原始链接地址

https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

修改Service端口

增加80端口,改成http访问

修改前:

spec:

  ports:

    - port: 443

      targetPort: 8443

  selector:

    k8s-app: kubernetes-dashboard

修改后:

spec:

  ports:

    - port: 443

      targetPort: 8443

      name: https

    - port: 80

      targetPort: 9090

      name: http

  selector:

    k8s-app: kubernetes-dashboard

如果想用 ip+端口 的方式访问,这里需要增加配置,改成 nodeport 的形式,nodePort 改成自己主机空闲的端口,取值范围在 apiserver--service-node-port-range 参数里面可以看得到

最终修改如下:

spec:

  ports:

    - port: 443

      targetPort: 8443

      name: https

      nodePort: 32001

    - port: 80

      targetPort: 9090

      name: http

      nodePort: 32002

  type: NodePort

  selector:

    k8s-app: kubernetes-dashboard

修改 deployment 内容

修改探针检测
  • 后面要修改 dashboard 的启动参数,这里不改的话,活性检测会失败,导致 pod 会不断重启

修改前:

          livenessProbe:

            httpGet:

              scheme: HTTPS

              path: /

              port: 8443

修改后:

          livenessProbe:

            httpGet:

              scheme: HTTP

              path: /

              port: 9090
修改镜像拉取策略
  • 官方 yaml 里面默认配置的是 Always
sed -i 's/imagePullPolicy: Always/imagePullPolicy: IfNotPresent/g' recommended.yaml
修改容器端口

修改前:

          ports:

            - containerPort: 8443

              protocol: TCP

修改后:

          ports:

            - containerPort: 8443

              protocol: TCP

            - containerPort: 9090

              protocol: TCP
关闭 token 登录
  • 注释掉 --auto-generate-certificates 参数

修改前:

          args:

            - --auto-generate-certificates

            - --namespace=kubernetes-dashboard

            # Uncomment the following line to manually specify Kubernetes API server Host

            # If not specified, Dashboard will attempt to auto discover the API server and connect

            # to it. Uncomment only if the default does not work.

            # - --apiserver-host=http://my-address:port

修改后:

          args:

            # - --auto-generate-certificates

            - --namespace=kubernetes-dashboard

            # Uncomment the following line to manually specify Kubernetes API server Host

            # If not specified, Dashboard will attempt to auto discover the API server and connect

            # to it. Uncomment only if the default does not work.

            # - --apiserver-host=http://my-address:port

完整版yaml

# Copyright 2017 The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

apiVersion: v1

kind: Namespace

metadata:

  name: kubernetes-dashboard

---

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kubernetes-dashboard

---

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kubernetes-dashboard

spec:

  ports:

    - port: 443

      targetPort: 8443

      name: https

      nodePort: 30000

    - port: 80

      targetPort: 9090

      name: http

      nodePort: 30001

  type: NodePort

  selector:

    k8s-app: kubernetes-dashboard

---

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-certs

  namespace: kubernetes-dashboard

type: Opaque

---

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-csrf

  namespace: kubernetes-dashboard

type: Opaque

data:

  csrf: ""

---

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-key-holder

  namespace: kubernetes-dashboard

type: Opaque

---

kind: ConfigMap

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-settings

  namespace: kubernetes-dashboard

---

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kubernetes-dashboard

rules:

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

  - apiGroups: [""]

    resources: ["secrets"]

    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]

    verbs: ["get", "update", "delete"]

    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

  - apiGroups: [""]

    resources: ["configmaps"]

    resourceNames: ["kubernetes-dashboard-settings"]

    verbs: ["get", "update"]

    # Allow Dashboard to get metrics.

  - apiGroups: [""]

    resources: ["services"]

    resourceNames: ["heapster", "dashboard-metrics-scraper"]

    verbs: ["proxy"]

  - apiGroups: [""]

    resources: ["services/proxy"]

    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]

    verbs: ["get"]

---

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

rules:

  # Allow Metrics Scraper to get metrics from the Metrics server

  - apiGroups: ["metrics.k8s.io"]

    resources: ["pods", "nodes"]

    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kubernetes-dashboard

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard

subjects:

  - kind: ServiceAccount

    name: kubernetes-dashboard

    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: kubernetes-dashboard

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: kubernetes-dashboard

subjects:

