搭建kuboard-v3并配置使用ldap登录

官方文档：https://www.kuboard.cn/install/v3/install-in-k8s.html

1. namespace.yaml

点击查看代码

apiVersion: v1
kind: Namespace
metadata:name: kuboard

2. configMap.yaml

点击查看代码

apiVersion: v1
kind: ConfigMap
metadata:name: kuboard-v3-confignamespace: kuboard
data:# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-built-in.html# [common]KUBOARD_ENDPOINT: 'http://172.17.14.11:30080'KUBOARD_AGENT_SERVER_UDP_PORT: '30081'KUBOARD_AGENT_SERVER_TCP_PORT: '30081'KUBOARD_SERVER_LOGRUS_LEVEL: info  # error / debug / trace# KUBOARD_AGENT_KEY 是 Agent 与 Kuboard 通信时的密钥，请修改为一个任意的包含字母、数字的32位字符串，此密钥变更后，需要删除 Kuboard Agent 重新导入。KUBOARD_AGENT_KEY: 32b7d6572c6255211b4eec9009e4a816# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-gitlab.html# [gitlab login]# KUBOARD_LOGIN_TYPE: "gitlab"# KUBOARD_ROOT_USER: "your-user-name-in-gitlab"# GITLAB_BASE_URL: "http://gitlab.mycompany.com"# GITLAB_APPLICATION_ID: "7c10882aa46810a0402d17c66103894ac5e43d6130b81c17f7f2d8ae182040b5"# GITLAB_CLIENT_SECRET: "77c149bd3a4b6870bffa1a1afaf37cba28a1817f4cf518699065f5a8fe958889"# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-github.html# [github login]# KUBOARD_LOGIN_TYPE: "github"# KUBOARD_ROOT_USER: "your-user-name-in-github"# GITHUB_CLIENT_ID: "17577d45e4de7dad88e0"# GITHUB_CLIENT_SECRET: "ff738553a8c7e9ad39569c8d02c1d85ec19115a7"# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-ldap.html# [ldap login]KUBOARD_LOGIN_TYPE: "ldap"KUBOARD_ROOT_USER: "xxx@it.cn"LDAP_HOST: "pandas.xxx.it.cn:389"LDAP_BIND_DN: "cn=readonly,dc=xxx,dc=cn"LDAP_BIND_PASSWORD: "123456"LDAP_BASE_DN: "ou=People,dc=xxx,dc=cn"LDAP_FILTER: "(&(objectClass=itcastPerson)(isDeleted=false)(status=1)(isEnabled=true))"LDAP_ID_ATTRIBUTE: "userName"LDAP_USER_NAME_ATTRIBUTE: "userName"LDAP_EMAIL_ATTRIBUTE: "email"LDAP_DISPLAY_NAME_ATTRIBUTE: "cn"# 组设置LDAP_GROUP_SEARCH_BASE_DN: "name=Department,dc=xxx,dc=cn"LDAP_GROUP_SEARCH_FILTER: "(&(objectClass=itcastDepartment)(isDeleted=false)(status=1)(isEnabled=true))"LDAP_USER_MACHER_USER_ATTRIBUTE: "departmentId"LDAP_USER_MACHER_GROUP_ATTRIBUTE: "id"LDAP_GROUP_NAME_ATTRIBUTE: "name"

