欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

如何部署kubernetes-dashboard改成http免密登錄

 更新時間:2024年03月02日 10:44:44   作者:chapterchou  
這篇文章主要介紹了如何部署kubernetes-dashboard改成http免密登錄,本文給大家介紹的非常詳細,對大家的學(xué)習(xí)或工作具有一定的參考借鑒價值,需要的朋友參考下吧

原始鏈接地址

https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

修改Service端口

增加80端口,改成http訪問

修改前:

spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

修改后:

spec:
  ports:
    - port: 443
      targetPort: 8443
      name: https
    - port: 80
      targetPort: 9090
      name: http
  selector:
    k8s-app: kubernetes-dashboard

如果想用 ip+端口 的方式訪問,這里需要增加配置,改成 nodeport 的形式,nodePort 改成自己主機空閑的端口,取值范圍在 apiserver--service-node-port-range 參數(shù)里面可以看得到

最終修改如下:

spec:
  ports:
    - port: 443
      targetPort: 8443
      name: https
      nodePort: 32001
    - port: 80
      targetPort: 9090
      name: http
      nodePort: 32002
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard

修改 deployment 內(nèi)容

修改探針檢測

后面要修改 dashboard 的啟動參數(shù),這里不改的話,活性檢測會失敗,導(dǎo)致 pod 會不斷重啟

修改前:

          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443

修改后:

          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 9090

修改鏡像拉取策略

官方 yaml 里面默認(rèn)配置的是 Always

sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' recommended.yaml

修改容器端口

修改前:

          ports:
            - containerPort: 8443
              protocol: TCP

修改后:

          ports:
            - containerPort: 8443
              protocol: TCP
            - containerPort: 9090
              protocol: TCP

關(guān)閉 token 登錄

注釋掉 --auto-generate-certificates 參數(shù)

修改前:

          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port

修改后:

          args:
            # - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port

完整版yaml

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      name: https
      nodePort: 30000
    - port: 80
      targetPort: 9090
      name: http
      nodePort: 30001
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.7.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
            - containerPort: 9090
              protocol: TCP
          args:
            # - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 9090
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.8
          ports:
            - containerPort: 8000
              protocol: TCP
            - containerPort: 9090
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

到此這篇關(guān)于如何部署kubernetes-dashboard改成http免密登錄的文章就介紹到這了,更多相關(guān)kubernetes-dashboard部署內(nèi)容請搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!

相關(guān)文章

  • 看完工資立馬翻3倍?。ǚ浅绦騿T勿看)

    看完工資立馬翻3倍?。ǚ浅绦騿T勿看)

    負(fù)責(zé)粘貼你也可以做到!
    2019-02-02
  • UTC時間、GMT時間、本地時間、Unix時間戳的具體使用

    UTC時間、GMT時間、本地時間、Unix時間戳的具體使用

    本文主要介紹了UTC時間、GMT時間、本地時間、Unix時間戳的具體使用,文中通過示例代碼介紹的非常詳細,具有一定的參考價值,感興趣的小伙伴們可以參考一下
    2021-09-09
  • FFmpeg視頻處理入門教程(新手必看)

    FFmpeg視頻處理入門教程(新手必看)

    本文主要介紹了FFmpeg視頻處理入門教程,它功能強大,用途廣泛,是許多音頻和視頻格式的標(biāo)準(zhǔn)編碼/解碼實現(xiàn),具有一定的參考價值,感興趣的小伙伴們可以參考一下
    2022-01-01
  • 使用roolup構(gòu)建你的lib(實現(xiàn)步驟)

    使用roolup構(gòu)建你的lib(實現(xiàn)步驟)

    大家都知道Rollup更加適合用于構(gòu)建lib 而 Webpack, Precel 更加適合開發(fā)應(yīng)用。本文,將結(jié)合一個簡單的例子說說如何使用Rollup構(gòu)建自己的lib,感興趣的朋友一起看看吧
    2021-08-08
  • Prometheus和NodeExporter安裝監(jiān)控數(shù)據(jù)說明

    Prometheus和NodeExporter安裝監(jiān)控數(shù)據(jù)說明

    這篇文章主要為大家介紹了Prometheus和node?exporter安裝監(jiān)控數(shù)據(jù)說明,有需要的朋友可以借鑒參考下,希望能夠有所幫助,祝大家多多進步,早日升職加薪
    2022-07-07
  • 本地私有化部署DeepSeek模型的詳細教程

    本地私有化部署DeepSeek模型的詳細教程

    DeepSeek 模型是一種強大的語言模型,本地私有化部署可以讓用戶在自己的環(huán)境中安全、高效地使用該模型,避免數(shù)據(jù)傳輸?shù)酵獠繋淼陌踩L(fēng)險,同時也能根據(jù)自身需求進行定制化配置,本教程將詳細介紹如何在本地進行 DeepSeek 模型的私有化部署,需要的朋友可以參考下
    2025-02-02
  • Git基礎(chǔ)之git與SVN版本控制優(yōu)缺點區(qū)別分析

    Git基礎(chǔ)之git與SVN版本控制優(yōu)缺點區(qū)別分析

    這篇文章主要為大家介紹了Git基礎(chǔ)之git與SVN優(yōu)缺點及區(qū)別分析,有需要的朋友可以借鑒參考下,希望能夠有所幫助,祝大家多多進步,早日升職加薪
    2022-04-04
  • matlab畫三維圖像的示例代碼(附demo)

    matlab畫三維圖像的示例代碼(附demo)

    這篇文章主要介紹了matlab畫三維圖像的示例代碼(附demo),文中通過示例代碼介紹的非常詳細,對大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價值,需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧
    2019-12-12
  • Mac下更換Homebrew鏡像源的實現(xiàn)方法

    Mac下更換Homebrew鏡像源的實現(xiàn)方法

    本文主要介紹了Mac下更換Homebrew鏡像源的實現(xiàn)方法,文中通過示例代碼介紹的非常詳細,需要的朋友們下面隨著小編來一起學(xué)習(xí)學(xué)習(xí)吧
    2021-07-07
  • 最新IDEA永久激活教程(支持最新2019.2版本)

    最新IDEA永久激活教程(支持最新2019.2版本)

    這篇文章主要介紹了最新IDEA永久激活教程,此教程已支持最新2019.2版本,適用Windows、Mac、Ubuntu等所有平臺,非常不錯,具有一定的參考借鑒價值,需要的朋友可以參考下
    2020-05-05

最新評論