K8s ConfigMap与Dashboard

(一)Kubernetes ConfigMap

1、概述

ConfigMap 是用来存储配置文件的 Kubernetes 资源对象,所有的配置内容都存储在 etcd 中。它可以被用来保存单个属性,也可以用来保存整个配置文件或者 JSON 二进制对象。ConfigMap API 资源提供了将配置数据注入容器的方式,同时保证该机制对容器来说是透明的。配置应该从 Image 内容中解耦,以此来保持容器化应用程序的可移植性。

2、使用 ConfigMap 配置 MySQL

1 apiVersion: v1 2 kind: ConfigMap 3 metadata: 4 name: mysql-myshop-config 5 data: 6 # 这里是键值对数据 7 mysqld.cnf: | 8 [client] 9 port=3306 10 [mysql] 11 no-auto-rehash 12 [mysqld] 13 skip-host-cache 14 skip-name-resolve 15 default-authentication-plugin=mysql_native_password 16 character-set-server=utf8mb4 17 collation-server=utf8mb4_general_ci 18 explicit_defaults_for_timestamp=true 19 lower_case_table_names=1 20 --- 21 apiVersion: extensions/v1beta1 22 kind: Deployment 23 metadata: 24 name: mysql-myshop 25 spec: 26 replicas: 1 27 template: 28 metadata: 29 labels: 30 name: mysql-myshop 31 spec: 32 containers: 33 - name: mysql-myshop 34 image: mysql 35 imagePullPolicy: IfNotPresent 36 ports: 37 - containerPort: 3306 38 env: 39 - name: MYSQL_ROOT_PASSWORD 40 value: "123456" 41 volumeMounts: 42 # 以数据卷的形式挂载 MySQL 配置文件目录 43 - name: cm-vol-myshop 44 mountPath: /etc/mysql/conf.d 45 - name: nfs-vol-myshop 46 mountPath: /var/lib/mysql 47 volumes: 48 # 将 ConfigMap 中的内容以文件形式挂载进数据卷 49 - name: cm-vol-myshop 50 configMap: 51 name: mysql-myshop-config 52 items: 53 # ConfigMap 中的 Key 54 - key: mysqld.cnf 55 # ConfigMap Key 匹配的 Value 写入名为 mysqld.cnf 的文件中 56 path: mysqld.cnf 57 - name: nfs-vol-myshop 58 persistentVolumeClaim: 59 claimName: nfs-pvc-mysql-myshop 60 --- 61 apiVersion: v1 62 kind: Service 63 metadata: 64 name: mysql-myshop 65 spec: 66 ports: 67 - port: 3306 68 targetPort: 3306 69 nodePort: 32036 70 type: LoadBalancer 71 selector: 72 name: mysql-myshop 73 74
1 # 查看 ConfigMap 2 kubectl get cm 3 kubectl describe cm <ConfigMap Name> 4 5

(二)Kubernetes Dashboard

1、概述

Kubernetes Dashboard 是 Kubernetes 集群的 Web UI,用于管理集群。

2、安装

GitHub 地址:Kubernetes Dashboard(opens new window)

下载配置文件

1 wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 2 3

 

