K8S 学习笔记（三）集群部署

博主： MoChou
发布时间：2022 年 03 月 21 日
165 次浏览
暂无评论
14170字数
分类： Linux 工具

接上文

部署应用到集群中

部署应用yaml文件

仍以 hexo 镜像部署为例

新建hexo-deployment.yaml文件，内容如下：

apiVersion: apps/v1
kind: Deployment #部署类型 Deployment
metadata:
  name: hexo-deployment #部署名称 
  labels:
    app: hexo #应用名称
spec:
  replicas: 3 #实例 即部署多少个
  selector:
    matchLabels:
      app: hexo # 用来查找关联的 Pod，所有标签都匹配才行
  template:
    metadata:
      labels:
        app: hexo
    spec:
      containers:
      - name: hexo #容器名称
        image: taskbjorn/hexo #镜像
        ports:
        - containerPort: 4000 #hexo访问端口

部署

[root@master k8s]# kubectl apply -f hexo-deployment.yaml
deployment.apps/hexo-deployment created

查看启动情况

[root@master service]# kubectl get pods
NAME                               READY   STATUS    RESTARTS   AGE
hexo-deployment-7d7d578cbd-2sjrj   1/1     Running   0          37m
hexo-deployment-7d7d578cbd-5gk52   1/1     Running   0          37m
hexo-deployment-7d7d578cbd-7x76w   1/1     Running   0          37m
hexo-deployment-7d7d578cbd-d7kpl   1/1     Running   0          37m

#包含系统应用
[root@master service]# kubectl get pod --all-namespaces -o wide
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE   IP                NODE     NOMINATED NODE   READINESS GATES
default       hexo-deployment-7d7d578cbd-2sjrj   1/1     Running   0          36m   10.244.2.2        node2    <none>           <none>
default       hexo-deployment-7d7d578cbd-5gk52   1/1     Running   0          36m   10.244.2.3        node2    <none>           <none>
default       hexo-deployment-7d7d578cbd-7x76w   1/1     Running   0          36m   10.244.1.3        node1    <none>           <none>
default       hexo-deployment-7d7d578cbd-d7kpl   1/1     Running   0          36m   10.244.1.2        node1    <none>           <none>
kube-system   coredns-6d8c4cb4d-5mkjb            1/1     Running   0          39m   10.244.0.2        master   <none>           <none>
kube-system   coredns-6d8c4cb4d-9b2n5            1/1     Running   0          39m   10.244.0.3        master   <none>           <none>
kube-system   etcd-master                        1/1     Running   5          40m   192.168.171.130   master   <none>           <none>
kube-system   kube-apiserver-master              1/1     Running   5          40m   192.168.171.130   master   <none>           <none>
kube-system   kube-controller-manager-master     1/1     Running   0          40m   192.168.171.130   master   <none>           <none>
kube-system   kube-flannel-ds-7rccn              1/1     Running   0          38m   192.168.171.131   node1    <none>           <none>
kube-system   kube-flannel-ds-fnnz2              1/1     Running   0          38m   192.168.171.132   node2    <none>           <none>
kube-system   kube-flannel-ds-frcq8              1/1     Running   0          39m   192.168.171.130   master   <none>           <none>
kube-system   kube-proxy-h8bgs                   1/1     Running   0          39m   192.168.171.130   master   <none>           <none>
kube-system   kube-proxy-nxnn6                   1/1     Running   0          38m   192.168.171.131   node1    <none>           <none>
kube-system   kube-proxy-wgv67                   1/1     Running   0          38m   192.168.171.132   node2    <none>           <none>
kube-system   kube-scheduler-master              1/1     Running   5          40m   192.168.171.130   master   <none>           <none>

running代表启动成功。

Service

特性

service 通过label 关联对应的pod
service 不会因为pod变化而变化
提供负载均衡，自动转发到不容的pod
可对集群外部提供端口的访问
集群内可以通过服务名称访问

创建Service

创建一个 Service，通过标签 hexo 跟对应的 Pod 关联上，这里保存文件名为 hexo-service.yaml:

apiVersion: v1
kind: Service
metadata:
  name: hexo-service
spec:
  selector:
    app: hexo
  type: NodePort
  ports:
    - port: 4000        # 本 Service 的端口
      targetPort: 4000  # 容器端口
      nodePort: 31000   # 节点端口 范围固定 30000-32767

启用service

[root@master service]# kubectl apply -f hexo-service.yaml
service/hexo-service created

查看service

[root@master service]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
hexo-service   NodePort    10.110.151.215   <none>        4000:31000/TCP   42m
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP          47m

外部访问

[root@master service]# curl 192.168.171.130:31000
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">