  - kind: ServiceAccount

    name: kubernetes-dashboard

    namespace: kubernetes-dashboard

---

kind: Deployment

apiVersion: apps/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kubernetes-dashboard

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

    spec:

      securityContext:

        seccompProfile:

          type: RuntimeDefault

      containers:

        - name: kubernetes-dashboard

          image: kubernetesui/dashboard:v2.7.0

          imagePullPolicy: Always

          ports:

            - containerPort: 8443

              protocol: TCP

            - containerPort: 9090

              protocol: TCP

          args:

            # - --auto-generate-certificates

            - --namespace=kubernetes-dashboard

            # Uncomment the following line to manually specify Kubernetes API server Host

            # If not specified, Dashboard will attempt to auto discover the API server and connect

            # to it. Uncomment only if the default does not work.

            # - --apiserver-host=http://my-address:port

          volumeMounts:

            - name: kubernetes-dashboard-certs

              mountPath: /certs

              # Create on-disk volume to store exec logs

            - mountPath: /tmp

              name: tmp-volume

          livenessProbe:

            httpGet:

              scheme: HTTP

              path: /

              port: 9090

            initialDelaySeconds: 30

            timeoutSeconds: 30

          securityContext:

            allowPrivilegeEscalation: false

            readOnlyRootFilesystem: true

            runAsUser: 1001

            runAsGroup: 2001

      volumes:

        - name: kubernetes-dashboard-certs

          secret:

            secretName: kubernetes-dashboard-certs

        - name: tmp-volume

          emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      nodeSelector:

        "kubernetes.io/os": linux

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

---

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: dashboard-metrics-scraper

  name: dashboard-metrics-scraper

  namespace: kubernetes-dashboard

spec:

  ports:

    - port: 8000

      targetPort: 8000

  selector:

    k8s-app: dashboard-metrics-scraper

---

kind: Deployment

apiVersion: apps/v1

metadata:

  labels:

    k8s-app: dashboard-metrics-scraper

  name: dashboard-metrics-scraper

  namespace: kubernetes-dashboard

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: dashboard-metrics-scraper

  template:

    metadata:

      labels:

        k8s-app: dashboard-metrics-scraper

    spec:

      securityContext:

        seccompProfile:

          type: RuntimeDefault

      containers:

        - name: dashboard-metrics-scraper

          image: kubernetesui/metrics-scraper:v1.0.8

          ports:

            - containerPort: 8000

              protocol: TCP

            - containerPort: 9090

              protocol: TCP

          livenessProbe:

            httpGet:

              scheme: HTTP

              path: /

              port: 8000

            initialDelaySeconds: 30

            timeoutSeconds: 30

          volumeMounts:

          - mountPath: /tmp

            name: tmp-volume

          securityContext:

            allowPrivilegeEscalation: false

            readOnlyRootFilesystem: true

            runAsUser: 1001

            runAsGroup: 2001

      serviceAccountName: kubernetes-dashboard

      nodeSelector:

        "kubernetes.io/os": linux

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

        - key: node-role.kubernetes.io/master

          effect: NoSchedule

      volumes:

        - name: tmp-volume

          emptyDir: {}

部署kubernetes-dashboard改成http免密登录的更多相关文章

  1. [Kubernetes]集群配置免密登录Permission denied (publickey,password) 解决办法

    在用ansible部署Kubernetes集群是需要配置免密登录,但是遇到Permission denied (publickey,password)的问题 首先推断可能是sshd_config的配置 ...

  2. [原]部署kubernetes dashboard(二)

    #######################    以下为声明  ##################### 此文档是之前做笔记在两台机上进行的实践,kubernetes处于不断开发阶段 不能保证每 ...

  3. ssh免密登录及去掉提示

    A连B 1.生成公钥和私钥    ssh-keygen2.复制公钥到需要免密登录的服务器上  ssh-copy-id root@192.168.25.175 A连A 2.复制公钥到本机上  ssh-c ...

  4. ssh免密登录linux服务器

    Ssh免密登录 sshd服务 sshd简介: SSH 密钥为登录 Linux 服务器提供了更好且安全的机制.运行 ssh-keygen 后,将会生成公私密钥对.你可以将公钥放置到任意服务器,从持有私钥 ...

  5. Ubuntu ssh免密登录

    ssh免密登录工作原理 server A免登录到server B: 1.在A上生成公钥私钥. 2.将公钥拷贝给server B,要重命名成authorized_keys(从英文名就知道含义了) 3.S ...