修改配置如下

1 # 省略部分代码... 2 3 # ------------------- Dashboard Deployment ------------------- # 4 5 kind: Deployment 6 apiVersion: apps/v1 7 metadata: 8 labels: 9 k8s-app: kubernetes-dashboard 10 name: kubernetes-dashboard 11 namespace: kube-system 12 spec: 13 replicas: 1 14 revisionHistoryLimit: 10 15 selector: 16 matchLabels: 17 k8s-app: kubernetes-dashboard 18 template: 19 metadata: 20 labels: 21 k8s-app: kubernetes-dashboard 22 spec: 23 containers: 24 - name: kubernetes-dashboard 25 # 修改镜像地址为阿里云 26 image: registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 27 ports: 28 - containerPort: 8443 29 protocol: TCP 30 args: 31 - --auto-generate-certificates 32 volumeMounts: 33 - name: kubernetes-dashboard-certs 34 mountPath: /certs 35 - mountPath: /tmp 36 name: tmp-volume 37 livenessProbe: 38 httpGet: 39 scheme: HTTPS 40 path: / 41 port: 8443 42 initialDelaySeconds: 30 43 timeoutSeconds: 30 44 volumes: 45 - name: kubernetes-dashboard-certs 46 secret: 47 secretName: kubernetes-dashboard-certs 48 - name: tmp-volume 49 emptyDir: {} 50 serviceAccountName: kubernetes-dashboard 51 tolerations: 52 - key: node-role.kubernetes.io/master 53 effect: NoSchedule 54 55 --- 56 # ------------------- Dashboard Service ------------------- # 57 58 kind: Service 59 apiVersion: v1 60 metadata: 61 labels: 62 k8s-app: kubernetes-dashboard 63 name: kubernetes-dashboard 64 namespace: kube-system 65 spec: 66 # 修改类型为 NodePort 访问 67 type: NodePort 68 ports: 69 - port: 443 70 targetPort: 8443 71 # 设置端口号为 30001 72 nodePort: 30001 73 selector: 74 k8s-app: kubernetes-dashboard 75 76

部署到集群

1 # 部署 2 kubectl create -f kubernetes-dashboard.yaml 3 4 # 查看 5 kubectl -n kube-system get pods 6 kubectl -n kube-system get service kubernetes-dashboard 7 kubectl -n kube-system describe service kubernetes-dashboard 8 9

 

3、访问

需要使用 NodeIP:30001 访问 Dashboard,因为证书原因除火狐浏览器外其它浏览器无法直接打开页面

Chrome 浏览器显示如下

Firefox 浏览器显示如下

点击 接受风险并继续 即可显示欢迎界面

4、登录

我们采用 Token 方式登录

  • 创建登录账号,创建一个名为 dashboard-adminuser.yaml 的配置文件

1 apiVersion: v1 2 kind: ServiceAccount 3 metadata: 4 name: admin-user 5 namespace: kube-system 6 --- 7 apiVersion: rbac.authorization.k8s.io/v1 8 kind: ClusterRoleBinding 9 metadata: 10 name: admin-user 11 roleRef: 12 apiGroup: rbac.authorization.k8s.io 13 kind: ClusterRole 14 name: cluster-admin 15 subjects: 16 - kind: ServiceAccount 17 name: admin-user 18 namespace: kube-system 19 20
1 kubectl create -f dashboard-adminuser.yaml 2 3

 

  • 打印 Token 信息

1 kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') 2 3 # 输出如下 4 Name: admin-user-token-86cz9 5 Namespace: kube-system 6 Labels: <none> 7 Annotations: kubernetes.io/service-account.name: admin-user 8 kubernetes.io/service-account.uid: 3902d3d4-8b13-11e9-8089-000c29d49c77 9 10 Type: kubernetes.io/service-account-token 11 12 Data 13 ==== 14 ca.crt: 1025 bytes 15 namespace: 11 bytes 16 token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTg2Y3o5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzOTAyZDNkNC04YjEzLTExZTktODA4OS0wMDBjMjlkNDljNzciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.pA44wyarsahOwqH7X7RVlcdB1k3_j-L3gwOYlTQ4_Lu5ZmfXDFlhqN-Q1tdryJes_V1Nj_utocnXBAxsGzOGaVR4Te4oli3htSepI9MrggQAyeC3C0_QANXGCE6V5L6B5tGZ6tDsY92VDnlvz2N6OrHaH2IJJd2DlxzYvAPvfAFuPeHWuPeVxUisMfXeW42S7US6skZwbZ06JrPYAFxHjqv3zoxRxI8-bmekltvOamsrL0pAXvIUzaowgbjiQb2NgeLAw9O6qfYcz5DAi2C-7G_yAcve6pgnWcIGhVpKoim9DfJUhe1SVx4H4X5Na6GVaaD6FdUIb7UOgsO1FVpTPw 17 18

 

  • 将 Token 输入浏览器,成功登陆后效果如下

转自:有梦想的咸鱼

 

 

 

代码交流 2021