Kubernetes:dashboard 搭建(k8s -web端管理)
2024-06-11 03:17:21
dashboard版本v2.0.1
github地址:https://github.com/kubernetes/dashboard/releases
yaml 地址:https://github.com/kubernetes/dashboard/blob/master/aio/deploy/recommended.yaml
帮助说明:https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
我的yaml文件git地址:https://github.com/oopxiajun/k8s-deshboark-yaml
一,环境准备
k8s安装请参考:《Kubernetes 安装(基础)》
k8s集群:《K8s 集群(Kubernetes 集群)》
所需要镜像(提前pull下来,部署时更快)
docker pull kubernetesui/dashboard:v2.0.1docker pull kubernetesui/metrics-scraper:v1.0.4二,部署
在网上看过很多帖子,基本都是在拉取yaml时超时。我们这里直接使用github里面的yaml
https://github.com/kubernetes/dashboard/blob/master/aio/deploy/recommended.yaml
内容如下
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.4ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
我这里使用源码,什么都不改直接执行下面的命令
kubectl apply -f recommended.yaml我们可以查看pod 和svc
kubectl get pod,svc -n=kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-6b4884c9d5-57gt6 1/1 Running 0 48m
pod/kubernetes-dashboard-7bfbb48676-6bmvc 1/1 Running 0 48mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.104.16.26 <none> 8000/TCP 48m
service/kubernetes-dashboard ClusterIP 10.101.110.246 <none> 443/TCP 48m
三,登录dashboard
在上面我们看到 地址是10.101.110.246 端口是443
我们在宿主机上使用火狐浏览器 直接访问 https://10.101.110.246:443
提示我们是有token 或者 kubeconfig 两种登录
Token 登录
我们先看 k8s上有哪些 secrets
kubectl get secrets
NAME TYPE DATA AGE
default-token-pnlhg kubernetes.io/service-account-token 3 48d
然后我们在具体查看token值
kubectl get secrets default-token-pnlhg -o json
{"apiVersion": "v1","data": {"ca.crt": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01EUXhNakExTWpNME9Wb1hEVE13TURReE1EQTFNak0wT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSkxSCm1nTzNTUkNRWXBCYUhXTm4vV2dxUzN1aGRMR3hlOUpnY0pGRjJQc2hyai9OTGtlN242U2swVSsvZnRYMEkyWmIKdnNPZUJsYXNraTFrb2h0TS9nbk5nTWtzMDdXcWJBanBYOWF0SmRXMm1LYmgvVnlQYXg4RnlXd3oyeXB1bGRhZAo3b3ZuL09xNzVLVys3aWsybUs3MzZjSUd0YXNpTDRTd3hxcFhEeHNFdkN1RFhiOEdlZitYRVNkcEdTMytNaERRCmRIYTFlTlNhRzZYWU93UFZMRG1vOHc0cm14SWEwM0RILzAwTmxNeGFoakF1NVAxdTVhZDg2QUxsbjZzVEw2SWkKYTZmb2d5Wm05R3FENFdWOXJmVjQ3ZGllUnRsUDhFSEs4MmFEM3FiNTZGNWRpVmMvTlFrWm1tV1VzalZtV0Q4MwpkUm8vclF1MkZNRko5MytISEVrQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFCRHVTOGVSZ3NqUkpWa2hCYU92Y3BmNGFFS20KRkd0NkF2ejhuZzRTNE1Oc0VnbkFNRFpVZlN4TE9pNzUyaE81WmZHaGxBUFpvK1hjZEZLY2liTHM5a0J5SGpMRAo0dEdFQWhteWh5RjA2VEJ6N09ZVEhOYlZ4TzJIWi9PdjVYYXlmQ1BMeTc0NnVQWlp2Uzd6Tmo5M0JLTjdJbmxvCjUvenBUZVlEZS9UUGozTXB0eHp6UFFBVVh0bUtNbWFVc25NdS9ub0lBNUVrRFJYQVYwQlRnMVhOQ1dTaFVFZDIKaWhMT3ErNG9aZ2pKb1NQZU55WVpjM1RYRHAxVGZaa0FsN2FIS2hnWWpXUkxJRVprc0NWczNDSDVIT3kvNkZxUQpMdFFTT0V6K1FweDRVWVVUaGZhSXE0bEZIZjUvc1VZL2IyenBSRXY0R1l5bThUM3lhbXMvT3RSWVg1TT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","namespace": "ZGVmYXVsdA==","token": "ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklqUXllbGt3U2xKV1VHRTVlbEJ4T0U4MlVESkNOMlZaTjBOaWQzQjFiM1prYjFrd2EwcHNkRnBzVUVVaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbVJsWm1GMWJIUXRkRzlyWlc0dGNHNXNhR2NpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pWkdWbVlYVnNkQ0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVnlkbWxqWlMxaFkyTnZkVzUwTG5WcFpDSTZJakpsTkdKaU9EZ3dMVGRrWlRrdE5HVXdOeTA1WWpJekxUbGlOVE01TW1GaE0ySXlOaUlzSW5OMVlpSTZJbk41YzNSbGJUcHpaWEoyYVdObFlXTmpiM1Z1ZERwa1pXWmhkV3gwT21SbFptRjFiSFFpZlEuQ245bmpEa2FTSy1EUlJUVTRucU9ybU93ZFVab2k5dDhWUjVpXzc2Nlg2dm9tT2R2LWdlenZqWkt4OWlxYkVrOUhlQ1ozQzF1NS1CZVpyMVBsdWZ5aXF1M18xNnM1UUJCYTI3UmxxVHAtaDVyMFBWMW5FRmdwSGhsMXc5MjJXZV83eHVUY1JRUkZoNU83VEMxQVFULU5qalFWRUFvdjRKaHpYVVJhSnZzSFpnOWFUMHQ2RmtxMUpmVDJPbW9pNzhWbFZqNnFlTE9sNkRDdDRJTmFvNFd0c1J1Tm9lQzQzODJCc1J2MjItSHF4M2xBeVM0RlNnaUlyVWhhbU5scWRMbWsyQmZYSXQwSEFxY1Z5M0dhck5RalZvd3ZxZXQ4QXlrWXdBaUNlQWlkTzMzYWhGcGlSdXZkcVhEUDZoNUFCV2d3Nlpmbjk3YThoVmtvVllRZ2JFWE5n"},"kind": "Secret","metadata": {"annotations": {"kubernetes.io/service-account.name": "default","kubernetes.io/service-account.uid": "2e4bb880-7de9-4e07-9b23-9b5392aa3b26"},"creationTimestamp": "2020-04-12T05:24:33Z","managedFields": [{"apiVersion": "v1","fieldsType": "FieldsV1","fieldsV1": {"f:data": {".": {},"f:ca.crt": {},"f:namespace": {},"f:token": {}},"f:metadata": {"f:annotations": {".": {},"f:kubernetes.io/service-account.name": {},"f:kubernetes.io/service-account.uid": {}}},"f:type": {}},"manager": "kube-controller-manager","operation": "Update","time": "2020-04-12T05:24:33Z"}],"name": "default-token-pnlhg","namespace": "default","resourceVersion": "361","selfLink": "/api/v1/namespaces/default/secrets/default-token-pnlhg","uid": "067fa8f1-fff5-438a-8047-ea0d2c292f9c"},"type": "kubernetes.io/service-account-token"
}
但是这里要用base64位转一次才是可以在界面上输入的token
kubectl get secrets default-token-pnlhg -o jsonpath={.data.token}|base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IjQyelkwSlJWUGE5elBxOE82UDJCN2VZN0Nid3B1b3Zkb1kwa0psdFpsUEUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tcG5saGciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjJlNGJiODgwLTdkZTktNGUwNy05YjIzLTliNTM5MmFhM2IyNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.Cn9njDkaSK-DRRTU4nqOrmOwdUZoi9t8VR5i_766X6vomOdv-gezvjZKx9iqbEk9HeCZ3C1u5-BeZr1Plufyiqu3_16s5QBBa27RlqTp-h5r0PV1nEFgpHhl1w922We_7xuTcRQRFh5O7TC1AQT-NjjQVEAov4JhzXURaJvsHZg9aT0t6Fkq1JfT2Omoi78VlVj6qeLOl6DCt4INao4WtsRuNoeC4382BsRv22-Hqx3lAyS4FSgiIrUhamNlqdLmk2BfXIt0HAqcVy3GarNQjVowvqet8AykYwAiCeAidO33ahFpiRuvdqXDP6h5ABWgw6Zfn97a8hVkoVYQgbEXNg这个token值我们复制到输入框就可以登录
Kubeconfig 登录
kubeconfig 一般在~/root/.kube/config 里面,(把隐藏文件显示出来【右键就能操作】)
username+Password登录
第一步:创建密码管理文件
# cat /etc/kubernetes/basic_auth_fileadmin,admin,1xiajun,1234@abc,2#前面为用户,后面为密码,数字为用户ID不可重复第二步:修改kube-apiserver.yaml
#vim /etc/kubernetes/manifests/kube-apiserver.yaml
#添加一条密码文件配置
--basic-auth-file=/etc/kubernetes/basic_auth_file 第三步 :添加完毕后重启api-server
#添加完毕后重启api-server#kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml第四步:Deployment.spec.args 添加 内容如下
- --authentication-mode=basic最后的yaml 内容如下
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.# 1:将 namespace 换成 kube-system
# 2:将 Server下的 type 设置为 NodePort 类型
# 3:不创建 名称空间 为kubernetes-dashboard # apiVersion: v1
# kind: Namespace
# metadata:
# name: kubernetes-dashboard# ---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-system---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-system
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kube-system
