当前位置： 首页 > news >正文

网站绩效营销,罗湖商城网站建设找哪家公司比较安全,一个服务器可以做几个网站,互联网创业项目方案k8s部署官方提供了kind、minikube、kubeadmin等多种安装方式。 其中minikube安装在之前的文章中已经介绍过#xff0c;部署比较简单。下面介绍通过kubeadmin部署k8s集群。 生产中提供了多种高可用方案#xff1a;
k8s官方文档 本文安装的是1.28.0版本。 建议去认真阅读一下…k8s部署官方提供了kind、minikube、kubeadmin等多种安装方式。 其中minikube安装在之前的文章中已经介绍过部署比较简单。下面介绍通过kubeadmin部署k8s集群。 生产中提供了多种高可用方案
k8s官方文档 本文安装的是1.28.0版本。 建议去认真阅读一下官方文档下面的操作基本是出自官方文档。 1、环境准备 三台centos7虚拟机:2核4G官网最低要求2核2G 内核版本 uname -r角色ip主机名master192.168.213.9k8s-kubeadmin-1node1192.168.213.10k8s-kubeadmin-2node2192.168.213.11k8s-kubeadmin-3 在三台虚拟机中修改hosts文件 确保可以通过主机名ping通对方。 修改主机名 查看 hostname修改 sudo hostnamectl set-hostname k8s-kubeadmin-12、安装 2.1、所有节点操作关闭防火墙 关闭防火墙免得要配置开放端口不想关闭也行不怕麻烦的话可以参考我之前的博客去设置开放防火墙端口。 systemctl stop firewalld #停止防火墙 systemctl disable firewalld #设置开机不启动2.2、所有节点操作禁用selinux

