1. Deploy kubord

kubord Deployment is simple , Get deployed yaml, direct kubectl Command to deploy this yaml that will do

 curl -o kuboard-v3.yaml https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
 kubectl apply -f kuboard-v3.yaml

yaml The specific contents of the document are as follows

• Need modification KUBOARD_ENDPOINT Clustered for you nodeip
• storageClassName Change to the storage class existing in the cluster

[[email protected] ~]# cat kuboard-v3.yaml
---
apiVersion: v1
kind: Namespace
metadata:
  name: kuboard

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kuboard-v3-config
  namespace: kuboard
data:
  #  Explanation of the following parameters , Please refer to the documentation  https://kuboard.cn/install/v3/install-built-in.html
  # [common]
  KUBOARD_ENDPOINT: 'http://xx.xx.xx.xx:30080'
  KUBOARD_AGENT_SERVER_UDP_PORT: '30081'
  KUBOARD_AGENT_SERVER_TCP_PORT: '30081'
  KUBOARD_SERVER_LOGRUS_LEVEL: info  # error / debug / trace
  # KUBOARD_AGENT_KEY  yes  Agent  And  Kuboard  Key for communication , Please change to include any one of the letters 、 Digital 32 A string , After this key is changed , You need to remove  Kuboard Agent  Re import .
  KUBOARD_AGENT_KEY: 32b7d6572c6255211b4eec9009e4a816

  #  Explanation of the following parameters , Please refer to the documentation  https://kuboard.cn/install/v3/install-gitlab.html
  # [gitlab login]
  # KUBOARD_LOGIN_TYPE: "gitlab"
  # KUBOARD_ROOT_USER: "your-user-name-in-gitlab"
  # GITLAB_BASE_URL: "http://gitlab.mycompany.com"
  # GITLAB_APPLICATION_ID: "7c10882aa46810a0402d17c66103894ac5e43d6130b81c17f7f2d8ae182040b5"
  # GITLAB_CLIENT_SECRET: "77c149bd3a4b6870bffa1a1afaf37cba28a1817f4cf518699065f5a8fe958889"

  #  Explanation of the following parameters , Please refer to the documentation  https://kuboard.cn/install/v3/install-github.html
  # [github login]
  # KUBOARD_LOGIN_TYPE: "github"
  # KUBOARD_ROOT_USER: "your-user-name-in-github"
  # GITHUB_CLIENT_ID: "17577d45e4de7dad88e0"
  # GITHUB_CLIENT_SECRET: "ff738553a8c7e9ad39569c8d02c1d85ec19115a7"

  #  Explanation of the following parameters , Please refer to the documentation  https://kuboard.cn/install/v3/install-ldap.html
  # [ldap login]
  # KUBOARD_LOGIN_TYPE: "ldap"
  # KUBOARD_ROOT_USER: "your-user-name-in-ldap"
  # LDAP_HOST: "ldap-ip-address:389"
  # LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
  # LDAP_BIND_PASSWORD: "admin"
  # LDAP_BASE_DN: "dc=example,dc=org"
  # LDAP_FILTER: "(objectClass=posixAccount)"
  # LDAP_ID_ATTRIBUTE: "uid"
  # LDAP_USER_NAME_ATTRIBUTE: "uid"
  # LDAP_EMAIL_ATTRIBUTE: "mail"
  # LDAP_DISPLAY_NAME_ATTRIBUTE: "cn"
  # LDAP_GROUP_SEARCH_BASE_DN: "dc=example,dc=org"
  # LDAP_GROUP_SEARCH_FILTER: "(objectClass=posixGroup)"
  # LDAP_USER_MACHER_USER_ATTRIBUTE: "gidNumber"
  # LDAP_USER_MACHER_GROUP_ATTRIBUTE: "gidNumber"
  # LDAP_GROUP_NAME_ATTRIBUTE: "cn"

