1.部署Dashboard
1.1 在任意k8s-master节点上安装dashboard
# helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Mon Jul 8 16:16:08 2024
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************Congratulations! You have just installed Kubernetes Dashboard in your cluster.To access Dashboard run:kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443NOTE: In case port-forward command does not work, make sure that kong service name is correct.Check the services in Kubernetes Dashboard namespace using:kubectl -n kubernetes-dashboard get svcDashboard will be available at:https://localhost:84431.2 更改dashboard的svc为NodePort
# kubectl edit svc kubernetes-dashboard-kong-proxy -n kubernetes-dashboard
###第34行
nodePort:
修改为nodePort:30000
###第43行
type: ClusterIP
修改为type: NodePort# kubectl get serviceAccount,svc,deploy,pod -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/default 0 3h2m
serviceaccount/kubernetes-dashboard-api 0 38m
serviceaccount/kubernetes-dashboard-kong 0 38m
serviceaccount/kubernetes-dashboard-metrics-scraper 0 38m
serviceaccount/kubernetes-dashboard-web 0 38mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard-api ClusterIP 10.66.213.106 <none> 8000/TCP 38m
service/kubernetes-dashboard-auth ClusterIP 10.66.242.177 <none> 8000/TCP 38m
service/kubernetes-dashboard-kong-manager NodePort 10.66.97.228 <none> 8002:31851/TCP,8445:32487/TCP 38m
service/kubernetes-dashboard-kong-proxy NodePort 10.66.156.15 <none> 443:30000/TCP 38m
service/kubernetes-dashboard-metrics-scraper ClusterIP 10.66.179.209 <none> 8000/TCP 38m
service/kubernetes-dashboard-web ClusterIP 10.66.252.176 <none> 8000/TCP 38mNAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/kubernetes-dashboard-api 1/1 1 1 38m
deployment.apps/kubernetes-dashboard-auth 1/1 1 1 38m
deployment.apps/kubernetes-dashboard-kong 1/1 1 1 38m
deployment.apps/kubernetes-dashboard-metrics-scraper 1/1 1 1 38m
deployment.apps/kubernetes-dashboard-web 1/1 1 1 38mNAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-api-6dbd5dc685-n6vl2 1/1 Running 0 38m
pod/kubernetes-dashboard-auth-7f697c4d47-5gzlg 1/1 Running 0 38m
pod/kubernetes-dashboard-kong-75bb76dd5f-kz9x5 1/1 Running 0 38m
pod/kubernetes-dashboard-metrics-scraper-555758b9bf-ppxrc 1/1 Running 0 38m
pod/kubernetes-dashboard-web-846f5f49b-5xwgf 1/1 Running 0 38m1.3 创建token
cat > dashboard-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:name: admin-usernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: admin-user
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: admin-usernamespace: kube-system
EOF# kubectl apply -f dashboard-user.yaml# kubectl create token admin-user -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6IlNEUC1RVDNMRWU0RElRWFZ3MDBkRFhpazVyOE9YT1NjUHg5SEMxcG82cWcifQ.eyJhdWQiOlsiYXBpIl0sImV4cCI6MTcyMDQzMTIyMCwiaWF0IjoxNzIwNDI3NjIwLCJpc3MiOiJhcGkiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6Imt1YmUtc3lzdGVtIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6ImFkbWluLXVzZXIiLCJ1aWQiOiIwMjcxZDUyNy0xN2Y3LTRkNmUtYmZiZi1mMDdmZTg4OWY3N2IifX0sIm5iZiI6MTcyMDQyNzYyMCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmFkbWluLXVzZXIifQ.0Xb07oFa6F8iMPqyTJWhj802nisLDUdRyh9W_tV_qAw7wVHGV5mTnqqKoKp13xuDNBDYgayx_0zM7EFn7XouwjvM0S3jUCvz1OkOc0-s-OPGRJF9cGJfm3h-3ssoaMPiXzXf7IWeyBOR1S0QJQQrphE5XDz097zx0-MvnqZQuwSImzJ6DVad4vsUiH-yVi1TN_q_Eqshfos-lyLU-sandVf7Hcl9NGY3f-f59-NurUh4xLkrtNPGffaZ_aGR-nEKdUpm2XlaZzUzy8YxjxVzBwHMRt-UhfRxicoTd3bgVN2wXVMG1HRfj5SAPfJLvIhYuCzkOE6s27ETO0Y2HXBnZg1.4 使用任意k8s-node节点IP访问dashboard