将 SELinux 设置为 permissive 模式相当于将其禁用

sudo setenforce 0 sudo sed -i s/^SELINUXenforcing\(/SELINUXpermissive/ /etc/selinux/config或者设置为SELINUXdisabled 2.3、所有节点操作关闭swap分区 #永久禁用swap,删除或注释掉/etc/fstab里的swap设备的挂载命令即可 nano /etc/fstab #/dev/mapper/centos-swap swap swap defaults 0 0重启 reboot2.4、所有节点操作设置同步时间 yum -y install ntp systemctl start ntpd systemctl enable ntpd2.5、所有节点操作开启bridge-nf-call-iptalbes 在Kubernetes环境中iptables和IPVS都用于实现网络流量转发和负载均衡但它们在实现方式和功能上有一些区别。 iptables是Linux系统内置的一个工具可以对流量进行过滤和转发支持NAT等网络功能。在Kubernetes中iptables主要用于实现Service的ClusterIP和NodePort类型。当Service为ClusterIP类型时iptables会在节点上为每个Service IP添加一条规则将流量转发到后端Pod的IP上。当Service为NodePort类型时iptables会在每个节点上添加一条规则将流量从宿主机的NodePort转发到Service IP上。 相比之下IPVSIP Virtual Server是一个基于Linux内核实现的高性能负载均衡工具可以在内核态对流量进行处理支持多种负载均衡算法并能够进行会话保持。在Kubernetes中IPVS可以用于实现Service的负载均衡相比于iptablesIPVS具有更高的性能和更多的负载均衡算法选择可以更好地应对高流量和高并发的场景。IPVS代理使用iptables做数据包过滤、SNAT或伪装。 总结来说iptables和IPVS在Kubernetes中都用于实现网络流量的转发和负载均衡。iptables更适用于实现基于Service的负载均衡而IPVS则更适合于高性能、高并发的场景。在实际使用中可以根据需求选择合适的工具。 执行以下指令 cat EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOFsudo modprobe overlay sudo modprobe br_netfilter# 设置所需的 sysctl 参数参数在重新启动后保持不变 cat EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables 1 net.bridge.bridge-nf-call-ip6tables 1 net.ipv4.ip_forward 1 EOF# 应用 sysctl 参数而不重新启动 sudo sysctl --system通过运行以下指令确认 br_netfilter 和 overlay 模块被加载lsmod | grep br_netfilter lsmod | grep overlay通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1 sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward[rootk8s-kubeadmin-1 /]# sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward net.bridge.bridge-nf-call-iptables 1 net.bridge.bridge-nf-call-ip6tables 1 net.ipv4.ip_forward 12.6、所有节点操作安装容器运行时containerd 安装containerd yum install -y yum-utils yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum -y install containerd.io生成config.toml配置 containerd config default /etc/containerd/config.toml配置 systemd cgroup 驱动 在 /etc/containerd/config.toml 中设置 sed -i s/SystemdCgroup false/SystemdCgroup true/g /etc/containerd/config.toml启动containerd 、开机自启动 systemctl restart containerd systemctl enable containerd2.7、所有节点操作k8s配置阿里云yum源 官网中配置的是国外的yum地址速度较慢或者由于某些因素所有配置为阿里云的yum源。 cat EOF /etc/yum.repos.d/kubernetes.repo [kubernetes] name Kubernetes baseurl https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled 1 gpgcheck 0 repo_gpgcheck 0 gpgkey https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF[rootk8s-kubeadmin-1 ~]# cd /etc/yum.repos.d [rootk8s-kubeadmin-1 yum.repos.d]# ll total 48 -rw-r--r--. 1 root root 1664 Nov 23 2020 CentOS-Base.repo -rw-r--r--. 1 root root 1309 Nov 23 2020 CentOS-CR.repo -rw-r--r--. 1 root root 649 Nov 23 2020 CentOS-Debuginfo.repo -rw-r--r--. 1 root root 314 Nov 23 2020 CentOS-fasttrack.repo -rw-r--r--. 1 root root 630 Nov 23 2020 CentOS-Media.repo -rw-r--r--. 1 root root 1331 Nov 23 2020 CentOS-Sources.repo -rw-r--r--. 1 root root 8515 Nov 23 2020 CentOS-Vault.repo -rw-r--r--. 1 root root 616 Nov 23 2020 CentOS-x86_64-kernel.repo -rw-r--r--. 1 root root 1919 Nov 21 03:56 docker-ce.repo -rw-r--r-- 1 root root 287 Nov 29 00:54 kubernetes.repo [rootk8s-kubeadmin-1 yum.repos.d]#安装docker sudo yum install -y yum-utilssudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.reposudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin启动 sudo systemctl start docker 开机启动 systemctl enable docker配置阿里云镜像加速 可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json -EOF {registry-mirrors: [https://e6sj15e9.mirror.aliyuncs.com] } EOF sudo systemctl daemon-reload sudo systemctl restart docker2.8、所有节点操作yum安装kubeadm、kubelet、kubectl 这是官网的安装 删除历史安装历史曾经安装过的可以执行卸载重新安装。 yum -y remove kubelet kubeadm kubectl访问查看阿里云上面的安装包详情 https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64看到1.28.0版本比较新的2023-08-16更新的选用这个。