Linux

K8S集群安装Headlamp管理平面

一、基础环境

IP地址部署应用
192.168.2.101K8S Master
192.168.2.102K8S Node
192.168.2.103K8S Node
192.168.2.104Harbor

二、部署Headlamp

2.1、下载镜像

在192.168.2.104执行如下代码,拉取并push镜像

1
2
3

docker pull ghcr.io/headlamp-k8s/headlamp:latest
docker tag  ghcr.io/headlamp-k8s/headlamp:latest 192.168.2.104/library/headlamp-k8s/headlamp:latest
docker push 192.168.2.104/library/headlamp-k8s/headlamp:latest

2.2、部署headlamp

在192.168.2.101执行如下代码

1
2
3
4
5

 wget https://raw.githubusercontent.com/kubernetes-sigs/headlamp/main/kubernetes-headlamp.yaml
 #替换成本地镜像
sed -i -E 's#^([[:space:]]*image:[[:space:]]*).*headlamp.*#\1192.168.2.104/library/headlamp-k8s/headlamp:latest#' kubernetes-headlamp.yaml
kubectl apply -f kubernetes-headlamp.yaml
kubectl get pod -n kube-system -o wide | grep -E 'NAME|head'

检查pod状态,查看是否已经运行,返回如下即可

1
2

NAME                                       READY   STATUS    RESTARTS        AGE    IP              NODE         NOMINATED NODE   READINESS GATES
headlamp-6c88f98bc5-m7zgn                  1/1     Running   0               118m   10.244.92.13    k8s-slave2   <none>           <none>

2.3、映射到域名

使用如下命令生成对应的yaml文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

cat << 'EOF' > headlamp-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: headlamp-ingress
  namespace: kube-system # 请修改为你实际安装 headlamp 的命名空间
spec:
  ingressClassName: nginx
  rules:
  - host: headlamp.xxx.com # 你的访问域名
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: headlamp # 刚才 grep 出来的 service 名字
            port:
              number: 80
EOF
#执行命令
kubectl apply -f headlamp-ingress.yaml

检查该域名在哪一个ip上

1

kubectl get ingress -n kube-system

返回的结果如下

1
2

NAME               CLASS   HOSTS                   ADDRESS         PORTS   AGE
headlamp-ingress   nginx   headlamp.xxx.com   192.168.2.210   80      42s

将返回的域名和ip地址解析到DNS服务器。

2.4、配置token

在浏览器中打开域名,需要填入token,在192.168.2.101执行如下命令获得token

1
2
3
4
5
6

kubectl create serviceaccount headlamp-admin -n kube-system
 kubectl create clusterrolebinding headlamp-admin-binding \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:headlamp-admin
#创建一年的token
kubectl create token headlamp-admin -n kube-system --duration=8760h

输出的内容即为token

1

eyJhbGciOiJSUzI1NiIsImtpZCI6ImF5MFB5OXRVTmZJa19reG1aYkFLcGtDeFpUQVVvMktJdEt5NVQyajVUS00ifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxODA2MTIwNjc3LCJpYXQiOjE3NzQ1ODQ2NzcsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiMjBlY2VlZTctZmY2Ni00YzUwLWE2ZTQtNzliMDI4ZWRiNGY1Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbiIsInVpZCI6ImM4YzZjZjVmLTc0NmItNDZkYS1hYjQzLTNiZTU2M2NkYzQ0MiJ9fSwibmJmIjoxNzc0

将该值输入到token栏中,即可登陆headlamp

comments powered by Disqus