kubernetes 单集群搭建
环境准备
| 角色 | 主机名 | IP | CPU | 内存 | 硬盘 | 操作系统 |
|---|---|---|---|---|---|---|
| master | k8s-master | 192.168.148.180 | 4C | 8G | 40GB | openEuler24.03-LTS |
| worker(node) | k8s-node01 | 192.168.148.181 | 4C | 8G | 40GB | openEuler24.03-LTS |
| worker(node) | k8s-node02 | 192.168.148.182 | 4C | 8G | 40GB | openEuler24.03-LTS |
- 集群中所有机器之间网络互通
- 可以访问外网,需要拉取镜像
- 禁止swap分区、关闭防火墙、关闭SElinux
系统盘扩容(可选)
bash
pvcreate /dev/sdb
vgextend openeuler /dev/sdb
lvextend -l +100%FREE /dev/mapper/openeuler-root
resize2fs /dev/mapper/openeuler-root主机名与IP地址解析
bash
cat >> /etc/hosts <<FOF
192.168.148.180 k8s-master
192.168.148.181 k8s-node01
192.168.148.182 k8s-node02
FOFkuberadm 部署(yum部署)
设置主机名
bash
hostnamectl set-hostname k8s-master && exec bash
hostnamectl set-hostname k8s-node01 && exec bash
hostnamectl set-hostname k8s-node02 && exec bash关闭防火墙和SElinux
bash
systemctl disable firewalld --now
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0关闭swap
bash
swapoff -a && sed -i 's/.*swap.*/# &/' /etc/fstab时间同步
bash
dnf -y install chrony
cat >> /etc/chrony.conf << EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
systemctl restart chronyd
systemctl enable chronyd免密登录(可选)
为了方便切换节点,可以配置免密登录
bash
#master执行
ssh-keygen
cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
scp -rp /root/.ssh/* root@192.168.148.181:/root/.ssh/
scp -rp /root/.ssh/* root@192.168.148.182:/root/.ssh/将桥接的IPv4流量传递到iptables的链
bash
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
sed -i 's/net\.ipv4\.ip_forward=0/net\.ipv4\.ip_forward=1/' /etc/sysctl.conf
sysctl --system加载br_netfilter模块
bash
modprobe br_netfilter
# 查看是否加载
lsmod | grep br_netfilter
# 加载
sysctl --system配置ipset以及ipvsadm依赖
bash
dnf -y install wget jq psmisc socat device-mapper-persistent-data lvm2 network-scripts conntrack ipvsadm ipset iptables curl sysstat libseccomp配置ipvsadm模块加载方式
bash
cat > /etc/sysconfig/modules/ipvs.modules <<FOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
FOF
# 授权、运行、检查是否加载
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack部署 docker
安装 Docker
bash
# 注册华为repo
dnf config-manager --add-repo=https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
# 软件仓库地址替换
sed -i 's+download.docker.com+mirrors.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# 替换centos识别版本号
sed -i 's+$releasever+9+' /etc/yum.repos.d/docker-ce.repo
# 安装docker-ce和依赖
dnf -y install docker-ce docker-ce-cli containerd docker-buildx-plugin docker-compose-plugin
# 配置镜像加速
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://noohub.ru",
"https://huecker.io",
"https://dockerhub.timeweb.cloud"
]
}
EOF
systemctl daemon-reload
systemctl enable docker --now安装cri-dockerd
CAUTION
Kubernetes 1.24+ 版本已彻底移除 dockershim,即使你安装了 Docker,也需要通过 cri-dockerd 适配器才能兼容,因此我们这里使用containerd 作为容器引擎。
bash
# 下载
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14-3.el7.x86_64.rpm
# 安装
dnf -y install ./cri-dockerd-0.3.14-3.el7.x86_64.rpm
#修改ExecStart参数 指向阿里云
sed -i 's,^ExecStart.*,& --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9,' /usr/lib/systemd/system/cri-docker.service
#启动cri-docker
systemctl daemon-reload
systemctl enable cri-docker.service --now