https://192.168.83.221:30000
2.部署Traefik(在任意k8s-master几点上执行)
2.1 创建ClusterRole资源的角色文件
cat > role.yml << EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: traefik-rolerules:- apiGroups:- ""resources:- services- endpoints- secretsverbs:- get- list- watch- apiGroups:- extensions- networking.k8s.ioresources:- ingresses- ingressclassesverbs:- get- list- watch- apiGroups:- extensions- networking.k8s.ioresources:- ingresses/statusverbs:- update
EOF2.2 为traefik创建专用服务帐户
cat > account.yml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:name: traefik-account
EOF2.3 将traefik的角色与服务账号绑定
cat > role-binding.yml << EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: traefik-role-bindingroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: traefik-role
subjects:- kind: ServiceAccountname: traefik-accountnamespace: default
EOF2.4 创建traefik dashboard文件
cat > traefik.yml << EOF
kind: Deployment
apiVersion: apps/v1
metadata:name: traefik-deploymentlabels:app: traefikspec:replicas: 1selector:matchLabels:app: traefiktemplate:metadata:labels:app: traefikspec:serviceAccountName: traefik-accountcontainers:- name: traefikimage: traefik:v3.0args:- --api.insecure- --providers.kubernetesingressports:- name: webcontainerPort: 80- name: dashboardcontainerPort: 8080
EOF2.5 创建反向代理文件
cat > traefik-services.yml << EOF
apiVersion: v1
kind: Service
metadata:name: traefik-dashboard-servicespec:type: LoadBalancerports:- port: 8080targetPort: dashboardselector:app: traefik
---
apiVersion: v1
kind: Service
metadata:name: traefik-web-servicespec:type: LoadBalancerports:- targetPort: webport: 80selector:app: traefik
EOF2.6 在k8s集群部署traefik
# kubectl apply -f role.yml \
-f account.yml \
-f role-binding.yml \
-f traefik.yml \
-f traefik-services.ymlclusterrole.rbac.authorization.k8s.io/traefik-role created
serviceaccount/traefik-account created
clusterrolebinding.rbac.authorization.k8s.io/traefik-role-binding created
deployment.apps/traefik-deployment created
service/traefik-dashboard-service created
service/traefik-web-service created2.7 查看部署状况
# kubectl get pod -A -o wide | grep traefik
default traefik-deployment-8478c7684c-kq7ct 1/1 Running 0 25m 172.31.0.59 k8s-node01 <none> <none># kubectl get svc -o wide | grep traefik
traefik-dashboard-service LoadBalancer 10.66.125.39 <pending> 8080:31680/TCP 25m app=traefik
traefik-web-service LoadBalancer 10.66.182.2 <pending> 80:30330/TCP 25m app=traefik2.8 修改dashboard-service和web-service访问端口
# kubectl edit svc traefik-dashboard-service
### 修改27行为
- nodePort: 30001# kubectl edit svc traefik-web-service
### 修改27行为
- nodePort: 30002# kubectl get svc -o wide | grep traefik
traefik-dashboard-service LoadBalancer 10.66.125.39 <pending> 8080:30001/TCP 25m app=traefik
traefik-web-service LoadBalancer 10.66.182.2 <pending> 80:30002/TCP 25m app=traefik2.9 使用任意k8s-node节点IP访问traefik dashboard
http://192.168.83.221:30001
