首页 > 其他分享 >编译安装Kubernetes 1.29 高可用集群(8)--Dashboard和Traefik安装部署

编译安装Kubernetes 1.29 高可用集群(8)--Dashboard和Traefik安装部署

时间:2024-07-09 10:10:20浏览次数:16  
标签:Kubernetes kubernetes -- traefik 38m service dashboard 安装 yml

1.部署Dashboard

1.1 在任意k8s-master节点上安装dashboard

# helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Mon Jul  8 16:16:08 2024
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************

Congratulations! You have just installed Kubernetes Dashboard in your cluster.

To access Dashboard run:
  kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

NOTE: In case port-forward command does not work, make sure that kong service name is correct.
      Check the services in Kubernetes Dashboard namespace using:
        kubectl -n kubernetes-dashboard get svc

Dashboard will be available at:
  https://localhost:8443

1.2 更改dashboard的svc为NodePort

# kubectl edit svc kubernetes-dashboard-kong-proxy -n kubernetes-dashboard
###第34行
nodePort:
修改为nodePort:30000
###第43行
type: ClusterIP
修改为type: NodePort

# kubectl get serviceAccount,svc,deploy,pod -n kubernetes-dashboard
NAME                                                  SECRETS   AGE
serviceaccount/default                                0         3h2m
serviceaccount/kubernetes-dashboard-api               0         38m
serviceaccount/kubernetes-dashboard-kong              0         38m
serviceaccount/kubernetes-dashboard-metrics-scraper   0         38m
serviceaccount/kubernetes-dashboard-web               0         38m

NAME                                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                         AGE
service/kubernetes-dashboard-api               ClusterIP   10.66.213.106   <none>        8000/TCP                        38m
service/kubernetes-dashboard-auth              ClusterIP   10.66.242.177   <none>        8000/TCP                        38m
service/kubernetes-dashboard-kong-manager      NodePort    10.66.97.228    <none>        8002:31851/TCP,8445:32487/TCP   38m
service/kubernetes-dashboard-kong-proxy        NodePort    10.66.156.15    <none>        443:30000/TCP                   38m
service/kubernetes-dashboard-metrics-scraper   ClusterIP   10.66.179.209   <none>        8000/TCP                        38m
service/kubernetes-dashboard-web               ClusterIP   10.66.252.176   <none>        8000/TCP                        38m

NAME                                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/kubernetes-dashboard-api               1/1     1            1           38m
deployment.apps/kubernetes-dashboard-auth              1/1     1            1           38m
deployment.apps/kubernetes-dashboard-kong              1/1     1            1           38m
deployment.apps/kubernetes-dashboard-metrics-scraper   1/1     1            1           38m
deployment.apps/kubernetes-dashboard-web               1/1     1            1           38m

NAME                                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-api-6dbd5dc685-n6vl2               1/1     Running   0          38m
pod/kubernetes-dashboard-auth-7f697c4d47-5gzlg              1/1     Running   0          38m
pod/kubernetes-dashboard-kong-75bb76dd5f-kz9x5              1/1     Running   0          38m
pod/kubernetes-dashboard-metrics-scraper-555758b9bf-ppxrc   1/1     Running   0          38m
pod/kubernetes-dashboard-web-846f5f49b-5xwgf                1/1     Running   0          38m

1.3 创建token

cat > dashboard-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
EOF

# kubectl apply -f dashboard-user.yaml

# kubectl create token admin-user -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6IlNEUC1RVDNMRWU0RElRWFZ3MDBkRFhpazVyOE9YT1NjUHg5SEMxcG82cWcifQ.eyJhdWQiOlsiYXBpIl0sImV4cCI6MTcyMDQzMTIyMCwiaWF0IjoxNzIwNDI3NjIwLCJpc3MiOiJhcGkiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6Imt1YmUtc3lzdGVtIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImFkbWluLXVzZXIiLCJ1aWQiOiIwMjcxZDUyNy0xN2Y3LTRkNmUtYmZiZi1mMDdmZTg4OWY3N2IifX0sIm5iZiI6MTcyMDQyNzYyMCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmFkbWluLXVzZXIifQ.0Xb07oFa6F8iMPqyTJWhj802nisLDUdRyh9W_tV_qAw7wVHGV5mTnqqKoKp13xuDNBDYgayx_0zM7EFn7XouwjvM0S3jUCvz1OkOc0-s-OPGRJF9cGJfm3h-3ssoaMPiXzXf7IWeyBOR1S0QJQQrphE5XDz097zx0-MvnqZQuwSImzJ6DVad4vsUiH-yVi1TN_q_Eqshfos-lyLU-sandVf7Hcl9NGY3f-f59-NurUh4xLkrtNPGffaZ_aGR-nEKdUpm2XlaZzUzy8YxjxVzBwHMRt-UhfRxicoTd3bgVN2wXVMG1HRfj5SAPfJLvIhYuCzkOE6s27ETO0Y2HXBnZg