安装时加上版本号 yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0 --disableexcludeskubernetes systemctl enable kubelet2.9、查看所需的镜像 需要准备镜像。 可以进行自定义镜像等操作。我采用的的查询阿里加速镜像器中存在的然后修改标签为它需要的。 kubeadm config images list[rootk8s-kubeadmin-1 yum.repos.d]# kubeadm config images list registry.k8s.io/kube-apiserver:v1.28.4 registry.k8s.io/kube-controller-manager:v1.28.4 registry.k8s.io/kube-scheduler:v1.28.4 registry.k8s.io/kube-proxy:v1.28.4 registry.k8s.io/pause:3.9 registry.k8s.io/etcd:3.5.9-0 registry.k8s.io/coredns/coredns:v1.10.1这些依赖镜像是阿里云镜像中没有的。 [rootk8s-kubeadmin-1 yum.repos.d]# docker search registry.k8s.io/kube-apiserver:v1.28.4 Error response from daemon: Unexpected status code 404所以下面的kubeadmin init命令很可能是成功不了的。 需要拉去阿里云上面的镜像下来然后tag修改为它需求的镜像标签。 docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.0 registry.k8s.io/kube-apiserver:v1.28.4 docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.0 registry.k8s.io/kube-controller-manager:v1.28.4 docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.0 registry.k8s.io/kube-scheduler:v1.28.4 docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.28.0 registry.k8s.io/kube-proxy:v1.28.4 docker tag registry.aliyuncs.com/google_containers/etcd:3.5.9-0 registry.k8s.io/etcd:3.5.9-0 docker tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1 docker tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.6[rootk8s-kubeadmin-1 yum.repos.d]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE flannel/flannel v0.22.3 e23f7ca36333 2 months ago 70.2MB registry.aliyuncs.com/google_containers/kube-apiserver v1.28.0 bb5e0dde9054 3 months ago 126MB registry.k8s.io/kube-apiserver v1.28.4 bb5e0dde9054 3 months ago 126MB registry.aliyuncs.com/google_containers/kube-scheduler v1.28.0 f6f496300a2a 3 months ago 60.1MB registry.k8s.io/kube-scheduler v1.28.4 f6f496300a2a 3 months ago 60.1MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.28.0 4be79c38a4ba 3 months ago 122MB registry.k8s.io/kube-controller-manager v1.28.4 4be79c38a4ba 3 months ago 122MB registry.aliyuncs.com/google_containers/kube-proxy v1.28.0 ea1030da44aa 3 months ago 73.1MB registry.k8s.io/kube-proxy v1.28.4 ea1030da44aa 3 months ago 73.1MB flannel/flannel-cni-plugin v1.2.0 a55d1bad692b 4 months ago 8.04MB registry.aliyuncs.com/google_containers/etcd 3.5.9-0 73deb9a3f702 6 months ago 294MB registry.k8s.io/etcd 3.5.9-0 73deb9a3f702 6 months ago 294MB registry.k8s.io/coredns/coredns v1.10.1 ead0a4a53df8 9 months ago 53.6MB registry.aliyuncs.com/google_containers/coredns v1.10.1 ead0a4a53df8 9 months ago 53.6MB registry.aliyuncs.com/google_containers/pause 3.9 e6f181688397 13 months ago 744kB registry.k8s.io/pause 3.6 e6f181688397 13 months ago 744kB registry.k8s.io/pause 3.9 e6f181688397 13 months ago 744kB kubernetesui/dashboard latest 07655ddf2eeb 14 months ago 246MB kubernetesui/dashboard v2.7.0 07655ddf2eeb 14 months ago 246MB kubernetesui/metrics-scraper latest 421615ce8dbd 2 years ago 34.4MB kubernetesui/metrics-scraper v1.0.8 421615ce8dbd 2 years ago 34.4MB registry.aliyuncs.com/google_containers/kube-proxy v1.17.4 6dec7cfde1e5 3 years ago 116MB registry.aliyuncs.com/google_containers/kube-apiserver v1.17.4 2e1ba57fe95a 3 years ago 171MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.17.4 7f997fcf3e94 3 years ago 161MB registry.aliyuncs.com/google_containers/kube-scheduler v1.17.4 5db16c1c7aff 3 years ago 94.4MB registry.aliyuncs.com/google_containers/coredns 1.6.5 70f311871ae1 4 years ago 41.6MB registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 4 years ago 288MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 5 years ago 742kB kubernetes/pause latest f9d5de079539 9 years ago 240kB2.9、k8s-kubeadmin-1节点执行安装master kubeadm init \ --apiserver-advertise-address192.168.213.9 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.28.0 \ --service-cidr10.96.0.0/12 \ --pod-network-cidr10.244.0.0/16 \ --cri-socketunix:///var/run/cri-dockerd.sock \ --v5 由于上面容器运行时安装了containerd和Docker Engine使用 cri-dockerd所以需要指定cri-socket参数。 