  6. SSH免密登录实现

    现在先想要把项目部署到linux系统中 通过使用maven添加tomcat插件可以做到,右击项目 配置这里的url,是部署到哪里的意思(比如我们现在将这个项目部署到以下系统的tomcat中) 此处只有 ...

  7. Linux服务器在SSH客户端如何实现免密登录

    一.SSH客户端Setting 配置 key ,  创建生成公钥导出文件. 二.服务器 master 上生成密钥 通过执行命令 ssh-keygen -t rsa 来生成我们需要的密钥. ssh-ke ...

  8. Ubuntu 开启SSH服务以及有关设置:安装,指定端口号、免密登录、远程拷贝

    本文所用系统为 Ubuntu 18.04   什么是SSH?     简单说,SSH是一种网络协议,用于计算机之间的加密登录.全名为:安全外壳协议.为Secure Shell的缩写.SSH为建立在应用 ...

  9. linux上ssh免密登录原理及实现

    因为我的服务器集群需要回收日志到中央进行统一处理,所以需要建立ssh互信关系实现免密登录.关于ssh的使用大家可能都很熟悉了,我们今天主要来讲下ssh连接和免密登录的原理. scp 传输文件 scp( ...

  10. 配置ssh免密登录后,仍需要密码才能登陆其中某台机器

    提示:如果是三台机器A.B.C配置了ssh免密登录,从A和B上登录C需要密码,则需要修改C的配置 修改配置文件如下: sudo vi /etc/ssh/sshd_config #禁用root账户登录, ...

随机推荐

  1. kotlin更多语言结构——>解构声明

    解构声明 有时把一个对象 解构 成很多变量会很方便,例如: val (name, age) = person 这种语法称为 解构声明 .一个解构声明同时创建多个变量.我们已经声明了两个新变量:name ...

  2. 使用zipkin配置spring boot的链路器(httpclient、restTemplate)

    一.首先导入zipkin需要的依赖 <!--zipkin-brave start--> <dependency> <groupId>io.zipkin.brave& ...

  3. SQL注入利用及绕过总结

    SQL注入及绕过姿势总结 概述 SQL注入指用户输入的参数可控且没有被过滤,攻击者输入的恶意代码被传到后端与SQL语句一起构造并在数据库中执行 不同数据库的语法可能存在差异,以MySQL为例,其他差异 ...

  4. 第147篇:微信小程序开发中Promise的使用(aysnc,await)

    好家伙, 0.错误描述 今天在开发中犯了一个比较严重的错误 对于Promise的错误使用 场景: 微信小程序中展示搜索条件列表 // API请求工具函数 const apiRequest = (url ...

  5. Awesome Tools,程序员常用高效实用工具、软件资源精选,办公效率提升利器!

    前言 在当今这个技术日新月异的时代,开发者只有持续学习,才能紧跟时代的浪潮.为了助力开发者在高效学习与工作中实现平衡(告别996的束缚),众多卓越且实用的开发工具应运而生,它们如同强大的助力器,极大地 ...

  6. java CAS及各种锁

    CAS CAS 缺点:循环会耗时:一次性只能保持一个共享变量的原子性:ABA问题 package juc.cas; import java.util.concurrent.atomic.AtomicI ...

  7. 低配置PC环境下的魔兽世界游戏体验:ToDesk云电脑性能测试分析

    近期魔兽世界再度开服,吸引了众多游戏老玩家回归.然而随着游戏内容的不断更新,其对电脑配置的要求也在逐渐升提高.对于许多电脑配置较低的老玩家,如何在不升级硬件的情况下流畅运行魔兽世界成为了一个难题. 随 ...

  8. .NET云原生应用实践(四):基于Keycloak的认证与授权

    本章目标 完成Keycloak的本地部署与配置 在Stickers RESTful API层面完成与Keycloak的集成 在Stickers RESTful API上实现认证与授权 Keycloak ...

  9. SSIS连接Oracle问题汇总

    一.未安装Oracle客户端 错误提示:Test connection failed because of an error in initializing provider. 未找到 Oracle ...

  10. esp8266+http (PlatformIO)

    esp8266 + http 使用esp8266发起http请求 #include <Arduino.h> #include <ESP8266WiFi.h> #include ...