部署dashboard
下载
[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
改文件名
[root@k8s-master1 ~]# mv recommended.yaml k8s-dashboard-v2.3.1.yaml
修改文件
[root@k8s-master1 ~]# cat k8s-dashboard-v2.3.1.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort # 添加
ports:
- port: 443
targetPort: 8443
nodePort: 30001 # 添加
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.3.1
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.6
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
部署dashboard界面
[root@k8s-master1 ~]# kubectl apply -f k8s-dashboard-v2.3.1.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
node节点验证端口
# 端口:30001
[root@k8s-node1 ~]# ss -tanl
LISTEN 0 128 0.0.0.0:30001 0.0.0.0:*
LISTEN 0 128 127.0.0.1:44657 0.0.0.0:*
使用node节点在浏览器访问 https://
制作admin登录yaml文件
[root@k8s-master1 m44]# vim admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
查看
[root@k8s-master1 m44]# kubectl get secrets -A
查看指定的token
[root@k8s-master1 m44]# kubectl describe secrets admin-user-token-bdt8m -n kubernetes-dashboard
Name: admin-user-token-bdt8m
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: a3f84662-3361-48f7-867a-8624df8129c4
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Iml5b25jdFBPYlBNNGNmU2RlQnpsY2czTzRHRFExMUtYejRMZzBNXzByWGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWJkdDhtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhM2Y4NDY2Mi0zMzYxLTQ4ZjctODY3YS04NjI0ZGY4MTI5YzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.a6FZZToLcFRtl4w7jTYUE0-SeoxFfhIXiy69aHzDzD5UOfKa-p-MgbIYvx3vAln1gPfQq8FKL1DnUi47mnscmXPXZtZ6cvf1zgGv_EOktaJzPtXzF2SetukeovWs2hhi9Xclg-jYDVAGda7G9gKnwUpykSPOo9wndWJnkDMi9A6j9mL49knTsI1MQl3vjUSJx3P3zzuSWZLfB__Ar63jA-tvfJfXrzLhuwCs71ZKKDhYs8mYdRgwFo0sXiZSpa2eGTxf16SrOwTXMUmECkU6bx0ScvbKo89Q8MeRB_Xsyhvt65i1gnasVxcmzLryGoaaz1P6hgPzgxhBZqncjF2MQA
制作nginx.yaml文件
[root@k8s-master1 m44]# cat k8s-nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.18.0
ports:
- containerPort: 80
---
kind: Service
apiVersion: v1
metadata:
labels:
app: test-nginx-service-label
name: test-nginx-service
namespace: default
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
nodePort: 30004
selector:
app: nginx
部署nginx
[root@k8s-master1 m44]# kubectl apply -f k8s-nginx.yaml
使用node任意节点登录浏览器测试
修改nginx默认路径内容如下:
Tomcat
配置
[root@k8s-master1 m44]# cat tomcat-k8s.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: tomcat-deployment
labels:
app: tomcat
spec:
replicas: 1
selector:
matchLabels:
app: tomcat
template:
metadata:
labels:
app: tomcat
spec:
containers:
- name: tomcat
image: tomcat
ports:
- containerPort: 8080
---
kind: Service
apiVersion: v1
metadata:
labels:
app: test-tomcat-service-label
name: test-tomcat-service
namespace: default
spec:
# type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
# nodePort: 30005
selector:
app: tomcat
部署tomcat
[root@k8s-master1 m44]# kubectl apply -f tomcat-k8s.yaml
deployment.apps/tomcat-deployment created
service/test-tomcat-service created
修改Tomcat的web界面配置
或者命令行改也可以
[root@k8s-master1 m44]# kubectl get pod
NAME READY STATUS RESTARTS AGE
net-test1 1/1 Running 0 3h19m
net-test2 1/1 Running 0 3h19m
net-test3 1/1 Running 0 3h19m
nginx-deployment-67dfd6c8f9-r9wgp 1/1 Running 0 60m
tomcat-deployment-6c44f58b47-8kbdg 1/1 Running 0 33m
[root@k8s-master2 m44]# kubectl exec -it tomcat-deployment-6c44f58b47-8kbdg bash
查看IP地址
[root@k8s-master1 m44]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.200.0.1 <none> 443/TCP 6h8m
test-nginx-service NodePort 10.200.102.14 <none> 80:30004/TCP 76m
test-tomcat-service ClusterIP 10.200.205.191 <none> 80/TCP 48m
验证pod
Nginx动静分离Tomcat
配置haproxy(在原来的基础上添加即可)
[root@ha1 ~]# vim /etc/haproxy/haproxy.cfg
listen longxuan-m44-nginx-80
bind 172.31.1.200:80
mode tcp
server 172.31.1.16 172.31.1.16:30004 check inter 3s fall 3 rise 5
server 172.31.1.17 172.31.1.17:30004 check inter 3s fall 3 rise 5
server 172.31.1.18 172.31.1.18:30004 check inter 3s fall 3 rise 5
配置keepalived
[root@ha1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state MASTER
interface eth0
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.31.1.188 dev eth0 label eth0:1
172.31.1.200 dev eth0 label eth0:2
}
}
重启haproxy 和 keepalived
[root@ha1 ~]# systemctl restart keepalived.service
[root@ha1 ~]# systemctl restart haproxy.service
进入到Nginx的pod
[root@k8s-master1 m44]# kubectl exec -it nginx-deployment-67dfd6c8f9-r9wgp bash
# 查看是什么系统
root@nginx-deployment-67dfd6c8f9-r9wgp:/# cat /etc/issue
Debian GNU/Linux 10
l
# 更新
root@nginx-deployment-67dfd6c8f9-r9wgp:/# apt update
# 下载可用软件
root@nginx-deployment-67dfd6c8f9-r9wgp:/# apt install -y procps vim iputils-ping net-tools curl
# nginx的pod可以curl到Tomcat
root@nginx-deployment-67dfd6c8f9-r9wgp:/# curl test-tomcat-service/m44/index.jsp
longxuan.vip 123 tomcat web
# 添加location配置
root@nginx-deployment-67dfd6c8f9-r9wgp:/# vim /etc/nginx/conf.d/default.conf
location /m44 {
proxy_pass http://test-tomcat-service;
}
# 重新加载
root@nginx-deployment-67dfd6c8f9-r9wgp:/# vim /etc/nginx/conf.d/default.conf
访问测试 VIP (做本地域名解析就可以使用域名访问)
在任意一台主机都可以访问
[root@k8s-master3 ~]# curl 172.31.1.200
<h1>123456 longxuan vip web</h1>