kubernetes dashboard 支持http (不推荐)
程序员文章站
2022-07-14 10:28:02
...
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: dashboard
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
#ingress.kubernetes.io/ssl-passthrough: "true"
spec:
rules:
- host: dashboard.digitalgd.com
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 9090 #ingress 指向http端口
path: /
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
name: ssl
#service 增加http配置
- port: 9090
name: http
targetPort: 9090
selector:
k8s-app: kubernetes-dashboard
# type: NodePort
type: ClusterIP
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-rc3
ports:
- containerPort: 8443
protocol: TCP
#增加http端口
- containerPort: 9090
protocol: TCP
args:
#- --auto-generate-certificates
- --namespace=kube-system
#增加以下三行配置,使支持http
- --enable-insecure-login
- --insecure-port=9090
- --enable-skip-login
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
#增加http的healthcheck
httpGet:
scheme: HTTP
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"beta.kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
上一篇: Dockerfile 多段构建
下一篇: k8s 部署nfs storeclass