• 云原生|kubernetes|本地存储hostpath-provisioner部署以及无token密码方式登陆dashboard的部署


    前言:

    kubernetes的存储类大家应该都知道,常用的有nfs-client-provisioner这样插件形式,其实还有一种本地存储类的插件,只是这个估计很冷门,生产上网络存储持久卷还是主流的,本文将介绍一种本地存储类插件。

    dashboard是kubernetes的web管理界面,大家也是十分熟悉的,但一般的dashboard是需要使用token登陆或者自行设置密码登陆,这个对于开发人员来说是不友好的,那么,本文将采用另一种方式部署dashboard,只需要简单的部署就可以打开浏览器直接输入IP+端口就登陆dashboard,不需要任何的验证,在二进制集群以及kubeadm集群中均验证通过。

    一,

    本地存储类的部署

    这个部署非常简单,两个文件就可以了

    【A】

    StorageClass.yaml

    1. cat >storageclass.yaml <<EOF
    2. kind: StorageClass
    3. apiVersion: storage.k8s.io/v1
    4. metadata:
    5. namespace: kube-system
    6. name: standard
    7. annotations:
    8. storageclass.kubernetes.io/is-default-class: "true"
    9. labels:
    10. addonmanager.kubernetes.io/mode: EnsureExists
    11. provisioner: k8s.io/minikube-hostpath
    12. EOF

    【B】

    storage-provisioner.yaml

    1. cat >storage-provisioner.yaml <<EOF
    2. ---
    3. apiVersion: v1
    4. kind: ServiceAccount
    5. metadata:
    6. name: storage-provisioner
    7. namespace: kube-system
    8. labels:
    9. addonmanager.kubernetes.io/mode: Reconcile
    10. ---
    11. apiVersion: rbac.authorization.k8s.io/v1
    12. kind: ClusterRoleBinding
    13. metadata:
    14. name: storage-provisioner
    15. labels:
    16. addonmanager.kubernetes.io/mode: EnsureExists
    17. roleRef:
    18. apiGroup: rbac.authorization.k8s.io
    19. kind: ClusterRole
    20. name: system:persistent-volume-provisioner
    21. subjects:
    22. - kind: ServiceAccount
    23. name: storage-provisioner
    24. namespace: kube-system
    25. ---
    26. apiVersion: v1
    27. kind: Pod
    28. metadata:
    29. name: storage-provisioner
    30. namespace: kube-system
    31. labels:
    32. integration-test: storage-provisioner
    33. addonmanager.kubernetes.io/mode: Reconcile
    34. spec:
    35. serviceAccountName: storage-provisioner
    36. hostNetwork: true
    37. containers:
    38. - name: storage-provisioner
    39. image: registry.aliyuncs.com/google_containers/storage-provisioner:v1.8.1
    40. command: ["/storage-provisioner"]
    41. imagePullPolicy: IfNotPresent
    42. volumeMounts:
    43. - mountPath: /tmp
    44. name: tmp
    45. volumes:
    46. - name: tmp
    47. hostPath:
    48. path: /tmp
    49. type: Directory
    50. EOF

    部署完成后,查看sc的状态:

    1. [root@node3 addons]# kubectl get sc
    2. NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
    3. standard (default) k8s.io/minikube-hostpath Delete Immediate false 9d

    测试这个存储类:

    1. cat > nginx-pvc.yaml <<EOF
    2. kind: PersistentVolumeClaim
    3. apiVersion: v1
    4. metadata:
    5. name: test-claim
    6. annotations:
    7. volume.beta.kubernetes.io/storage-class: "standard"
    8. spec:
    9. accessModes:
    10. - ReadWriteMany
    11. resources:
    12. requests:
    13. storage: 1Mi
    14. EOF
    1. cat >deploy-nginx.yaml <<EOF
    2. apiVersion: apps/v1
    3. kind: Deployment
    4. metadata:
    5. creationTimestamp: null
    6. labels:
    7. app: nginx
    8. name: nginx
    9. spec:
    10. replicas: 1
    11. selector:
    12. matchLabels:
    13. app: nginx
    14. strategy: {}
    15. template:
    16. metadata:
    17. creationTimestamp: null
    18. labels:
    19. app: nginx
    20. spec:
    21. containers:
    22. - image: nginx:1.18
    23. name: nginx
    24. volumeMounts:
    25. - name: nginx-persistent-storage
    26. mountPath: "/usr/share/nginx/html" #不需要修改,映射到镜像内部目录
    27. volumes:
    28. - name: nginx-persistent-storage
    29. persistentVolumeClaim:
    30. claimName: test-claim #对应到pvc的名字
    31. EOF