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: kuboard-etcd
  namespace: kuboard
  labels:
    app: kuboard-etcd
spec:
  serviceName: kuboard-etcd
  replicas: 3
  selector:
    matchLabels:
      app: kuboard-etcd
  template:
    metadata:
      name: kuboard-etcd
      labels:
        app: kuboard-etcd
    spec:
      containers:
      - name: kuboard-etcd
        image: swr.cn-east-2.myhuaweicloud.com/kuboard/etcd:v3.4.14
        ports:
        - containerPort: 2379
          name: client
        - containerPort: 2380
          name: peer
        env:
        - name: KUBOARD_ETCD_ENDPOINTS
          value: >-
            kuboard-etcd-0.kuboard-etcd:2379,kuboard-etcd-1.kuboard-etcd:2379,kuboard-etcd-2.kuboard-etcd:2379
        volumeMounts:
        - name: data
          mountPath: /data
        command:
          - /bin/sh
          - -c
          - |
            PEERS="kuboard-etcd-0=http://kuboard-etcd-0.kuboard-etcd:2380,kuboard-etcd-1=http://kuboard-etcd-1.kuboard-etcd:2380,kuboard-etcd-2=http://kuboard-etcd-2.kuboard-etcd:2380"
            exec etcd --name ${HOSTNAME} \
              --listen-peer-urls http://0.0.0.0:2380 \
              --listen-client-urls http://0.0.0.0:2379 \
              --advertise-client-urls http://${HOSTNAME}.kuboard-etcd:2379 \
              --initial-advertise-peer-urls http://${HOSTNAME}:2380 \
              --initial-cluster-token kuboard-etcd-cluster-1 \
              --initial-cluster ${PEERS} \
              --initial-cluster-state new \
              --data-dir /data/kuboard.etcd
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      #  Please fill in a valid  StorageClass name
      storageClassName: cbs
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 10Gi

---
apiVersion: v1
kind: Service
metadata:
  name: kuboard-etcd
  namespace: kuboard
spec:
  type: ClusterIP
  ports:
  - port: 2379
    name: client
  - port: 2380
    name: peer
  selector:
    app: kuboard-etcd

---
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: '9'
    k8s.kuboard.cn/ingress: 'false'
    k8s.kuboard.cn/service: NodePort
    k8s.kuboard.cn/workload: kuboard-v3
  labels:
    k8s.kuboard.cn/name: kuboard-v3
  name: kuboard-v3
  namespace: kuboard
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s.kuboard.cn/name: kuboard-v3
  template:
    metadata:
      labels:
        k8s.kuboard.cn/name: kuboard-v3
    spec:
      containers:
        - env:
            - name: KUBOARD_ETCD_ENDPOINTS
              value: >-
                kuboard-etcd-0.kuboard-etcd:2379,kuboard-etcd-1.kuboard-etcd:2379,kuboard-etcd-2.kuboard-etcd:2379
          envFrom:
            - configMapRef:
                name: kuboard-v3-config
          image: 'swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3'
          imagePullPolicy: Always
          name: kuboard

---
apiVersion: v1
kind: Service
metadata:
  annotations:
    k8s.kuboard.cn/workload: kuboard-v3
  labels:
    k8s.kuboard.cn/name: kuboard-v3
  name: kuboard-v3
  namespace: kuboard
spec:
  ports:
    - name: webui
      nodePort: 30080
      port: 80
      protocol: TCP
      targetPort: 80
    - name: agentservertcp
      nodePort: 30081
      port: 10081
      protocol: TCP
      targetPort: 10081
    - name: agentserverudp
      nodePort: 30081
      port: 10081
      protocol: UDP
      targetPort: 10081
  selector:
    k8s.kuboard.cn/name: kuboard-v3
  sessionAffinity: None
  type: NodePort