安装的过程中要是出错了重新安装需要重置 kubeadm 安装的状态 kubeadm reset --cri-socketunix:///var/run/cri-dockerd.sock重置过程不会重置或清除 iptables 规则或 IPVS 表。如果希望重置 iptables则必须手动进行 iptables -F iptables -t nat -F iptables -t mangle -F iptables -X如果要重置 IPVS 表则必须运行以下命令 ipvsadm -Cour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p \)HOME/.kubesudo cp -i /etc/kubernetes/admin.conf \(HOME/.kube/configsudo chown \)(id -u):\((id -g) \)HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster. Run kubectl apply -f [podnetwork].yaml with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.213.9:6443 –token askdfkjsdfkljkldffj--discovery-token-ca-cert-hash sha256:kjlksjdfkasdkjflksdfljdfkdf然后根据提示操作 要使非 root 用户可以运行 kubectl请运行以下命令 它们也是 kubeadm init 输出的一部分 mkdir -p \(HOME/.kube sudo cp -i /etc/kubernetes/admin.conf \)HOME/.kube/config sudo chown \((id -u):\)(id -g) $HOME/.kube/config或者如果你是 root 用户则可以运行 export KUBECONFIG/etc/kubernetes/admin.conf这时执行 kubectl get node[rootk8s-kubeadmin-1 yum.repos.d]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-kubeadmin-1 NoReady control-plane 4h31m v1.28.0子节点加入k8s-kubeadmin-1节点 格式 kubeadm join –token token control-plane-host:control-plane-port –discovery-token-ca-cert-hash sha256:hashkubeadm join 192.168.213.9:6443 –token s5inwf.17rdxvhjalwyzj92 --discovery-token-ca-cert-hash sha256:ce85d2ceaea7311ac3e58ee355d34ee9235702e3415d43b84f78da682210ee09 --cri-socketunix:///var/run/cri-dockerd.sock –v5有可能token过期了 k8s-kubeadmin-1执行创建token: kubeadm token create会输出 5didvk.d09sbcov8ph2amjw如果你没有 –discovery-token-ca-cert-hash 的值则可以通过在控制平面节点上执行以下命令链来获取它 openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2/dev/null | \openssl dgst -sha256 -hex | sed s/^.* //输出类似于以下内容 8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78再执行 kubectl get node[rootk8s-kubeadmin-1 yum.repos.d]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-kubeadmin-1 NoReady control-plane 4h31m v1.28.0 k8s-kubeadmin-2 NoReady none 4h7m v1.28.0 k8s-kubeadmin-3 NoReady none 4h7m v1.28.0需要安装 Pod 网络附加组件 3.0、k8s-kubeadmin-1节点执行安装 Pod 网络附加组件-容器网络接口 (CNI) 下载安装 wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz mkdir -pv /opt/cni/bin tar zxvf cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml再次执行kubectl get node [rootk8s-kubeadmin-1 yum.repos.d]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-kubeadmin-1 Ready control-plane 4h31m v1.28.0 k8s-kubeadmin-2 Ready none 4h7m v1.28.0 k8s-kubeadmin-3 Ready none 4h7m v1.28.0查看命名空间kube-system的pod的状态 [rootk8s-kubeadmin-1 yum.repos.d]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-66f779496c-9tqbt ¹⁄₁ Running 0 4h42m coredns-66f779496c-wzvts ¹⁄₁ Running 0 4h42m dashboard-metrics-scraper-5657497c4c-v2dn4 ¹⁄₁ Running 0 3h etcd-k8s-kubeadmin-1 ¹⁄₁ Running 0 4h42m kube-apiserver-k8s-kubeadmin-1 ¹⁄₁ Running 0 4h42m kube-controller-manager-k8s-kubeadmin-1 ¹⁄₁ Running 0 4h42m kube-proxy-bwksp ¹⁄₁ Running 0 4h19m kube-proxy-gdd49 ¹⁄₁ Running 0 4h42m kube-proxy-svj87 ¹⁄₁ Running 0 4h18m kube-scheduler-k8s-kubeadmin-1 ¹⁄₁ Running 0 4h42m kubernetes-dashboard-76f4b5bc7d-gjm79 0/1 CrashLoopBackOff 26 (4m14s ago) 124m3.1 、安装kubernetes-dashboard 拉取kubernetes-dashboard资源配置清单yaml文件 kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml没有其他手段看外面的世界的话可能会比较慢或者拉取失败下面是我拉取下来的文件可以复制使用: 其中用到的两个镜像kubernetesui/dashboard:v2.7.0、kubernetesui/metrics-scraper:v1.0.8阿里云镜像加速器上面没有。可以查找加速器上面有的然后通过tag方式修改为它需要的。 在三个机器上都拉取配置。 下面的文件需要修改几个地方; kind: Service apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard spec:ports:- port: 443targetPort: 8443name: https # 源文件没有namenodePort: 32001 # 源文件没有nodePorttype: NodePort # 源文件没有nodePortselector:k8s-app: kubernetes-dashboard源文件