1.4 使用任意k8s-node节点IP访问dashboard

https://192.168.83.221:30000

2.部署Traefik(在任意k8s-master几点上执行)

2.1 创建ClusterRole资源的角色文件

cat > role.yml << EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-role

rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
EOF

2.2 为traefik创建专用服务帐户

cat > account.yml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-account
EOF

2.3 将traefik的角色与服务账号绑定

cat > role-binding.yml << EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-role-binding

roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-role
subjects:
  - kind: ServiceAccount
    name: traefik-account
    namespace: default
EOF

2.4 创建traefik dashboard文件

cat > traefik.yml << EOF
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
          image: traefik:v3.0
          args:
            - --api.insecure
            - --providers.kubernetesingress
          ports:
            - name: web
              containerPort: 80
            - name: dashboard
              containerPort: 8080
EOF

2.5 创建反向代理文件

cat > traefik-services.yml << EOF
apiVersion: v1
kind: Service
metadata:
  name: traefik-dashboard-service

spec:
  type: LoadBalancer
  ports:
    - port: 8080
      targetPort: dashboard
  selector:
    app: traefik
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-service

spec:
  type: LoadBalancer
  ports:
    - targetPort: web
      port: 80
  selector:
    app: traefik
EOF

2.6 在k8s集群部署traefik

# kubectl apply -f role.yml \
-f account.yml \
-f role-binding.yml \
-f traefik.yml \
-f traefik-services.yml

clusterrole.rbac.authorization.k8s.io/traefik-role created
serviceaccount/traefik-account created
clusterrolebinding.rbac.authorization.k8s.io/traefik-role-binding created
deployment.apps/traefik-deployment created
service/traefik-dashboard-service created
service/traefik-web-service created

2.7 查看部署状况

# kubectl get pod -A -o wide | grep traefik
default                traefik-deployment-8478c7684c-kq7ct                     1/1     Running   0              25m     172.31.0.59      k8s-node01   <none>           <none>

# kubectl get svc -o wide | grep traefik
traefik-dashboard-service   LoadBalancer   10.66.125.39   <pending>     8080:31680/TCP   25m    app=traefik
traefik-web-service         LoadBalancer   10.66.182.2    <pending>     80:30330/TCP     25m    app=traefik

2.8 修改dashboard-service和web-service访问端口

# kubectl edit svc traefik-dashboard-service
### 修改27行为
- nodePort: 30001

# kubectl edit svc traefik-web-service
### 修改27行为
- nodePort: 30002

# kubectl get svc -o wide | grep traefik
traefik-dashboard-service   LoadBalancer   10.66.125.39   <pending>     8080:30001/TCP   25m    app=traefik
traefik-web-service         LoadBalancer   10.66.182.2    <pending>     80:30002/TCP     25m    app=traefik

 2.9.1 使用任意k8s-node节点IP访问traefik dashboard

http://192.168.83.221:30001

2.9.2 创建反向代理测试文件

# cat > whoami.yml << EOF
kind: Deployment
apiVersion: apps/v1
metadata:
  name: whoami
  labels:
    app: whoami

spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - name: web
              containerPort: 80
EOF

# cat > whoami-services.yml << EOF
apiVersion: v1
kind: Service
metadata:
  name: whoami

spec:
  ports:
    - name: web
      port: 80
      targetPort: web

  selector:
    app: whoami
EOF

# cat > whoami-ingress.yml << EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami-ingress
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: whoami
            port:
              name: web
EOF