systemctl enable cri-docker.socket --now
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF配置kubernetes源
bash
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/rpm/repodata/repomd.xml.key
EOF
# 清除原有 yum 缓存
dnf clean all && dnf makecache安装Kubernetes集群
安装软件
bash
dnf install -y kubelet-1.31.4 kubeadm-1.31.4 kubectl-1.31.4 --disableexcludes=kubernetes配置kubelet
为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。
bash
sed -i 's/KUBELET_EXTRA_ARGS=/&"--cgroup-driver=systemd"/' /etc/sysconfig/kubelet
# 设置kubelet为开机自启动即可,由于没有生成配置文件,集群初始化后自动启动
systemctl enable kubelet --now安装镜像
bash
cat > image_download.sh << FOF
#!/bin/bash
images=(
kube-apiserver:v1.31.4
kube-controller-manager:v1.31.4
kube-scheduler:v1.31.4
kube-proxy:v1.31.4
pause:3.10
etcd:3.5.15-0
coredns:v1.11.3
)
for imageName in \${images[@]};
do
docker pull registry.aliyuncs.com/google_containers/\$imageName
docker tag registry.aliyuncs.com/google_containers/\$imageName registry.k8s.io/\$imageName
#docker rmi registry.aliyuncs.com/google_containers/\$imageName
done
FOF
sh image_download.sh
# 添加coredns命名空间
docker tag registry.k8s.io/coredns:v1.11.3 registry.k8s.io/coredns/coredns:v1.11.3master节点
bash
# 集群初始化
kubeadm init --kubernetes-version=v1.31.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.224.0.0/16 \
--apiserver-advertise-address=192.168.148.180 \
--image-repository=registry.aliyuncs.com/google_containers \
--cri-socket unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
# 以root身份运行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.confnode节点
bash
# 注册node到集群(node节点注册信息在master初始化后获得,--cri-socket和--ignore-preflight-errors需要单独增加)
kubeadm join 192.168.148.180:6443 --token pw66yn.00f6tnmsrs6fzbrf \
--discovery-token-ca-cert-hash sha256:a08eff7eb8c2e82f4ed356f921f3b8eca7613e70a1b7d2ddd2ff041dd89c3805 \
--cri-socket unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
# 如果没有保存这串值,可以使用以下命令来获取(master节点获取)
kubeadm token create --print-join-command部署容器网络CNI(master)
下载网络插件
网络插件下载的地址如下:https://kubernetes.io/docs/concepts/cluster-administration/addons/
bash
# 下载 calico
wget https://docs.projectcalico.org/manifests/calico.yaml修改IP地址
bash
- name: CALICO_IPV4POOL_CIDR
value: "10.224.0.0/16"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"安装网格
bash
kubectl apply -f calico.yaml监视calico-sysem命名空间中pod运行情况
bash
watch kubectl get pods -n kube-system
# 查看kube-system命名空间中coredns状态,处于Running状态表明联网成功。
kubectl get pods -n kube-system错误排查
calico-node-x Init:ErrImagePull
bash
# 确认镜像名
kubectl get daemonset calico-node -n kube-system -o yaml | grep image:
kubectl get deployment calico-kube-controllers -n kube-system -o yaml | grep image:
# 手动下载(在 master 节点执行)
docker pull docker.io/calico/node:v3.25.0集群初始化
在集群所有节点都需要执行
bash
# 强制重置 kubeadm
kubeadm reset --force --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=alldashboard - 图形化界面
YAML文件
创建存储目录
bash
mkdir -p dashboard-v2.7.0
cd dashboard-v2.7.0admin-secret.yaml
yaml
cat > admin-secret.yaml << EOF
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: dashboard-admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
EOFadmin-user.yaml
yaml