    测试用pod部署完成后,查看该pod的clusterIP:

    1. [root@node3 nginx]# kubectl get po -A -owide
    2. NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
    3. default nginx-b7b6ff9f7-7hmqm 1/1 Running 3 47h 10.244.0.47 node3

    查看上面的pvc生成的pv,观察状态,可以看到部署正确无误:

    1. [root@node3 nginx]# kubectl get pv,pvc -A
    2. NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
    3. persistentvolume/pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7 1Mi RWX Delete Bound default/test-claim standard 47h
    4. NAMESPACE NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
    5. default persistentvolumeclaim/test-claim Bound pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7 1Mi RWX standard 47h

    到volume存储的目录下写入nginx的首页文件,查看前面的部署文件可以知道该目录在tmp目录下:

    1. root@node3 nginx]# cd /tmp/hostpath-provisioner/pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7/
    2. [root@node3 pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7]# pwd
    3. /tmp/hostpath-provisioner/pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7
    4. [root@node3 pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7]# ls
    5. index.html
    6. [root@node3 pvc-79fee6e2-e5a2-4fd6-8abc-ea4a1783f2c7]# cat index.html
    7. this is a test page!!!!!!

    curl访问这个pod的clusterIP,可以看到本地存储类完全正确:

    1. [root@node3 ~]# curl 10.244.0.47
    2. this is a test page!!!!!!



    部署无token的开发专用dashboard:

    我这里将各个模块分开了,总计10个文件,可以将这10个文件合并或者放置到一个空目录下,部署文件如下:

    1. cat >dashboard-sa.yaml <<EOF
    2. apiVersion: v1
    3. kind: ServiceAccount
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: kubernetes-dashboard
    10. namespace: kubernetes-dashboard
    11. EOF
    1. cat >dashboard-role.yaml <<EOF
    2. kind: Role
    3. apiVersion: rbac.authorization.k8s.io/v1
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: kubernetes-dashboard
    10. namespace: kubernetes-dashboard
    11. rules:
    12. # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
    13. - apiGroups: [""]
    14. resources: ["secrets"]
    15. resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    16. verbs: ["get", "update", "delete"]
    17. # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
    18. - apiGroups: [""]
    19. resources: ["configmaps"]
    20. resourceNames: ["kubernetes-dashboard-settings"]
    21. verbs: ["get", "update"]
    22. # Allow Dashboard to get metrics.
    23. - apiGroups: [""]
    24. resources: ["services"]
    25. resourceNames: ["heapster", "dashboard-metrics-scraper"]
    26. verbs: ["proxy"]
    27. - apiGroups: [""]
    28. resources: ["services/proxy"]
    29. resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    30. verbs: ["get"]
    31. EOF
    1. cat >dashboard-rolebinding.yaml <<EOF
    2. apiVersion: rbac.authorization.k8s.io/v1
    3. kind: RoleBinding
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: kubernetes-dashboard
    10. namespace: kubernetes-dashboard
    11. roleRef:
    12. apiGroup: rbac.authorization.k8s.io
    13. kind: Role
    14. name: kubernetes-dashboard
    15. subjects:
    16. - kind: ServiceAccount
    17. name: kubernetes-dashboard
    18. namespace: kubernetes-dashboard
    19. EOF
    1. cat >dashboard-clusterrole.yaml<<EOF
    2. kind: ClusterRole
    3. apiVersion: rbac.authorization.k8s.io/v1
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: kubernetes-dashboard
    10. rules:
    11. # Allow Metrics Scraper to get metrics from the Metrics server
    12. - apiGroups: ["metrics.k8s.io"]
    13. resources: ["pods", "nodes"]
    14. verbs: ["get", "list", "watch"]
    15. EOF
    1. cat >dashboard-clusterrolebinding.yaml<<EOF
    2. apiVersion: rbac.authorization.k8s.io/v1
    3. kind: ClusterRoleBinding
    4. metadata:
    5. name: kubernetes-dashboard
    6. labels:
    7. k8s-app: kubernetes-dashboard
    8. kubernetes.io/minikube-addons: dashboard
    9. addonmanager.kubernetes.io/mode: Reconcile
    10. roleRef:
    11. apiGroup: rbac.authorization.k8s.io
    12. kind: ClusterRole
    13. name: cluster-admin
    14. subjects:
    15. - kind: ServiceAccount
    16. name: kubernetes-dashboard
    17. namespace: kubernetes-dashboard
    18. EOF
    1. cat >dashboard-ns.yaml <<EOF
    2. apiVersion: v1
    3. kind: Namespace
    4. metadata:
    5. name: kubernetes-dashboard
    6. labels:
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. EOF
    1. cat >dashboard-configmap.yaml <<EOF
    2. kind: ConfigMap
    3. apiVersion: v1
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: kubernetes-dashboard-settings
    10. namespace: kubernetes-dashboard
    11. EOF
    1. cat >dashboard-secret.yaml <<EOF
    2. apiVersion: v1
    3. kind: Secret
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: kubernetes-dashboard-certs
    10. namespace: kubernetes-dashboard
    11. type: Opaque
    12. ---
    13. apiVersion: v1
    14. kind: Secret
    15. metadata:
    16. labels:
    17. k8s-app: kubernetes-dashboard
    18. kubernetes.io/minikube-addons: dashboard
    19. addonmanager.kubernetes.io/mode: Reconcile
    20. name: kubernetes-dashboard-csrf
    21. namespace: kubernetes-dashboard
    22. type: Opaque
    23. data:
    24. csrf: ""
    25. ---
    26. apiVersion: v1
    27. kind: Secret
    28. metadata:
    29. labels:
    30. k8s-app: kubernetes-dashboard
    31. kubernetes.io/minikube-addons: dashboard
    32. addonmanager.kubernetes.io/mode: Reconcile
    33. name: kubernetes-dashboard-key-holder
    34. namespace: kubernetes-dashboard
    35. type: Opaque
    36. EOF
    1. cat >dashboard-svc.yaml <<EOF
    2. kind: Service
    3. apiVersion: v1
    4. metadata:
    5. labels:
    6. k8s-app: kubernetes-dashboard
    7. kubernetes.io/minikube-addons-endpoint: dashboard
    8. kubernetes.io/minikube-addons: dashboard
    9. addonmanager.kubernetes.io/mode: Reconcile
    10. name: kubernetes-dashboard
    11. namespace: kubernetes-dashboard
    12. spec:
    13. type: NodePort
    14. ports:
    15. - port: 80
    16. targetPort: 9090
    17. nodePort: 30001
    18. selector:
    19. k8s-app: kubernetes-dashboard
    20. ---
    21. kind: Service
    22. apiVersion: v1
    23. metadata:
    24. labels:
    25. k8s-app: dashboard-metrics-scraper
    26. kubernetes.io/minikube-addons: dashboard
    27. addonmanager.kubernetes.io/mode: Reconcile
    28. name: dashboard-metrics-scraper
    29. namespace: kubernetes-dashboard
    30. spec:
    31. ports:
    32. - port: 8000
    33. targetPort: 8000
    34. selector:
    35. k8s-app: dashboard-metrics-scraper
    36. EOF
    1. cat >dashboard-dp.yaml <<EOF
    2. kind: Deployment
    3. apiVersion: apps/v1
    4. metadata:
    5. labels:
    6. k8s-app: dashboard-metrics-scraper
    7. kubernetes.io/minikube-addons: dashboard
    8. addonmanager.kubernetes.io/mode: Reconcile
    9. name: dashboard-metrics-scraper
    10. namespace: kubernetes-dashboard
    11. spec:
    12. replicas: 1
    13. revisionHistoryLimit: 10
    14. selector:
    15. matchLabels:
    16. k8s-app: dashboard-metrics-scraper
    17. template:
    18. metadata:
    19. labels:
    20. k8s-app: dashboard-metrics-scraper
    21. annotations:
    22. seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    23. spec:
    24. containers:
    25. - name: dashboard-metrics-scraper
    26. image: kubernetesui/metrics-scraper:v1.0.4
    27. ports:
    28. - containerPort: 8000
    29. protocol: TCP
    30. livenessProbe:
    31. httpGet:
    32. scheme: HTTP
    33. path: /
    34. port: 8000
    35. initialDelaySeconds: 30
    36. timeoutSeconds: 30
    37. volumeMounts:
    38. - mountPath: /tmp
    39. name: tmp-volume
    40. securityContext:
    41. allowPrivilegeEscalation: false
    42. readOnlyRootFilesystem: true
    43. runAsUser: 1001
    44. runAsGroup: 2001
    45. serviceAccountName: kubernetes-dashboard
    46. nodeSelector:
    47. "beta.kubernetes.io/os": linux
    48. # Comment the following tolerations if Dashboard must not be deployed on master
    49. tolerations:
    50. - key: node-role.kubernetes.io/master
    51. effect: NoSchedule
    52. volumes:
    53. - name: tmp-volume
    54. emptyDir: {}
    55. ---
    56. kind: Deployment
    57. apiVersion: apps/v1
    58. metadata:
    59. labels:
    60. k8s-app: kubernetes-dashboard
    61. kubernetes.io/minikube-addons: dashboard
    62. addonmanager.kubernetes.io/mode: Reconcile
    63. name: kubernetes-dashboard
    64. namespace: kubernetes-dashboard
    65. spec:
    66. replicas: 1
    67. revisionHistoryLimit: 10
    68. selector:
    69. matchLabels:
    70. k8s-app: kubernetes-dashboard
    71. template:
    72. metadata:
    73. labels:
    74. k8s-app: kubernetes-dashboard
    75. spec:
    76. containers:
    77. - name: kubernetes-dashboard
    78. # WARNING: This must match pkg/minikube/bootstrapper/images/images.go
    79. image: kubernetesui/dashboard:v2.0.1
    80. ports:
    81. - containerPort: 9090
    82. protocol: TCP
    83. args:
    84. - --namespace=kubernetes-dashboard
    85. - --enable-skip-login
    86. - --disable-settings-authorizer
    87. # Uncomment the following line to manually specify Kubernetes API server Host
    88. # If not specified, Dashboard will attempt to auto discover the API server and connect
    89. # to it. Uncomment only if the default does not work.
    90. # - --apiserver-host=http://my-address:port
    91. volumeMounts:
    92. # Create on-disk volume to store exec logs
    93. - mountPath: /tmp
    94. name: tmp-volume
    95. livenessProbe:
    96. httpGet:
    97. path: /
    98. port: 9090
    99. initialDelaySeconds: 30
    100. timeoutSeconds: 30
    101. securityContext:
    102. allowPrivilegeEscalation: false
    103. readOnlyRootFilesystem: true
    104. runAsUser: 1001
    105. runAsGroup: 2001
    106. volumes:
    107. - name: tmp-volume
    108. emptyDir: {}
    109. serviceAccountName: kubernetes-dashboard
    110. nodeSelector:
    111. "beta.kubernetes.io/os": linux
    112. # Comment the following tolerations if Dashboard must not be deployed on master
    113. tolerations:
    114. - key: node-role.kubernetes.io/master
    115. effect: NoSchedule
    116. EOF