Copyright 2017 The Kubernetes Authors.

#

Licensed under the Apache License, Version 2.0 (the License);

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

#

http://www.apache.org/licenses/LICENSE-2.0

#

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an AS IS BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.apiVersion: v1

kind: Namespace metadata:name: kubernetes-dashboard—apiVersion: v1 kind: ServiceAccount metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard—kind: Service apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard—apiVersion: v1 kind: Secret metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard type: Opaque—apiVersion: v1 kind: Secret metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard type: Opaque data:csrf: —apiVersion: v1 kind: Secret metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard type: Opaque—kind: ConfigMap apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard—kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: []resources: [secrets]resourceNames: [kubernetes-dashboard-key-holder, kubernetes-dashboard-certs, kubernetes-dashboard-csrf]verbs: [get, update, delete]# Allow Dashboard to get and update kubernetes-dashboard-settings config map.- apiGroups: []resources: [configmaps]resourceNames: [kubernetes-dashboard-settings]verbs: [get, update]# Allow Dashboard to get metrics.- apiGroups: []resources: [services]resourceNames: [heapster, dashboard-metrics-scraper]verbs: [proxy]- apiGroups: []resources: [services/proxy]resourceNames: [heapster, http:heapster:, https:heapster:, dashboard-metrics-scraper, http:dashboard-metrics-scraper]verbs: [get]—kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: [metrics.k8s.io]resources: [pods, nodes]verbs: [get, list, watch]—apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard—apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: kubernetes-dashboard roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard—kind: Deployment apiVersion: apps/v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:securityContext:seccompProfile:type: RuntimeDefaultcontainers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.7.0imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- –auto-generate-certificates- –namespacekubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - –apiserver-hosthttp://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:kubernetes.io/os: linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule—kind: Service apiVersion: v1 metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper—kind: Deployment apiVersion: apps/v1 metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperspec:securityContext:seccompProfile:type: RuntimeDefaultcontainers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.8ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:kubernetes.io/os: linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}部署 kubectl apply -f [你的本地路径]/recommended.yaml本地创建dashboard-adminuser.yaml apiVersion: v1 kind: ServiceAccount

metadata:name: admin-usernamespace: kubernetes-dashboard

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: admin-user roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin subjects:

• kind: ServiceAccountname: admin-usernamespace: kubernetes-dashboardkubectl apply -f [你的文件路径]/dashboard-adminuser.yaml kubectl -n kubernetes-dashboard create token admin-user保存输出的token后面登录使用。 获取所有的命名空间下的pod [rootk8s-kubeadmin-1 yum.repos.d]# kubectl get pods –all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-flannel kube-flannel-ds-5r52b ¹⁄₁ Running 0 4h35m kube-flannel kube-flannel-ds-9jvk4 ¹⁄₁ Running 0 4h35m kube-flannel kube-flannel-ds-jbc85 ¹⁄₁ Running 0 4h35m kube-system coredns-66f779496c-9tqbt ¹⁄₁ Running 0 5h8m kube-system coredns-66f779496c-wzvts ¹⁄₁ Running 0 5h8m kube-system dashboard-metrics-scraper-5657497c4c-v2dn4 ¹⁄₁ Running 0 3h27m kube-system etcd-k8s-kubeadmin-1 ¹⁄₁ Running 0 5h9m kube-system kube-apiserver-k8s-kubeadmin-1 ¹⁄₁ Running 0 5h9m kube-system kube-controller-manager-k8s-kubeadmin-1 ¹⁄₁ Running 0 5h9m kube-system kube-proxy-bwksp ¹⁄₁ Running 0 4h45m kube-system kube-proxy-gdd49 ¹⁄₁ Running 0 5h8m kube-system kube-proxy-svj87 ¹⁄₁ Running 0 4h45m kube-system kube-scheduler-k8s-kubeadmin-1 ¹⁄₁ Running 0 5h9m kube-system kubernetes-dashboard-76f4b5bc7d-gjm79 0/1 CrashLoopBackOff 30 (7m54s ago) 150m kubernetes-dashboard dashboard-metrics-scraper-5657497c4c-mk9hk ¹⁄₁ Running 0 4h28m kubernetes-dashboard kubernetes-dashboard-78f87ddfc-v6l57 ¹⁄₁ Running 0 4h28m 查看所有的命名空间下的服务NodePort发布出去型 kubectl get svc –all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.96.0.1 none 443/TCP 5h10m kube-system kube-dns ClusterIP 10.96.0.10 none 53/UDP,53/TCP,9153/TCP 5h10m kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.109.201.223 none 8000/TCP 160m kubernetes-dashboard kubernetes-dashboard NodePort 10.105.61.238 none 443:32001/TCP 157mkubernetes-dashboard被部署到了k8s-kubeadmin-2节点。
  访问https://k8s-kubeadmin-2:32001/