cat > admin-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOFkubernetes-dashboard.yaml
yaml
cat > kubernetes-dashboard.yaml << EOF
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30000
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
EOF部署dashboard
bash
cd dashboard-v2.7.0
kubectl create ns kubernetes-dashboard
kubectl apply -f admin-user.yaml -f admin-secret.yaml -f kubernetes-dashboard.yaml
# 查看资源
kubectl get po,svc -n kubernetes-dashboard获取登录token并登录
bash
kubectl get secret -A |grep admin
# 查看token
kubectl describe secret -n kubernetes-dashboard dashboard-admin-user访问
填入获取到的token点击登录
Kuboard - 图形化管理工具
轻量级 Kubernetes 图形化管理工具,资源占用低,响应速度快,适合快速操作和基础运维
Docker 单机部署
轻量级,无需 Kubernetes 集群,适合本地学习,快速测试/开发环境。
docker run 启动
bash
docker run -d \
--restart=unless-stopped \
--name=kuboard \
-p 30080:80 \
-p 10081:10081 \
-e KUBOARD_ENDPOINT="http://<服务器IP>:30080" \
-e KUBOARD_AGENT_SERVER_TCP_PORT=10081 \
-v /data/kuboard:/data \
swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3docker compos 启动
yaml文件
yaml
version: '3'
services:
kuboard:
image: swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3
container_name: kuboard
restart: unless-stopped
ports:
- "30080:80" # Web 控制台端口
- "10081:10081" # Agent 通信端口
environment:
- KUBOARD_ENDPOINT=http://<服务器IP>:30080 # 替换为你的服务器IP或域名
- KUBOARD_AGENT_SERVER_TCP_PORT=10081
volumes:
- /data/kuboard:/data # 持久化数据目录
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
# HTTPS 配置(需准备证书文件)
environment:
- KUBOARD_HTTPS=true
- KUBOARD_SSL_CERT=/ssl/kuboard.crt
- KUBOARD_SSL_KEY=/ssl/kuboard.key
volumes:
- ./kuboard.crt:/ssl/kuboard.crt
- ./kuboard.key:/ssl/kuboard.key启动
bash
# docker自带命令
docker compose up -d
# 二进制命令
docker-compose up -d访问控制台
- 地址:
http://<IP>:30080 - 默认账号:
admin/Kuboard123
Kubernetes 集群内部署
部署kuboard资源尽量保持集群清洁,避免影响端口被占用
bash
# 部署 Kuboard
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
# 您也可以使用下面的指令,唯一的区别是,该指令使用华为云的镜像仓库替代 docker hub 分发 Kuboard 所需要的镜像
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
# 检测部署状态
watch kubectl get pods -n kuboard -o wide
# 获取访问 Token(有效期1年)
kubectl -n kuboard create token admin --duration=8760h修改yaml文件配置
这里主要修改的配配置是 镜像拉取策略 原 imagePullPolicy: Always 改为 imagePullPolicy: IfNotPresent 这里是为了让pod 拉取本地已有的镜像。
KUBOARD_SERVER_NODE_PORT: '30080'改为``KUBOARD_ENDPOINT: http://kuboard-v3` 这里不改必报错
yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: kuboard
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kuboard-v3-config
namespace: kuboard
data:
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-built-in.html
# [common]
KUBOARD_SERVER_NODE_PORT: '30080'
KUBOARD_ENDPOINT: "http://kuboard-v3"
KUBOARD_AGENT_SERVER_UDP_PORT: '30081'
KUBOARD_AGENT_SERVER_TCP_PORT: '30081'
KUBOARD_SERVER_LOGRUS_LEVEL: info # error / debug / trace
# KUBOARD_AGENT_KEY 是 Agent 与 Kuboard 通信时的密钥,请修改为一个任意的包含字母、数字的32位字符串,此密钥变更后,需要删除 Kuboard Agent 重新导入。
KUBOARD_AGENT_KEY: 32b7d6572c6255211b4eec9009e4a816
KUBOARD_AGENT_IMAG: eipwork/kuboard-agent
KUBOARD_QUESTDB_IMAGE: questdb/questdb:6.0.5
KUBOARD_DISABLE_AUDIT: 'false' # 如果要禁用 Kuboard 审计功能,将此参数的值设置为 'true',必须带引号。
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-gitlab.html