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kube-system
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kube-system
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kube-system---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-system
rules:# # Allow Dashboard to get, update and delete Dashboard exclusive secrets.# - apiGroups: [""]# resources: ["secrets"]# resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]# verbs: ["get", "update", "delete"]# # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.# - apiGroups: [""]# resources: ["configmaps"]# resourceNames: ["kubernetes-dashboard-settings"]# verbs: ["get", "update"]# # Allow Dashboard to get metrics.# - apiGroups: [""]# resources: ["services"]# resourceNames: ["heapster", "dashboard-metrics-scraper"]# verbs: ["proxy"]# - apiGroups: [""]# resources: ["services/proxy"]# resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]# verbs: ["get"]- apiGroups: ["*"]resources: ["*"]resourceNames: ["*"]verbs: ["*"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard #
rules:#Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]- apiGroups: ["*"]resources: ["*"]verbs: ["*"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-system
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:# - kind: ServiceAccount# name: kubernetes-dashboard# namespace: kube-system# 全部用户- kind: Groupname: system:authenticatedapiGroup: rbac.authorization.k8s.io- kind: Groupname: system:unauthenticatedapiGroup: rbac.authorization.k8s.io---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:# - kind: ServiceAccount# name: kubernetes-dashboard# namespace: kube-system- kind: Groupname: system:authenticatedapiGroup: rbac.authorization.k8s.io- kind: Groupname: system:unauthenticatedapiGroup: rbac.authorization.k8s.io---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-system
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kube-system#使用用户名加密码方式# cat /etc/kubernetes/basic_auth_file# admin,admin,1# xiajun,1234@abc,2#前面为用户,后面为密码,数字为用户ID不可重复#vim /etc/kubernetes/manifests/kube-apiserver.yaml#--basic-auth-file=/etc/kubernetes/basic_auth_file \ #添加完毕后重启api-server#kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml#重启api-server - --authentication-mode=basic# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001#runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboard# nodeSelector:# "kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kube-system
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kube-system
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.4ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001#runAsGroup: 2001serviceAccountName: kubernetes-dashboard# nodeSelector:# "kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
这里面 就能非常容器轻松得构建、部署、发布项目,这儿有三种方式创建
Kubernetes:dashboard 搭建(k8s -web端管理)相关推荐
- Kubernetes dashboard搭建
Kubernetes dashboard搭建 1.下载yaml文件 下载kubernetes-dashboard.yaml文件 wget https://raw.githubusercontent.c ...