# kubectl apply -f whoami.yml \
-f whoami-services.yml \
-f whoami-ingress.yml
deployment.apps/whoami created
service/whoami created
ingress.networking.k8s.io/whoami-ingress created

http://{任意k8s-node节点IP}:30002

标签:Kubernetes,kubernetes,--,traefik,38m,service,dashboard,安装,yml
From: https://www.cnblogs.com/cn-jasonho/p/18290275

相关文章

  • 将WSL分发到其他电脑
    有这么一个需求,要在本机的wsl-ubuntu上面安装mysql-server,需要做到与windows下mysql-server一致不区分大小写,有的副本比较容易配置成功,有的比较折腾,所以有了本文的想法,将已经配置好的wsl-ubuntu分发出来,备份到需要的机器上面去mysql>select@@lower_case_table_names;+-------......
  • DevExpress WinForms中文教程 - 如何在Grid控件中集成语义相似性搜索?
    许多用户都知道Microsoft的DanielRoth和SteveSanderson引入的.NET智能组件——AI驱动的UI控件,许多人都喜欢这个控件原因归结为以下几点:由于它的简单性,开发人员可以在本地“驾驭AI”,而无需获得Azure或OpenAIPhD-智能功能使用单个NuGet包即可使用。“智能搜索”是通过本地嵌......
  • 使用react物料
    1.win安装node.js2.安装axios报错,进入到C:\ProgramFiles\nodejs\node_modules\npm目录 成功!安装json-servernpminstalljson-server-g   原文:https://ice.work/docs/guide/about  ......
  • tar 命令详解
    tar命令 [root@linux~]# tar[-cxtzjvfpPN]文件与目录....Usage:tar[OPTION...][FILE]...Examples:    tar-cfarchive.tarfoobar     #Createarchive.tarfromfilesfooandbar.    tar-tvfarchive.tar         ......
  • 【Unity】关于IDisposable / 托管资源和非托管资源
    背景最近在做后台快捷键的功能,当应用不被聚焦时,也需要响应快捷键的输入。于是就用到了Win32API里的系统钩子,系统钩子会用到IntPtr去记录hookID,这些资源都是非托管资源,绕过了C#的内存管理系统。在网上搜索了腾讯云社区里关于GlobalKeyBoardHook的文章[1]后作用IDisposable是一......
  • Oracle数据库使用expdp/impdp导出导入数据
    背景:正式环境数据同步到测试环境,数据库名:MYDB,正式、用户:MYUSER(必须拥有SYS权限)。1、正式环境备份数据库(1)正式服务器上,cmd输入sqlplus,使用MYUSER账户登录(2)创建一个自定义的目录,用于存放导出的数据createdirectoryDATA_OUT_FILEas'E:\app\Administrator\admin\MYDB\my_dir\'......
  • resultful风格Json格式数据
    resultful风格Jsong格式数据1.使用json转换工具2.直接调用转换成json个数的数据显示3.页面通过ajax接受json数据packagecom.wisdragon.utils;importcom.fasterxml.jackson.annotation.JsonInclude.Include;importcom.fasterxml.jackson.core.JsonProcessingException......
  • Java中的类加载器
     类加载器1.什么是类加载器?启动类加载器(BootstrapClassLoader):这是JVM自带的类加载器,负责加载Java的核心类库,如rt.jar等。由于安全原因,启动类加载器加载的类不能被其他类加载器加载的类所引用。扩展类加载器(ExtensionClassLoader):负责加载Java的扩展类库,一般位于$JAVA_H......
  • linux里面的常用命令4
    1.链接文件:暂时理解为快捷方式--link ln-makelinksbetweenfiles -s,--symbolic 创建符号链接(软链接)soft   makesymboliclinksinsteadofhardlinksln-s hunan xiang#hunan为源文件名xiang为链接文件名ln-s guangdong yue#guangdong......
  • 一键发票重复检测,收藏!
    在财务管理和税务申报中,确保发票的唯一性和准确性是至关重要的一环。然而,随着企业业务量的增加,发票数量急剧上升,手动检查发票是否重复变得既耗时又容易出错。为了解决这一难题,票格子推出了高效的发票重复检测功能,帮助企业轻松实现发票管理的自动化与精准化。以下是对该功能......