zoukankan      html  css  js  c++  java

  • 12 部署dashboard

    下载地址

    https://github.com/kubernetes/dashboard
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard

    下载镜像

    docker pull k8scn/kubernetes-dashboard-amd64:v1.8.3
docker tag fcac9aa03fd6 harbor.rongbiz.cn/public/dashboard:v1.8.3
docker push harbor.rongbiz.cn/public/dashboard:v1.8.3

    准备配置文件

    vi /data/k8s-yaml/dashboard/rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system



vi /data/k8s-yaml/dashboard/secret.yaml
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-key-holder
  namespace: kube-system
type: Opaque

vi /data/k8s-yaml/dashboard/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      priorityClassName: system-cluster-critical
      containers:
      - name: kubernetes-dashboard
        image: harbor.rongbiz.cn/public/dashboard:v1.8.3
        resources:
          limits:
            cpu: 100m
            memory: 300Mi
          requests:
            cpu: 50m
            memory: 100Mi
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
        - name: tmp-volume
          mountPath: /tmp
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard-admin
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
      imagePullSecrets:
      - name: harbor

vi /data/k8s-yaml/dashboard/svc.yaml
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 443
    targetPort: 8443

vi /data/k8s-yaml/dashboard/ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: dashboard.rongbiz.cn
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

    创建资源

    kubectl apply -f http://k8s-yaml.rongbiz.cn/dashboard/rbac.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/dashboard/secret.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/dashboard/deployment.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/dashboard/svc.yaml
kubectl apply -f http://k8s-yaml.rongbiz.cn/dashboard/ingress.yaml


必须有ssl证书 否则无法token登录

    创建nginx配置文件

    vim /etc/nginx/conf.d/dashboard.rongbiz.cn.conf
server {
    listen       80;
    server_name  dashboard.rongbiz.cn;

    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    listen       443 ssl;
    server_name  dashboard.rongbiz.cn;

    ssl_certificate "certs/dashboard.rongbiz.cn.crt";
    ssl_certificate_key "certs/dashboard.rongbiz.cn.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://default_backend_traefik;
	      proxy_set_header Host       $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}
  • 相关阅读:
    cloudemanager安装时出现8475 MainThread agent ERROR Heartbeating to 192.168.30.1:7182 failed问题解决方法(图文详解)
    cloudemanager安装时出现ProtocolError: <ProtocolError for 127.0.0.1/RPC2: 401 Unauthorized>问题解决方法(图文详解)
    青年的第一要务是自立
    [转]Sql Server 主从数据库配置
    [转]SQL Server表分区
    [转]WCF体系结构-一张图就是好
    Bootstrap
    [转]在WIN7下安装运行mongodb
    [转]使用Node.js完成的第一个项目的实践总结
    [转]win系统下nodejs安装及环境配置
  • 原文地址:https://www.cnblogs.com/yangtao416/p/14266586.html
Copyright © 2011-2022 走看看