- Axure高保真家政服务用户端app全局说明+家政服务员工移动端app+家政服务web端管理信息系统(订单管理+服务管理+报表统计+财务管理+营销管理+人员管理)
作品介绍:把家政带入互联网,这也不算什么新鲜事了.这几年来,在手机下单,上门服务已经是常态.如今的消费已经是趋向于智能消费,例如不想做饭就可以叫外卖,出门不想开车就叫网约车.衣食住行可以靠一部智能手机 ...
- (四)部署k8s dashboard web端管理界面
文章目录 1 token令牌认证登录 2 kubeconfig配置文件登录 参考github 1 获取dashboard image镜像 [root@master1 manifests]# docke ...
- Kubernetes Dashboard搭建流程
一. 背景 通过 二进制方式 完成了kubernetes的安装,可以正常使用kubernetes的各种功能了,但是有点不足的是,只能通过命令查看/创建/删除/修改等操作,没有直观的Web UI界面感受 ...
- 在centos服务器上安装配置私人邮箱,并在web端管理邮件
我的个人博客:逐步前行STEP 出于技术上的好(zhuang)奇(bi),我想搭建一个自己的邮箱服务器,这样的话,以后的个人资料上面可以带上一个自己域名的邮箱,再也不怕简历带qq邮箱被嫌弃了. 首先是 ...
- Nagios(八)—— Nagios Web 端管理工具Nagiosql
NagiosQL 是专为 nagios 设计的 web 图形化管理应用,主要作用就是操作数据库和配置文件,其中包括将配置文件的信息写到数据库中,在数据库中修改 Nagios的监控配置信息,并将数据库中 ...
- RabbitMQ管理(3)——Web端管理
欢迎支持笔者新作:<深入理解Kafka:核心设计与实践原理>和<RabbitMQ实战指南>,同时欢迎关注笔者的微信公众号:朱小厮的博客. 欢迎跳转到本文的原文链接:https: ...
- 从零开始搭建一个web图书管理项目(增删改查功能)
参考资料:https://blog.csdn.net/qq_23994787/article/details/73612870 http://how2j.cn/ 实习第一周,写下一些在建立web项目中 ...
- O2OA开发平台:Web端管理服务器
平台提供web管理端方便快捷查看服务器当前状态,同时方便管理服务器.实现平台的易用性. 第一:管理员通过浏览器登入系统后,点击应用中的日志图标. 如下图所示: 第二:打开日志管理员界面. 如下图所示: ...
最新文章
- 源创Talk第1期 | 对话晶泰科技赖力鹏:AI制药独角兽的崛起之路
- php 单一职责,PHP之单例模式(职责模式)
- Python语言学习:解决python版本升级问题集合(python2系列→Python3系列)导致错误的总结集合
- 基于单片机的自动追日系统设计_基于单片机的自动浇花系统的设计
- 终于来了!微软正式推出 VS Code 测试 API
- 数学奥赛大神,两次以满分获IMO金牌,北大数学博士提前毕业
- django3数据库设计之商城项目
- yolov5-detect.py解析与重写
- jsoup教程_2 http-client 讲解
- HD Tune Pro: WDC WD1600AAJS-00B8D 160g inMyRitMachi
- 学习笔记(10):每一道试题都是有解题密码(2018年下半年信息系统项目管理师试题讲解)-用这种简单方法破解这么难的试题,我也是醉了(试题21-25)...
- Mac屏幕录制GIF动图
- 走近图灵奖大师David Patterson开挂的人生
- r语言爬虫和python爬虫哪个好-R语言爬虫常用方法总结(以案例说明)
- python股票代码示例_补全股票代码位数的一百种姿势
- 手机服务器艰辛之路(一)~手机服务器环境部署
- 网页未连接到互联网,代理服务器出现问题
- UTONMOS开启元宇宙数字化经济新纪元
- ssm项目——教务系统
- 【滴水逆向笔记】C语言结构体