  <title>Hexo</title>
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
  <meta property="og:type" content="website">
<meta property="og:title" content="Hexo">
<meta property="og:url" content="http://example.com/index.html">
#以下省略

[root@node1 ~]# curl 192.168.171.131:31000
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">


  <title>Hexo</title>
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <meta property="og:type" content="website">
<meta property="og:title" content="Hexo">
#以下省略

[root@node1 ~]# curl 192.168.171.132:31000
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">


  <title>Hexo</title>
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <meta property="og:type" content="website">
<meta property="og:title" content="Hexo">
<meta property="og:url" content="http://example.com/index.html">
<meta property="og:site_name" content="Hexo">
<meta property="og:locale" content="en_US">
<meta property="article:author" content="John Doe">
#以下省略

部署K8S dashboard

Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
Kubernetes 仪表板是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理集群中运行的应用程序并对其进行故障排除，以及管理集群本身。

安装

官方

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

上述为官方安装方法，可能有很多问题，推荐使用下种方法

推荐

将以下内容写入文件recommended.yaml 后使用 kubectl apple -f recommended.yaml 命令执行

recommended.yaml

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001 #映射到host的30001端口
  selector:
    k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.2.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
        #type: master
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.6
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

其中，修改了service对外映射端口到 30001。

查看dashboard 所在节点：

[root@master service]# kubectl get pod --namespace=kubernetes-dashboard -o wide
NAME                                         READY   STATUS             RESTARTS        AGE   IP           NODE    NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-577dc49767-zhwbt   0/1     CrashLoopBackOff   7 (4m23s ago)   20m   10.244.2.7   node2   <none>           <none>
kubernetes-dashboard-6bd77794f-fvbw2         1/1     Running            0               20m   10.244.1.9   node1   <none>           <none>

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

K8S 学习笔记（三）集群部署

MoChou • 2022 年 03 月 21 日

<div class="tip share">请注意，本文编写于 791 天前，最后修改于 423 天前，其中某些信息可能已经过时。</div>

接上文
</div></p><h1>部署应用到集群中</h1><h2>部署应用yaml文件</h2><blockquote>仍以 hexo 镜像部署为例</blockquote><ol><li><p>新建<code>hexo-deployment.yaml</code>文件，内容如下：</p><pre><code class="lang-yaml">apiVersion: apps/v1
kind: Deployment #部署类型 Deployment
metadata:
  name: hexo-deployment #部署名称 
  labels:
    app: hexo #应用名称
spec:
  replicas: 3 #实例 即部署多少个
  selector:
    matchLabels:
      app: hexo # 用来查找关联的 Pod，所有标签都匹配才行
  template:
    metadata:
      labels:
        app: hexo
    spec:
      containers:
      - name: hexo #容器名称
        image: taskbjorn/hexo #镜像
        ports:
        - containerPort: 4000 #hexo访问端口</code></pre></li><li><p>部署</p><pre><code class="lang-bash">[root@master k8s]# kubectl apply -f hexo-deployment.yaml
deployment.apps/hexo-deployment created</code></pre></li><li><p>查看启动情况</p><pre><code class="lang-bash">[root@master service]# kubectl get pods
NAME                               READY   STATUS    RESTARTS   AGE
hexo-deployment-7d7d578cbd-2sjrj   1/1     Running   0          37m
hexo-deployment-7d7d578cbd-5gk52   1/1     Running   0          37m
hexo-deployment-7d7d578cbd-7x76w   1/1     Running   0          37m
hexo-deployment-7d7d578cbd-d7kpl   1/1     Running   0          37m