3. statefulset.yaml

点击查看代码

apiVersion: apps/v1
kind: StatefulSet
metadata:name: kuboard-etcdnamespace: kuboardlabels:app: kuboard-etcd
spec:serviceName: kuboard-etcdreplicas: 3selector:matchLabels:app: kuboard-etcdtemplate:metadata:name: kuboard-etcdlabels:app: kuboard-etcdspec:containers:- name: kuboard-etcdimage: swr.cn-east-2.myhuaweicloud.com/kuboard/etcd:v3.4.14ports:- containerPort: 2379name: client- containerPort: 2380name: peerenv:- name: KUBOARD_ETCD_ENDPOINTSvalue: >-kuboard-etcd-0.kuboard-etcd:2379,kuboard-etcd-1.kuboard-etcd:2379,kuboard-etcd-2.kuboard-etcd:2379volumeMounts:- name: datamountPath: /datacommand:- /bin/sh- -c- |PEERS="kuboard-etcd-0=http://kuboard-etcd-0.kuboard-etcd:2380,kuboard-etcd-1=http://kuboard-etcd-1.kuboard-etcd:2380,kuboard-etcd-2=http://kuboard-etcd-2.kuboard-etcd:2380"exec etcd --name {HOSTNAME} \--listen-peer-urls http://0.0.0.0:2380 \--listen-client-urls http://0.0.0.0:2379 \--advertise-client-urls http://{HOSTNAME}.kuboard-etcd:2379 \--initial-advertise-peer-urls http://{HOSTNAME}:2380 \--initial-cluster-token kuboard-etcd-cluster-1 \--initial-cluster{PEERS} \--initial-cluster-state new \--auto-compaction-retention 1 \--quota-backend-bytes 8388608000 \--data-dir /data/kuboard.etcdvolumeClaimTemplates:- metadata:name: dataspec:# 请填写一个有效的 StorageClass namestorageClassName: nfs-clientaccessModes: [ "ReadWriteMany" ]resources:requests:storage: 5Gi

4. etcd-service.yaml

点击查看代码

apiVersion: v1
kind: Service
metadata:name: kuboard-etcdnamespace: kuboard
spec:type: ClusterIPports:- port: 2379name: client- port: 2380name: peerselector:app: kuboard-etcd

5. deployment.yaml

点击查看代码

apiVersion: apps/v1
kind: Deployment
metadata:annotations:deployment.kubernetes.io/revision: '9'k8s.kuboard.cn/ingress: 'false'k8s.kuboard.cn/service: NodePortk8s.kuboard.cn/workload: kuboard-v3labels:k8s.kuboard.cn/name: kuboard-v3name: kuboard-v3namespace: kuboard
spec:replicas: 1selector:matchLabels:k8s.kuboard.cn/name: kuboard-v3template:metadata:labels:k8s.kuboard.cn/name: kuboard-v3spec:containers:- env:- name: KUBOARD_ETCD_ENDPOINTSvalue: >-kuboard-etcd-0.kuboard-etcd:2379,kuboard-etcd-1.kuboard-etcd:2379,kuboard-etcd-2.kuboard-etcd:2379envFrom:- configMapRef:name: kuboard-v3-configimage: 'swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3.5.2.4'imagePullPolicy: Alwaysname: kuboard

6. kuboard-service.yaml

点击查看代码

apiVersion: v1
kind: Service
metadata:annotations:k8s.kuboard.cn/workload: kuboard-v3labels:k8s.kuboard.cn/name: kuboard-v3name: kuboard-v3namespace: kuboard
spec:ports:- name: webuiport: 80protocol: TCPtargetPort: 80- name: agentservertcpport: 10081protocol: TCPtargetPort: 10081- name: agentserverudpport: 10081protocol: UDPtargetPort: 10081selector:k8s.kuboard.cn/name: kuboard-v3sessionAffinity: Nonetype: ClusterIP

7. ingress.yaml

点击查看代码

apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: kuboard-v3namespace: kuboardannotations:nginx.ingress.kubernetes.io/ssl-redirect: 'true'k8s.kuboard.cn/displayName: kuboardk8s.kuboard.cn/workload: kuboardnginx.org/websocket-services: "kuboard"nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
spec:tls:- hosts:- kuboard.xxx.xxxsecretName: xxx-xxxrules:- host: kuboard.xxx.xxxhttp:paths:- path: /backend:serviceName: kuboard-v3servicePort: webui

8. 获取管理员token

点击查看代码

kubectl -n kube-system get secret (kubectl -n kube-system get secret | grep kuboard-user | awk '{print1}') -o go-template='{{.data.token}}' | base64 -d