kubernetes 部署 kuboard

  运维

rbac

apiVersion: v1
kind: ServiceAccount
metadata:
  name: kuboard-user
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kuboard-user
  namespace: kube-system

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kuboard-viewer
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
- kind: ServiceAccount
  name: kuboard-viewer
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-viewer-node
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:node
subjects:
- kind: ServiceAccount
  name: kuboard-viewer
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-viewer-pvp
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:persistent-volume-provisioner
subjects:
- kind: ServiceAccount
  name: kuboard-viewer
  namespace: kube-system

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuboard
  namespace: kube-system
  annotations:
    k8s.eip.work/displayName: kuboard
    k8s.eip.work/ingress: "true"
    k8s.eip.work/service: NodePort
    k8s.eip.work/workload: kuboard
  labels:
    k8s.eip.work/layer: monitor
    k8s.eip.work/name: kuboard
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s.eip.work/layer: monitor
      k8s.eip.work/name: kuboard
  template:
    metadata:
      labels:
        k8s.eip.work/layer: monitor
        k8s.eip.work/name: kuboard
    spec:
      containers:
      - name: kuboard
        #image: eipwork/kuboard:latest
        image: registry.cn-hangzhou.aliyuncs.com/sre_pub/kuboard:latest
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

svc

apiVersion: v1
kind: Service
metadata:
  name: kuboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    targetPort: 80
    nodePort: 30009
  selector:
    k8s.eip.work/layer: monitor
    k8s.eip.work/name: kuboard

Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kuboard
  namespace: kube-system
  annotations:
    nginx.org/websocket-services: "nginx"
    nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
spec:
  rules:
  - host: kuboard.test
    http:
      paths:
      - path: /
        backend:
          serviceName: kuboard
          servicePort: http

token

[root@master01 kuboard]# kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d

eyJhbGciOiJSUzI1NiIsImtpZCI6Inp5V21aTzJkM0djaV9zazJYc2xYY1BYT3daVWo4Qll1VUY0d2paQzVoNzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJvYXJkLXVzZXItdG9rZW4tZDg0Z3IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoia3Vib2FyZC11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMWM0ZWE5NzgtNDEwMC00ZmQ0LTg2YjEtYWQyNzBkNzM4MTE5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmt1Ym9hcmQtdXNlciJ9.dG_NtOVsCMO0z6GhtBEeQd57Pj7dYtlSw6_gnjzVBcnrg0XtPQCsJ77_0EtKT8Hv5vTr2DsMBwW7XM8RHrCdMNuAvVJ49CNT9y0YUIaC6lXfcXZFtcTIkHw8n9SKFfSXPIJY28DPcTFyIIyUM1_GwPwmb0kquVV3pfXL7kXCJmo6D5HZ3hYxUJ4-bRJKLGOLX1yFW96PQE2Ybf00d80wtDwS7SWLcvU835F7otj7udTajxStc1eSw0IEFj7lNPuHDz77U-uKXxwx9GhQtIPv_B6RqiJFuXRxyhaIT_TggLz3yMPvt9CknNdveZBv3wJWZ9gX-gckLUCRgHghqNE2X1Q

kbd.png

LEAVE A COMMENT

Captcha Code