搭建kuboard-v3并配置使用ldap登录
官方文档:https://www.kuboard.cn/install/v3/install-in-k8s.html
1.namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: kuboard2.configMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: kuboard-v3-config
namespace: kuboard
data:
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-built-in.html
# [common]
KUBOARD_ENDPOINT: 'http://172.17.xxx.xxx:30080'
KUBOARD_AGENT_SERVER_UDP_PORT: '30081'
KUBOARD_AGENT_SERVER_TCP_PORT: '30081'
KUBOARD_SERVER_LOGRUS_LEVEL: info # error / debug / trace
# KUBOARD_AGENT_KEY 是 Agent 与 Kuboard 通信时的密钥,请修改为一个任意的包含字母、数字的32位字符串,此密钥变更后,需要删除 Kuboard Agent 重新导入。
KUBOARD_AGENT_KEY: 32b7d6572c6255211b42eeaec9009e4a816
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-gitlab.html
# [gitlab login]
# KUBOARD_LOGIN_TYPE: "gitlab"
# KUBOARD_ROOT_USER: "your-user-name-in-gitlab"
# GITLAB_BASE_URL: "http://gitlab.mycompany.com"
# GITLAB_APPLICATION_ID: "7c10882aa4aa6810a0402d17c66103894ac5e43d6130b81c17f7f2d8ae182040b5"
# GITLAB_CLIENT_SECRET: "77c149bd3a4b6aa870bffa1a1afaf37cba28a1817f4cf518699065f5a8fe958889"
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-github.html
# [github login]
# KUBOARD_LOGIN_TYPE: "github"
# KUBOARD_ROOT_USER: "your-user-name-in-github"
# GITHUB_CLIENT_ID: "17577d45e4de7dad88se0"
# GITHUB_CLIENT_SECRET: "ff738553a8c7e9aad39569c8d02c1d85ec19115a7"
# 关于如下参数的解释,请参考文档 https://kuboard.cn/install/v3/install-ldap.html
# [ldap login]
KUBOARD_LOGIN_TYPE: "ldap"
KUBOARD_ROOT_USER: "xxx@xxx.cn"
LDAP_HOST: "pandas.xxx.xxx:389"
LDAP_BIND_DN: "cn=readonly,dc=xxx,dc=cn"
LDAP_BIND_PASSWORD: "123456"
LDAP_BASE_DN: "ou=People,dc=xxx,dc=cn"
LDAP_FILTER: "(&(objectClass=itcastPerson)(isDeleted=false)(status=1)(isEnabled=true))"
LDAP_ID_ATTRIBUTE: "userName"
LDAP_USER_NAME_ATTRIBUTE: "userName"
LDAP_EMAIL_ATTRIBUTE: "email"
LDAP_DISPLAY_NAME_ATTRIBUTE: "cn"
# 组设置
LDAP_GROUP_SEARCH_BASE_DN: "name=Department,dc=xxx,dc=cn"
LDAP_GROUP_SEARCH_FILTER: "(&(objectClass=itcastDepartment)(isDeleted=false)(status=1)(isEnabled=true))"
LDAP_USER_MACHER_USER_ATTRIBUTE: "departmentId"
LDAP_USER_MACHER_GROUP_ATTRIBUTE: "id"
LDAP_GROUP_NAME_ATTRIBUTE: "name"3.statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: kuboard-etcd
namespace: kuboard
labels:
app: kuboard-etcd
spec:
serviceName: kuboard-etcd
replicas: 3
selector:
matchLabels:
app: kuboard-etcd
template:
metadata:
name: kuboard-etcd
labels:
app: kuboard-etcd
spec:
containers:
- name: kuboard-etcd
image: swr.cn-east-2.myhuaweicloud.com/kuboard/etcd:v3.4.14
ports:
- containerPort: 2379
name: client
- containerPort: 2380
name: peer
env:
- name: KUBOARD_ETCD_ENDPOINTS
value: >-
kuboard-etcd-0.kuboard-etcd:2379,kuboard-etcd-1.kuboard-etcd:2379,kuboard-etcd-2.kuboard-etcd:2379
volumeMounts:
- name: data
mountPath: /data
command:
- /bin/sh
- -c
- |
PEERS="kuboard-etcd-0=http://kuboard-etcd-0.kuboard-etcd:2380,kuboard-etcd-1=http://kuboard-etcd-1.kuboard-etcd:2380,kuboard-etcd-2=http://kuboard-etcd-2.kuboard-etcd:2380"
exec etcd --name {HOSTNAME} \
--listen-peer-urls http://0.0.0.0:2380 \
--listen-client-urls http://0.0.0.0:2379 \
--advertise-client-urls http://{HOSTNAME}.kuboard-etcd:2379 \
--initial-advertise-peer-urls http://{HOSTNAME}:2380 \
--initial-cluster-token kuboard-etcd-cluster-1 \
--initial-cluster{PEERS} \
--initial-cluster-state new \
--auto-compaction-retention 1 \
--quota-backend-bytes 8388608000 \
--data-dir /data/kuboard.etcd
volumeClaimTemplates:
- metadata:
name: data
spec:
# 请填写一个有效的 StorageClass name
storageClassName: nfs-client
accessModes: [ "ReadWriteMany" ]
resources:
requests:
storage: 5Gi4.etcd-service.yaml
apiVersion: v1
kind: Service
metadata:
name: kuboard-etcd
namespace: kuboard
spec:
type: ClusterIP
ports:
- port: 2379
name: client
- port: 2380
name: peer
selector:
app: kuboard-etcd5.deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: '9'
k8s.kuboard.cn/ingress: 'false'
k8s.kuboard.cn/service: NodePort
k8s.kuboard.cn/workload: kuboard-v3
labels:
k8s.kuboard.cn/name: kuboard-v3
name: kuboard-v3
namespace: kuboard
spec:
replicas: 1
selector:
matchLabels:
k8s.kuboard.cn/name: kuboard-v3
template:
metadata:
labels:
k8s.kuboard.cn/name: kuboard-v3
spec:
containers:
- env:
- name: KUBOARD_ETCD_ENDPOINTS
value: >-
kuboard-etcd-0.kuboard-etcd:2379,kuboard-etcd-1.kuboard-etcd:2379,kuboard-etcd-2.kuboard-etcd:2379
envFrom:
- configMapRef:
name: kuboard-v3-config
image: 'swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3.5.2.4'
imagePullPolicy: Always
name: kuboard6.kuboard-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
k8s.kuboard.cn/workload: kuboard-v3
labels:
k8s.kuboard.cn/name: kuboard-v3
name: kuboard-v3
namespace: kuboard
spec:
ports:
- name: webui
port: 80
protocol: TCP
targetPort: 80
- name: agentservertcp
port: 10081
protocol: TCP
targetPort: 10081
- name: agentserverudp
port: 10081
protocol: UDP
targetPort: 10081
selector:
k8s.kuboard.cn/name: kuboard-v3
sessionAffinity: None
type: ClusterIP7.ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kuboard-v3
namespace: kuboard
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
k8s.kuboard.cn/displayName: kuboard
k8s.kuboard.cn/workload: kuboard
nginx.org/websocket-services: "kuboard"
nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
spec:
tls:
- hosts:
- xxx.xxx.cn
secretName: xxx-xxx
rules:
- host: xxx.xxx.cn
http:
paths:
- path: /
backend:
serviceName: kuboard-v3
servicePort: webui8.获取管理员token
kubectl -n kube-system get secret (kubectl -n kube-system get secret | grep kuboard-user 