#包含系统应用
[root@master service]# kubectl get pod --all-namespaces -o wide
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE   IP                NODE     NOMINATED NODE   READINESS GATES
default       hexo-deployment-7d7d578cbd-2sjrj   1/1     Running   0          36m   10.244.2.2        node2    &lt;none&gt;           &lt;none&gt;
default       hexo-deployment-7d7d578cbd-5gk52   1/1     Running   0          36m   10.244.2.3        node2    &lt;none&gt;           &lt;none&gt;
default       hexo-deployment-7d7d578cbd-7x76w   1/1     Running   0          36m   10.244.1.3        node1    &lt;none&gt;           &lt;none&gt;
default       hexo-deployment-7d7d578cbd-d7kpl   1/1     Running   0          36m   10.244.1.2        node1    &lt;none&gt;           &lt;none&gt;
kube-system   coredns-6d8c4cb4d-5mkjb            1/1     Running   0          39m   10.244.0.2        master   &lt;none&gt;           &lt;none&gt;
kube-system   coredns-6d8c4cb4d-9b2n5            1/1     Running   0          39m   10.244.0.3        master   &lt;none&gt;           &lt;none&gt;
kube-system   etcd-master                        1/1     Running   5          40m   192.168.171.130   master   &lt;none&gt;           &lt;none&gt;
kube-system   kube-apiserver-master              1/1     Running   5          40m   192.168.171.130   master   &lt;none&gt;           &lt;none&gt;
kube-system   kube-controller-manager-master     1/1     Running   0          40m   192.168.171.130   master   &lt;none&gt;           &lt;none&gt;
kube-system   kube-flannel-ds-7rccn              1/1     Running   0          38m   192.168.171.131   node1    &lt;none&gt;           &lt;none&gt;
kube-system   kube-flannel-ds-fnnz2              1/1     Running   0          38m   192.168.171.132   node2    &lt;none&gt;           &lt;none&gt;
kube-system   kube-flannel-ds-frcq8              1/1     Running   0          39m   192.168.171.130   master   &lt;none&gt;           &lt;none&gt;
kube-system   kube-proxy-h8bgs                   1/1     Running   0          39m   192.168.171.130   master   &lt;none&gt;           &lt;none&gt;
kube-system   kube-proxy-nxnn6                   1/1     Running   0          38m   192.168.171.131   node1    &lt;none&gt;           &lt;none&gt;
kube-system   kube-proxy-wgv67                   1/1     Running   0          38m   192.168.171.132   node2    &lt;none&gt;           &lt;none&gt;
kube-system   kube-scheduler-master              1/1     Running   5          40m   192.168.171.130   master   &lt;none&gt;           &lt;none&gt;</code></pre><p><code>running</code>代表启动成功。</p></li></ol><h2>Service</h2><h3>特性</h3><ul><li>service 通过label 关联对应的pod</li><li>service 不会因为pod变化而变化</li><li>提供负载均衡，自动转发到不容的pod</li><li>可对集群外部提供端口的访问</li><li>集群内可以通过服务名称访问</li></ul><h3>创建Service</h3><ol><li><p>创建一个 Service，通过标签 <code>hexo</code> 跟对应的 Pod 关联上，这里保存文件名为 <code>hexo-service.yaml</code>:</p><pre><code class="lang-bash">apiVersion: v1
kind: Service
metadata:
  name: hexo-service
spec:
  selector:
    app: hexo
  type: NodePort
  ports:
    - port: 4000        # 本 Service 的端口
      targetPort: 4000  # 容器端口
      nodePort: 31000   # 节点端口 范围固定 30000-32767</code></pre></li><li><p>启用service</p><pre><code class="lang-bash">[root@master service]# kubectl apply -f hexo-service.yaml
service/hexo-service created</code></pre></li><li><p>查看service</p><pre><code class="lang-bash">[root@master service]# kubectl get svc
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
hexo-service   NodePort    10.110.151.215   &lt;none&gt;        4000:31000/TCP   42m
kubernetes     ClusterIP   10.96.0.1        &lt;none&gt;        443/TCP          47m</code></pre></li><li><p>外部访问</p><pre><code class="lang-bash">[root@master service]# curl 192.168.171.130:31000
&lt;!DOCTYPE html&gt;
&lt;html&gt;
&lt;head&gt;
  &lt;meta charset=&quot;utf-8&quot;&gt;

&lt;title&gt;Hexo&lt;/title&gt;
  &lt;meta name=&quot;viewport&quot; content=&quot;width=device-width, initial-scale=1, maximum-scale=1&quot;&gt;
  &lt;meta property=&quot;og:type&quot; content=&quot;website&quot;&gt;
&lt;meta property=&quot;og:title&quot; content=&quot;Hexo&quot;&gt;
&lt;meta property=&quot;og:url&quot; content=&quot;http://example.com/index.html&quot;&gt;
#以下省略</code></pre><pre><code class="lang-bash">[root@node1 ~]# curl 192.168.171.131:31000
&lt;!DOCTYPE html&gt;
&lt;html&gt;
&lt;head&gt;
  &lt;meta charset=&quot;utf-8&quot;&gt;

&lt;title&gt;Hexo&lt;/title&gt;
  &lt;meta name=&quot;viewport&quot; content=&quot;width=device-width, initial-scale=1, shrink-to-fit=no&quot;&gt;
  &lt;meta property=&quot;og:type&quot; content=&quot;website&quot;&gt;
&lt;meta property=&quot;og:title&quot; content=&quot;Hexo&quot;&gt;
&lt;meta property=&quot;og:url&quot; content=&quot;http://example.com/index.html&quot;&gt;
&lt;meta property=&quot;og:site_name&quot; content=&quot;Hexo&quot;&gt;
&lt;meta property=&quot;og:locale&quot; content=&quot;en_US&quot;&gt;
&lt;meta property=&quot;article:author&quot; content=&quot;John Doe&quot;&gt;
#以下省略</code></pre></li></ol><h1>部署K8S dashboard</h1><blockquote><p>Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.</p><p>Kubernetes 仪表板是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理集群中运行的应用程序并对其进行故障排除，以及管理集群本身。</p></blockquote><h2>安装</h2><h3>官方</h3><pre><code class="lang-bash">kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml</code></pre><p><div class="tip inlineBlock warning">

