如何部署kubernetes-dashboard改成http免密登录

2024-04-19 0 411
目录
  • 修改Service端口
  • 修改 deployment 内容

原始链接地址

https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

修改Service端口

增加80端口,改成http访问

修改前:

spec:
ports:
– port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard

修改后:

spec:
ports:
– port: 443
targetPort: 8443
name: https
– port: 80
targetPort: 9090
name: http
selector:
k8s-app: kubernetes-dashboard

如果想用 ip+端口 的方式访问,这里需要增加配置,改成 nodeport 的形式,nodePort 改成自己主机空闲的端口,取值范围在 apiserver 的 –service-node-port-range 参数里面可以看得到

最终修改如下:

spec:
ports:
– port: 443
targetPort: 8443
name: https
nodePort: 32001
– port: 80
targetPort: 9090
name: http
nodePort: 32002
type: NodePort
selector:
k8s-app: kubernetes-dashboard

修改 deployment 内容

修改探针检测

后面要修改 dashboard 的启动参数,这里不改的话,活性检测会失败,导致 pod 会不断重启

修改前:

livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443

修改后:

livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 9090

修改镜像拉取策略

官方 yaml 里面默认配置的是 Always

sed -i \’s/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g\’ recommended.yaml

修改容器端口

修改前:

ports:
– containerPort: 8443
protocol: TCP

修改后:

ports:
– containerPort: 8443
protocol: TCP
– containerPort: 9090
protocol: TCP

关闭 token 登录

注释掉 –auto-generate-certificates 参数

修改前:

args:
– –auto-generate-certificates
– –namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# – –apiserver-host=http://my-address:port

修改后:

args:
# – –auto-generate-certificates
– –namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# – –apiserver-host=http://my-address:port

完整版yaml

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the \”License\”);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an \”AS IS\” BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard

apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
– port: 443
targetPort: 8443
name: https
nodePort: 30000
– port: 80
targetPort: 9090
name: http
nodePort: 30001
type: NodePort
selector:
k8s-app: kubernetes-dashboard

apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque

apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: \”\”

apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque

kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
– apiGroups: [\”\”]
resources: [\”secrets\”]
resourceNames: [\”kubernetes-dashboard-key-holder\”, \”kubernetes-dashboard-certs\”, \”kubernetes-dashboard-csrf\”]
verbs: [\”get\”, \”update\”, \”delete\”]
# Allow Dashboard to get and update \’kubernetes-dashboard-settings\’ config map.
– apiGroups: [\”\”]
resources: [\”configmaps\”]
resourceNames: [\”kubernetes-dashboard-settings\”]
verbs: [\”get\”, \”update\”]
# Allow Dashboard to get metrics.
– apiGroups: [\”\”]
resources: [\”services\”]
resourceNames: [\”heapster\”, \”dashboard-metrics-scraper\”]
verbs: [\”proxy\”]
– apiGroups: [\”\”]
resources: [\”services/proxy\”]
resourceNames: [\”heapster\”, \”http:heapster:\”, \”https:heapster:\”, \”dashboard-metrics-scraper\”, \”http:dashboard-metrics-scraper\”]
verbs: [\”get\”]

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
– apiGroups: [\”metrics.k8s.io\”]
resources: [\”pods\”, \”nodes\”]
verbs: [\”get\”, \”list\”, \”watch\”]

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
– kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
– kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard

kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
– name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
ports:
– containerPort: 8443
protocol: TCP
– containerPort: 9090
protocol: TCP
args:
# – –auto-generate-certificates
– –namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# – –apiserver-host=http://my-address:port
volumeMounts:
– name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
– mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
– name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
– name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
\”kubernetes.io/os\”: linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
– key: node-role.kubernetes.io/master
effect: NoSchedule

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
– port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper

kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
– name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
– containerPort: 8000
protocol: TCP
– containerPort: 9090
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
– mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
\”kubernetes.io/os\”: linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
– key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
– name: tmp-volume
emptyDir: {}

到此这篇关于如何部署kubernetes-dashboard改成http免密登录的文章就介绍到这了,更多相关kubernetes-dashboard部署内容请搜索悠久资源网以前的文章或继续浏览下面的相关文章希望大家以后多多支持悠久资源网!

您可能感兴趣的文章:

  • Dashboard管理Kubernetes集群与API访问配置
  • docker kubernetes dashboard安装部署详细介绍
  • Spring Boot 实现https ssl免密登录(X.509 pki登录)

收藏 (0) 打赏

感谢您的支持,我会继续努力的!

打开微信/支付宝扫一扫,即可进行扫码打赏哦,分享从这里开始,精彩与您同在
点赞 (0)

悠久资源 编程综合 如何部署kubernetes-dashboard改成http免密登录 https://www.u-9.cn/biancheng/bczonghe/187662.html

常见问题

相关文章

发表评论
暂无评论
官方客服团队

为您解决烦忧 - 24小时在线 专业服务