xavor/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

añadido dashboard y corregido metallb

Browse Source
This commit is contained in:
xguefer
2025-08-11 01:17:35 +02:00
parent e29fd152d8
commit 0f46ec6f15
13 changed files with 185 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cert-manager/clusterissuer-prod.yaml
View File

@@ -11,4 +11,4 @@ spec:
solvers:
- http01:
ingress:
ingressClassName: traefik
ingressClassName: nginx

2
cert-manager/clusterissuer-staging.yaml
View File

@@ -11,4 +11,4 @@ spec:
solvers:
- http01:
ingress:
ingressClassName: traefik
ingressClassName: nginx

26
dashboard/ingress/ingress.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # el pod escucha TLS en 8443
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # redirige http -> https
spec:
ingressClassName: nginx
tls:
- hosts:
- k8s.c2et.net
secretName: dashboard-tls
rules:
- host: k8s.c2et.net
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443

11
dashboard/kustomization.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubernetes-dashboard
resources:
- namespace.yaml
- rbac/serviceaccount.yaml
- rbac/clusterrolebinding.yaml
- services/service.yaml
- ingress/ingress.yaml

4
dashboard/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard

12
dashboard/rbac/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

5
dashboard/rbac/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard

68
dashboard/readme.md Normal file
View File

@@ -0,0 +1,68 @@
# 🎛️ Manifiestos para Kubernetes Dashboard
Este repositorio contiene los manifiestos necesarios para desplegar **Kubernetes Dashboard**, la interfaz gráfica oficial de Kubernetes. Kubernetes Dashboard permite:
* Visualizar y manejar recursos de Kubernetes (pods, deployments, servicios, etc.)
* Monitorizar el estado y métricas de los clústeres
* Proporcionar acceso basado en roles al clúster
Se instala en el namespace `kubernetes-dashboard`, con cuentas de servicio y permisos RBAC adecuados, y se expone internamente o mediante un servicio de tipo NodePort.
> Kubernetes Dashboard facilita la administración de clústeres al ofrecer una vista amigable y centralizada de los recursos, ideal para usuarios que prefieren entornos gráficos.
---
## Despliegue paso a paso
1. **Ir al directorio del proyecto**
```bash
cd ~/k3s/k8s-dashboard
```
2. **Crear el namespace**
```bash
kubectl apply -f namespace.yaml
```
3. **Configurar RBAC (Role-Based Access Control)**
* Crear la cuenta de servicio en el namespace:
```bash
kubectl apply -f rbac/serviceaccount.yaml
```
* Asignar permisos de cluster-admin (ajustar a roles más restrictivos en producción):
```bash
kubectl apply -f rbac/clusterrolebinding.yaml
```
4. **Desplegar el Dashboard oficial**
```bash
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
```
5. **Exponer el servicio**
```bash
kubectl apply -f services/service.yaml
```
---
## Autenticación
Para obtener el token de acceso:
```bash
kubectl -n kubernetes-dashboard create token admin-user
```
Copia el token y pégalo en la interfaz web cuando se te solicite.
---
Con estos manifiestos, Kubernetes Dashboard quedará desplegado y accesible, ofreciendo una gestión gráfica completa del clúster.

16
dashboard/services/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
spec:
type: ClusterIP
selector:
k8s-app: kubernetes-dashboard
ports:
- name: https
port: 443
targetPort: 8443
protocol: TCP

6
ingress-nginx/services/service.yaml
View File

@@ -4,15 +4,15 @@ metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
type: LoadBalancer
loadBalancerIP: 192.168.0.100
selector:
app.kubernetes.io/name: ingress-nginx
ports:
- name: http
port: 80
targetPort: 80
nodePort: 30080
- name: https
port: 443
targetPort: 443
nodePort: 30443

2
metallb/ipaddresspool.yaml
View File

@@ -5,5 +5,5 @@ metadata:
namespace: metallb-system
spec:
addresses:
- 192.168.1.100 - 192.168.1.110
- 192.168.0.100-192.168.0.110
- 192.168.200.10-192.168.200.20

38
metallb/test-lb.yaml
View File

@@ -1,38 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: lb-test
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-lb
namespace: lb-test
spec:
replicas: 1
selector:
matchLabels:
app: test-lb
template:
metadata:
labels:
app: test-lb
spec:
containers:
- name: test-lb
image: nginx:alpine
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: test-lb
namespace: lb-test
spec:
type: LoadBalancer
selector:
app: test-lb
ports:
- port: 80
targetPort: 80

36
test/testpod.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
name: test-http
# annotations:
# metallb.universe.tf/address-pool: default
spec:
# type: NodePort
type: LoadBalancer
loadBalancerIP: 192.168.200.10
selector:
app: test-http
ports:
- port: 80
targetPort: 80
# nodePort: 30080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-http
spec:
replicas: 1
selector:
matchLabels:
app: test-http
template:
metadata:
labels:
app: test-http
spec:
containers:
- name: test-http
image: nginx:alpine
ports:
- containerPort: 80