上述为官方安装方法，可能有很多问题，推荐使用下种方法
</div></p><h3>推荐</h3><p>将以下内容写入文件<code>recommended.yaml</code> 后使用 <code>kubectl apple -f recommended.yaml</code> 命令执行</p><p><div class="panel panel-default collapse-panel box-shadow-wrap-lg"><div class="panel-heading panel-collapse" data-toggle="collapse" data-target="#collapse-54c94a249cfbcdbc11b47057ece42ec229" aria-expanded="true"><div class="accordion-toggle"><span style="">recommended.yaml</span>
<i class="pull-right fontello icon-fw fontello-angle-right"></i>
</div>
</div>
<div class="panel-body collapse-panel-body">
<div id="collapse-54c94a249cfbcdbc11b47057ece42ec229" class="collapse collapse-content"><p></p></p><pre><code class="lang-yaml"># Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001 #映射到host的30001端口
  selector:
    k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: &quot;&quot;

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [&quot;&quot;]
    resources: [&quot;secrets&quot;]
    resourceNames: [&quot;kubernetes-dashboard-key-holder&quot;, &quot;kubernetes-dashboard-certs&quot;, &quot;kubernetes-dashboard-csrf&quot;]
    verbs: [&quot;get&quot;, &quot;update&quot;, &quot;delete&quot;]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [&quot;&quot;]
    resources: [&quot;configmaps&quot;]
    resourceNames: [&quot;kubernetes-dashboard-settings&quot;]
    verbs: [&quot;get&quot;, &quot;update&quot;]
    # Allow Dashboard to get metrics.
  - apiGroups: [&quot;&quot;]
    resources: [&quot;services&quot;]
    resourceNames: [&quot;heapster&quot;, &quot;dashboard-metrics-scraper&quot;]
    verbs: [&quot;proxy&quot;]
  - apiGroups: [&quot;&quot;]
    resources: [&quot;services/proxy&quot;]
    resourceNames: [&quot;heapster&quot;, &quot;http:heapster:&quot;, &quot;https:heapster:&quot;, &quot;dashboard-metrics-scraper&quot;, &quot;http:dashboard-metrics-scraper&quot;]
    verbs: [&quot;get&quot;]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: [&quot;metrics.k8s.io&quot;]
    resources: [&quot;pods&quot;, &quot;nodes&quot;]
    verbs: [&quot;get&quot;, &quot;list&quot;, &quot;watch&quot;]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.2.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        &quot;kubernetes.io/os&quot;: linux
        #type: master
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.6
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        &quot;kubernetes.io/os&quot;: linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}</code></pre><p><p></p></div></div></div></p><p>其中，修改了service对外映射端口到 <code>30001</code>。</p><p>查看dashboard 所在节点：</p><pre><code class="lang-bash">[root@master service]# kubectl get pod --namespace=kubernetes-dashboard -o wide
NAME                                         READY   STATUS             RESTARTS        AGE   IP           NODE    NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-577dc49767-zhwbt   0/1     CrashLoopBackOff   7 (4m23s ago)   20m   10.244.2.7   node2   &lt;none&gt;           &lt;none&gt;
kubernetes-dashboard-6bd77794f-fvbw2         1/1     Running            0               20m   10.244.1.9   node1   &lt;none&gt;           &lt;none&gt;</code></pre>

K8S 学习笔记（三）集群部署

部署应用到集群中

部署应用yaml文件

Service

特性

创建Service

部署K8S dashboard

安装

官方

推荐

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Swagger 枚举字段显示在接口文档中，并自定义枚举返回

Linux温习笔记(一) 系统用户类

Linux温习笔记(二) 文件目录类

Linux温习笔记(三) 时间日期类、搜索查询类、压缩类

Linux温习笔记(四) 任务调度、磁盘分区和挂载、网络配置

Git全局设置

在线Libreoffice搭建

nacos作为注册中心

win 下安装 Mysql8

Docker镜像迁移方法

K8S 学习笔记（三）集群部署

部署应用到集群中

部署应用yaml文件

Service

特性

创建Service

部署K8S dashboard

安装

官方

推荐

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

K8S 学习笔记（三）集群部署

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款