文章目录
- 1、Recommended.yaml
- 2、调用结果
- 3、YAML文件创建的相关Pod、Deployment、Service信息汇总
1、Recommended.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion v1
kind Namespace
metadata
name kubernetes-dashboard
---
apiVersion v1
kind ServiceAccount
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
namespace kubernetes-dashboard
---
kind Service
apiVersion v1
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
namespace kubernetes-dashboard
spec
type NodePort #修改svc服务类型为NodePort
ports
port443
targetPort8443
nodePort 30443 #自定义站点映射端口
selector
k8s-app kubernetes-dashboard
---
apiVersion v1
kind Secret
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard-certs
namespace kubernetes-dashboard
type Opaque
---
apiVersion v1
kind Secret
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard-csrf
namespace kubernetes-dashboard
type Opaque
data
csrf""
---
apiVersion v1
kind Secret
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard-key-holder
namespace kubernetes-dashboard
type Opaque
---
kind ConfigMap
apiVersion v1
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard-settings
namespace kubernetes-dashboard
---
kind Role
apiVersion rbac.authorization.k8s.io/v1
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
namespace kubernetes-dashboard
rules
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
apiGroups""
resources"secrets"
resourceNames"kubernetes-dashboard-key-holder" "kubernetes-dashboard-certs" "kubernetes-dashboard-csrf"
verbs"get" "update" "delete"
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
apiGroups""
resources"configmaps"
resourceNames"kubernetes-dashboard-settings"
verbs"get" "update"
# Allow Dashboard to get metrics.
apiGroups""
resources"services"
resourceNames"heapster" "dashboard-metrics-scraper"
verbs"proxy"
apiGroups""
resources"services/proxy"
resourceNames"heapster" "http:heapster:" "https:heapster:" "dashboard-metrics-scraper" "http:dashboard-metrics-scraper"
verbs"get"
---
kind ClusterRole
apiVersion rbac.authorization.k8s.io/v1
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
rules
# Allow Metrics Scraper to get metrics from the Metrics server
apiGroups"metrics.k8s.io"
resources"pods" "nodes"
verbs"get" "list" "watch"
---
apiVersion rbac.authorization.k8s.io/v1
kind RoleBinding
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
namespace kubernetes-dashboard
roleRef
apiGroup rbac.authorization.k8s.io
kind Role
name kubernetes-dashboard
subjects
kind ServiceAccount
name kubernetes-dashboard
namespace kubernetes-dashboard
---
apiVersion rbac.authorization.k8s.io/v1
kind ClusterRoleBinding
metadata
name kubernetes-dashboard
roleRef
apiGroup rbac.authorization.k8s.io
kind ClusterRole
name kubernetes-dashboard
subjects
kind ServiceAccount
name kubernetes-dashboard
namespace kubernetes-dashboard
---
kind Deployment
apiVersion apps/v1
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
namespace kubernetes-dashboard
spec
replicas1
revisionHistoryLimit10
selector
matchLabels
k8s-app kubernetes-dashboard
template
metadata
labels
k8s-app kubernetes-dashboard
spec
containers
name kubernetes-dashboard
image kubernetesui/dashboard v2.0.0-rc7
imagePullPolicy Always
ports
containerPort8443
protocol TCP
args
--auto-generate-certificates
--namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts
name kubernetes-dashboard-certs
mountPath /certs
# Create on-disk volume to store exec logs
mountPath /tmp
name tmp-volume
livenessProbe
httpGet
scheme HTTPS
path /
port8443
initialDelaySeconds30
timeoutSeconds30
securityContext
allowPrivilegeEscalationfalse
readOnlyRootFilesystemtrue
runAsUser1001
runAsGroup2001
volumes
name kubernetes-dashboard-certs
secret
secretName kubernetes-dashboard-certs
name tmp-volume
emptyDir
serviceAccountName kubernetes-dashboard
nodeSelector
"beta.kubernetes.io/os" linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations
key node-role.kubernetes.io/master
effect NoSchedule
---
kind Service
apiVersion v1
metadata
labels
k8s-app dashboard-metrics-scraper
name dashboard-metrics-scraper
namespace kubernetes-dashboard
spec
ports
port8000
targetPort8000
selector
k8s-app dashboard-metrics-scraper
---
kind Deployment
apiVersion apps/v1
metadata
labels
k8s-app dashboard-metrics-scraper
name dashboard-metrics-scraper
namespace kubernetes-dashboard
spec
replicas1
revisionHistoryLimit10
selector
matchLabels
k8s-app dashboard-metrics-scraper
template
metadata
labels
k8s-app dashboard-metrics-scraper
annotations
seccomp.security.alpha.kubernetes.io/pod'runtime/default'
spec
containers
name dashboard-metrics-scraper
image kubernetesui/metrics-scraper v1.0.4
ports
containerPort8000
protocol TCP
livenessProbe
httpGet
scheme HTTP
path /
port8000
initialDelaySeconds30
timeoutSeconds30
volumeMounts
mountPath /tmp
name tmp-volume
securityContext
allowPrivilegeEscalationfalse
readOnlyRootFilesystemtrue
runAsUser1001
runAsGroup2001
serviceAccountName kubernetes-dashboard
nodeSelector
"beta.kubernetes.io/os" linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations
key node-role.kubernetes.io/master
effect NoSchedule
volumes
name tmp-volume
emptyDir
2、调用结果
[root@master ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19, non-functional in v1.25+; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created
3、YAML文件创建的相关Pod、Deployment、Service信息汇总
[root@master ~]# kubectl get all -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-5d74b4cf4c-785wb 1/1 Running 0 30m
pod/kubernetes-dashboard-6b88c86848-nqw8d 1/1 Running 0 30m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.111.175.25 <none> 8000/TCP 30m
service/kubernetes-dashboard NodePort 10.99.28.45 <none> 443:30443/TCP 30m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 30m
deployment.apps/kubernetes-dashboard 1/1 1 1 30m
NAME DESIRED CURRENT READY AGE
replicaset.apps/dashboard-metrics-scraper-5d74b4cf4c 1 1 1 30m
replicaset.apps/kubernetes-dashboard-6b88c86848 1 1 1 30m