2. To configure ingress

I can use it here nginx-ingress To configure a domain name to provide access

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: ingress
    nginx.ingress.kubernetes.io/use-regex: "true"
  name: kuboard-ingress
  namespace: kuboard
spec:
  rules:
  - host: kuboard.tke.niewx.cn
    http:
      paths:
      - backend:
          serviceName: kuboard-v3
          servicePort: 80
        path: /
  tls:
  - hosts:
    - kuboard.tke.niewx.cn
    secretName: kuboard-tls

Once created, we can use kuboard.tke.niewx.cn This domain name to visit kuboard

3. Sign in kuboard

Enter the access domain name in the browser , You will be prompted to enter your account and password to log in , The default login account password is

• user name ： admin
• password ： Kuboard123

4. add to k8s colony

Here we demonstrate how to add a cluster to kuboard To manage

Wait here agent Of pod function , It means that the cluster import is successful

[[email protected] ~]# kubectl get pods -n kuboard -o wide -l "k8s.kuboard.cn/name in (kuboard-agent, kuboard-agent-2)"
NAME                               READY   STATUS    RESTARTS   AGE   IP           NODE                    NOMINATED NODE   READINESS GATES
kuboard-agent-2-5bcb78d76b-n5c82   1/1     Running   0          36s   10.0.0.87    eklet-subnet-ktam6hp8   <none>           1/1
kuboard-agent-b954f6c4-hkwtx       1/1     Running   0          36s   10.0.0.254   eklet-subnet-ktam6hp8   <none>           1/1

5. Import cluster resources

After the cluster is successfully imported , We can do that kuboard To add, delete, modify and query our cluster resources , Clicking on the cluster view will allow you to select the access identity , Here you can choose kuboard-admin, All access permissions are available by default , Then click cluster summary to enter the cluster overview page

We click a namespace under the namespace to view resources

Get into ns after , We can operate ns Resources under , Here are some easy-to-use functions

5.1 deployment package

kuboard Provides us with monitoring , journal , Storage and other monitoring kits , Support one click deployment to the cluster , It can save a lot of deployment process

5.2 Replication capabilities for workloads

kuboard Supports replication of existing workloads , This supports one click replication , Can span ns And cross cluster , It saves the trouble of multiple deployments

5.3 Workload export function

We can export the resource objects under a namespace as yaml, If you need to deploy to other clusters , You only need one button apply Derived yaml File can

5.4 Import workload

If you have deployed yaml file , You can use the import workload feature , Whether your resource objects conflict will be adjusted in time during the import process

5.5 Specific operational workloads

Click on the workload to go in , You can see pod All the information about , We can view it in one interface deployment Corresponding to other associated resources , such as service,ingress etc.

Click on the file browser , You can transfer files from the container to the local or upload files to the container

Click trace log to view the standard output log of the container

Click on sh perhaps bash, It can enter the container directly

Other basic functions , Such as viewing events , View modification yaml, These functions will not be introduced one by one , You can experience it yourself , On the whole ,kuboard Is more functional than the current public cloud k8s The product console has more functions .

6. Create access users

Sometimes we do permission control , You need to assign different permissions to different users to view the cluster , We can create other login users in the user and permission interface

Here we will build a new one niewx Users of , Give users viewer jurisdiction

Here, you can bind users to their user groups , Bind the permissions of the global and a cluster , Here we give t Binding with tke Clustered viewer jurisdiction

Let's log in niewx account number , Check whether the corresponding permission only has viewer

Click cluster , Select the role here to see only viewer Identity can be selected ,kuboard-admin There is no choice

Viewing the workload also only has the import workload function , Click workload to enter view , You can only view logs and pod Information rights , You cannot copy files or enter containers .

If you feel that the role of the system cannot meet your needs , You can customize the role , Here you can customize the resource permissions of the role , It can be configured flexibly .

kuboard So much for the introduction , Use this to manage your k8s colony , Very convenient , The functions provided are also very rich , It can be said to be management k8s The artifact of the cluster .