.11 官網:https://github.com/kubernetes/dashboard/tree/v2.0.0-rc6/aio/deploy 映象拉取

【原】二進位制部署 k8s 1.18.3

二進位制部署 k8s 1.18.3 1、相關前置資訊 1.1 版本資訊 kube_version: v1.18.3 etcd_version: v3.4.9

Centos7安裝部署openstack--dashboard服務(計算節點)

一、概述   Dashboard(horizon)是一個web介面,使得雲平臺管理員以及使用者可以管理不同的Openstack資源以及服務。這個部署示例使用的是 Apache Web 伺服器。

基於Centos 7.8 和Kubeadm部署k8s高可用叢集

原文作者:Zhangguanzhang 原文連結:http://zhangguanzhang.github.io/2019/11/24/kubeadm-base-use/

二進位制部署k8s叢集(8):安裝容器網路外掛Flannel

kubectl只開放了容器網路定義,未做容器網路實現,需要安裝第三方的容器網路外掛(CNI外掛),容器網路市場佔有率最高的是Flannel,其次是Calico,本篇使用Flannel容器網路外掛。

使用kubeadm部署k8s多master叢集

目錄一、部署方案選擇二、預設拓撲部署1、使用ansiable分發配置,如:設定主機名、/etc/hosts解析、repo檔案、dockerhub證書、伺服器配置、安裝docker等,不詳述了就。(每臺伺服器)2、安裝docker(每臺伺服器)3、

centos7.8 安裝部署 k8s 叢集

centos7.8 安裝部署 k8s 叢集 目錄centos7.8 安裝部署 k8s 叢集環境說明Docker 安裝k8s 安裝準備工作Master 節點安裝 k8s版本檢視安裝 kubelet,kubeadm,kubectl下載映象初始化 Master啟動測試參考文章

Kubernetes 部署 Kubernetes-Dashboard v2.0.0

部署檔案 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy

kind 搭建k8s+dashboard的記錄

1.KIND官方文件:https://kind.sigs.k8s.io/docs/user/quick-start/ (1)安裝go:https://golang.org/dl/

部署kubernetes dashboard v2.0.4

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml -O dashboard.yaml

kubeadm 部署k8s

1:伺服器資訊以及節點介紹 系統資訊:centos1708 minimal 只修改IP地址 主機名稱IP備註

小白學k8s--(1)二進位制部署k8s

二進位制部署k8s 前言 準備工作 關閉防火牆 關閉 swap 分割槽 關閉 SELinux 更新系統時間

二進位制部署k8s叢集

部署k8s有多種方式,本章我們採取二進位制的部署方式來部署k8s叢集,二進位制部署麻煩點,但是可以在我們通過部署各個元件的時候,也通知能讓我們更好的深入瞭解元件之間的關聯,也利於後期維護

kubeadm部署k8s高可用叢集

1 節點規劃資訊 角色 IP地址 系統 k8s-master01 192.168.226.20 CentOS7.8.2003 k8s-master02 192.168.226.21

Ansible自動化部署K8S叢集

Ansible自動化部署K8S叢集 1.1 Ansible介紹 Ansible是一種IT自動化工具。它可以配置系統,部署軟體以及協調更高階的IT任務,例如持續部署,滾動更新。Ansible適用於管理企業IT基礎設施,從具有少數主機的小規模到數