    假设以上10个文件放置在dashboard这个文件夹内,执行这些文件即可:

    kubectl apply -f dashboard/

    查看部署情况:

    1. [root@k8s-master ~]# kubectl get po,secret,cm,sa,svc -n kubernetes-dashboard
    2. NAME READY STATUS RESTARTS AGE
    3. pod/dashboard-metrics-scraper-dc6947fbf-hf26p 1/1 Running 0 86m
    4. pod/kubernetes-dashboard-6dbb54fd95-795lj 1/1 Running 0 86m
    5. NAME TYPE DATA AGE
    6. secret/default-token-v6pkr kubernetes.io/service-account-token 3 87m
    7. secret/kubernetes-dashboard-certs Opaque 0 87m
    8. secret/kubernetes-dashboard-csrf Opaque 1 87m
    9. secret/kubernetes-dashboard-key-holder Opaque 2 87m
    10. secret/kubernetes-dashboard-token-l22q6 kubernetes.io/service-account-token 3 87m
    11. NAME DATA AGE
    12. configmap/kubernetes-dashboard-settings 0 86m
    13. NAME SECRETS AGE
    14. serviceaccount/default 1 87m
    15. serviceaccount/kubernetes-dashboard 1 87m
    16. NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    17. service/dashboard-metrics-scraper ClusterIP 10.0.71.99 8000/TCP 87m
    18. service/kubernetes-dashboard NodePort 10.0.133.27 80:30001/TCP 87m

    打开任意一个浏览器,输入节点IP+30001 即可访问dashboard了:

     

    这个版本还算可以,不是太低,用起来非常方便,十分适合开发人员适用哦。 

  • 相关阅读:
    在编程中如何使用数字-python
    集合深度学习01—Collection
    React报错之React hook 'useState' cannot be called in a class component
    接口interface
    HTTP文件服务
    MySQL server has gone away
    酪氨酸激酶、自噬等抗肿瘤抑制剂
    Feign通过自定义注解实现路径的转义
    厉害了!阿里内部都用的Spring+MyBatis源码手册,实战理论两不误
    Python基础教学之五:异常处理与文件操作——让程序更健壮
  • 原文地址:https://blog.csdn.net/alwaysbefine/article/details/127826137