# [gitlab login]
# KUBOARD_LOGIN_TYPE: "gitlab"
# KUBOARD_ROOT_USER: "your-user-name-in-gitlab"
# GITLAB_BASE_URL: "http://gitlab.mycompany.com"
# GITLAB_APPLICATION_ID: "7c10882aa46810a0402d17c66103894ac5e43d6130b81c17f7f2d8ae182040b5"
# GITLAB_CLIENT_SECRET: "77c149bd3a4b6870bffa1a1afaf37cba28a1817f4cf518699065f5a8fe958889"
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-github.html
# [github login]
# KUBOARD_LOGIN_TYPE: "github"
# KUBOARD_ROOT_USER: "your-user-name-in-github"
# GITHUB_CLIENT_ID: "17577d45e4de7dad88e0"
# GITHUB_CLIENT_SECRET: "ff738553a8c7e9ad39569c8d02c1d85ec19115a7"
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-ldap.html
# [ldap login]
# KUBOARD_LOGIN_TYPE: "ldap"
# KUBOARD_ROOT_USER: "your-user-name-in-ldap"
# LDAP_HOST: "ldap-ip-address:389"
# LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
# LDAP_BIND_PASSWORD: "admin"
# LDAP_BASE_DN: "dc=example,dc=org"
# LDAP_FILTER: "(objectClass=posixAccount)"
# LDAP_ID_ATTRIBUTE: "uid"
# LDAP_USER_NAME_ATTRIBUTE: "uid"
# LDAP_EMAIL_ATTRIBUTE: "mail"
# LDAP_DISPLAY_NAME_ATTRIBUTE: "cn"
# LDAP_GROUP_SEARCH_BASE_DN: "dc=example,dc=org"
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=posixGroup)"
# LDAP_USER_MACHER_USER_ATTRIBUTE: "gidNumber"
# LDAP_USER_MACHER_GROUP_ATTRIBUTE: "gidNumber"
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-boostrap
namespace: kuboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-boostrap-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kuboard-boostrap
namespace: kuboard
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
k8s.kuboard.cn/name: kuboard-etcd
name: kuboard-etcd
namespace: kuboard
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/name: kuboard-etcd
template:
metadata:
labels:
k8s.kuboard.cn/name: kuboard-etcd
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
- matchExpressions:
- key: k8s.kuboard.cn/role
operator: In
values:
- etcd
containers:
- env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: HOSTIP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
image: 'swr.cn-east-2.myhuaweicloud.com/kuboard/etcd-host:3.4.16-2'
imagePullPolicy: IfNotPresent
name: etcd
ports:
- containerPort: 2381
hostPort: 2381
name: server
protocol: TCP
- containerPort: 2382
hostPort: 2382
name: peer
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /health
port: 2381
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- mountPath: /data
name: data
dnsPolicy: ClusterFirst
hostNetwork: true
restartPolicy: Always
serviceAccount: kuboard-boostrap
serviceAccountName: kuboard-boostrap
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
- key: node-role.kubernetes.io/control-plane
operator: Exists
volumes:
- hostPath:
path: /usr/share/kuboard/etcd
name: data
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
k8s.kuboard.cn/name: kuboard-v3
name: kuboard-v3
namespace: kuboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s.kuboard.cn/name: kuboard-v3
template:
metadata:
labels:
k8s.kuboard.cn/name: kuboard-v3
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
weight: 100
- preference:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
weight: 100
containers:
- env:
- name: HOSTIP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
envFrom:
- configMapRef:
name: kuboard-v3-config
image: 'swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3'
imagePullPolicy: IfNotPresent
name: kuboard
ports:
- containerPort: 80
name: web
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 10081
name: peer
protocol: TCP
- containerPort: 10081
name: peer-u
protocol: UDP
resources: {}
# startupProbe:
# failureThreshold: 20
# httpGet:
# path: /kuboard-resources/version.json
# port: 80
# scheme: HTTP
# initialDelaySeconds: 5
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 1
dnsPolicy: ClusterFirst
restartPolicy: Always
serviceAccount: kuboard-boostrap
serviceAccountName: kuboard-boostrap
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
k8s.kuboard.cn/name: kuboard-v3
name: kuboard-v3
namespace: kuboard
spec:
ports:
- name: web
nodePort: 30080
port: 80
protocol: TCP
targetPort: 80
- name: tcp
nodePort: 30081
port: 10081
protocol: TCP
targetPort: 10081
- name: udp
nodePort: 30081
port: 10081
protocol: UDP
targetPort: 10081
selector:
k8s.kuboard.cn/name: kuboard-v3
sessionAffinity: None
type: NodePort访问 Kuboard
- 在浏览器中打开链接
http://your-node-ip-address:30080 - 输入初始用户名和密码,并登录
- 用户名:
admin - 密码:
Kuboard123
- 用户名:
Lens IDE
官网地址:https://k8slens.dev/
github地址:https://github.com/lensapp/lens/releases
Lens 是一款企业级 Kubernetes 可视化操作平台,2025版实现了三大技术革新:AI智能运维(异常检测准确率98.7%)、多云联邦管理(支持50+集群)和实时3D拓扑展示。本文介绍其安装环境、配置流程、核心功能及高阶技巧,帮助用户快速上手并解决常见问题。适用于 Windows、macOS 和 Ubuntu 系统,需满足最低配置要求并前置依赖组件如 kubectl 和 Helm。通过 Global Cluster Hub 实现多集群管理,AI辅助故障诊断提升运维效率,自定义监控看板和插件生态扩展提供更多功能。
安装环境准备
前置依赖组件
- Kubernetes集群版本 ≥ 1.27
- kubectl 2.15+ 并配置kubeconfig文件
- Helm 4.12+(可选插件管理)
Windows 安装
获取安装包
到官网选择Windows x64(.exe)下载
激活检测
刚打开软件会提示选择激活码,新用户需要注册,提示信息如下:
激活状态
当前应用尚未激活,需完成激活才能使用全部功能。
激活选项
New to Lens(新用户):注册新账号并获取激活资格
Already have a Lens ID(已有账号):通过现有Lens ID登录激活
Already have an Activation Code(已有激活码):
✓ 支持离线或隔离环境使用
✓ 可粘贴已有的激活码直接激活
操作指引
点击底部蓝色按钮"Get Started!"开始激活流程,根据自身情况选择对应选项即可。界面设计符合暗色模式标准,重点信息通过白/蓝对比色突出显示。
新用户注册
填写表单信息
- 国家选择(COUNTRY)
- 默认已选择 United States of America(美国),输入
china搜索。
- 默认已选择 United States of America(美国),输入
- 姓名填写(FIRST NAME & LAST NAME)
- 需分别输入 名(First Name) 和 姓(Last Name)。
- 公司信息(COMPANY)
- 可选填,右侧 “i” 图标可能提供额外说明(如是否需要企业邮箱等)。
- 邮箱(EMAIL)
- 请确认是否为本人的有效邮箱(用于接收激活链接或通知)。
- 密码(PASSWORD)
- 需设置密码,右侧 “眼睛”图标 可切换明文/密文显示,“i”图标 可能提示密码规则(如长度、复杂度要求)。
勾选选项
- 订阅营销信息
- 默认勾选接收产品更新、新闻和营销邮件(来自 Mirantis, Inc.),可取消勾选。
- 服务条款与隐私政策
- 必须勾选 “I accept Lens Terms of Service and Privacy Policy” 才能继续注册。
下一步操作
- 点击底部蓝色 “Continue” 按钮 提交注册信息,系统可能会发送验证邮件或跳转至下一步(如激活流程)。
登录方式
企业邮箱登录(默认)
输入框预设格式为
your.name@company.com,需替换为你的企业邮箱地址(如公司提供的域名邮箱)。点击蓝色 "Continue" 按钮 提交,系统会验证企业账户是否存在:
✓ 若存在,跳转至密码输入或SSO登录流程
✓ 若不存在,可能引导至企业注册页面
跳过企业邮箱(个人用户)
- 点击底部 "Don't have a company email address? Skip",可切换至个人账号登录
服务的套餐选择
| 套餐类型 | 适用人群 | 价格 | 核心特点 |
|---|---|---|---|
| PERSONAL | 新手用户/轻度使用者 | 免费 | 基础功能,适合学习和简单场景 |
| PLUS | 高级用户/需要更多功能 | $25/月 | 增强功能(如高级集群管理、优先支持等) |
- 免费版提示:标注"see eligibility"可能隐含限制条件(如资源配额或功能限制),建议点击查看详情。
- 付费版优势:适合需要更高性能、专业支持或团队协作的用户。
连接Kubernetes集群
- 查看集群配置信息:
cat ~/.kube/config - 点击+号选择
Add Kubecconfig pasting