当前位置：首页 > news >正文

《国产系统运维笔记》第6期：银河麒麟+K8s太难管？30分钟部署Kuboard，国产化运维终于轻松了

news 2026/5/12 17:19:05

如果你是运维工程师或开发人员，最近几年一定被这两个关键词刷屏了：国产化替代和Kubernetes。当信创浪潮遇上云原生时代，在国产操作系统上部署容器管理平台不再是选择题，而是必答题。本文实现了在银河麒麟服务器系统V11(2503)已经部署Kubernetes集群的基础上安装那款让无数运维爱不释手的可视化管理工具——Kuboard。

什么是Kuboard

Kuboard 是一款面向 Kubernetes（K8s）的开源、轻量级、可视化管理平台，由国内开发者团队打造，专为降低 K8s 使用门槛而设计。它提供完整的 Web 图形界面，支持多集群管理、应用部署、服务监控、日志查看、事件追踪、配置管理（如 ConfigMap、Secret）、命名空间操作等核心功能，几乎覆盖了日常运维和开发所需的全部场景。与 Rancher、Lens 等工具相比，Kuboard 更加轻量——仅需一个 Pod 即可运行，资源占用低，部署简单（单个 YAML 文件即可），且完全支持离线私有化部署，不依赖任何外部 SaaS 服务，非常适合对数据安全和合规性要求高的国产化环境（如银河麒麟、统信 UOS 等）。Kuboard 原生支持中文界面，文档详尽，学习成本低，特别适合刚接触 K8s 的团队快速上手。目前主流版本是 Kuboard v3，采用前后端一体化架构，通过内置 Agent 实现集群状态实时同步，并支持基于 RBAC 的细粒度权限控制。此外，Kuboard 还提供了丰富的国产镜像源（如华为云 SWR、阿里云 ACR），有效规避了 Docker Hub 访问受限的问题。无论是测试环境快速验证，还是生产环境稳定运维，Kuboard 都是一个兼顾易用性、安全性与本土适配性的优秀选择。

环境准备与检查

系统环境确认

首先，我们确认当前系统环境：

查看银河麒麟系统版本：

cat/etc/.kyinfo

查看内核版本：

uname-r

查看k8s集群状态：

kubectl cluster-info

检查K8s集群状态

检查节点状态：

kubectl get nodes

检查核心组件状态：

kubectl get pods -n kube-system

确认kubectl配置正确：

kubectl config current-context

Kuboard部署详细步骤

下载Kuboard部署文件

wgethttps://addons.kuboard.cn/kuboard/kuboard-v3.yaml

也可以下载下面的yaml文件，唯一的区别是，该指令使用华为云的镜像仓库替代 docker hub 分发 Kuboard 所需要的镜像（如果出现镜像拉取不到可以使用下面的yaml文件）：

wgethttps://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml

部署Kuboard

创建kuboard

我部署用的kuboard-v3-swr.yaml内容如下：

--- apiVersion: v1 kind: Namespace metadata: name: kuboard --- apiVersion: v1 kind: ConfigMap metadata: name: kuboard-v3-config namespace: kuboard data:# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-built-in.html# [common]KUBOARD_SERVER_NODE_PORT:'30080'KUBOARD_AGENT_SERVER_UDP_PORT:'30081'KUBOARD_AGENT_SERVER_TCP_PORT:'30081'KUBOARD_SERVER_LOGRUS_LEVEL: info# error / debug / trace# KUBOARD_AGENT_KEY 是 Agent 与 Kuboard 通信时的密钥，请修改为一个任意的包含字母、数字的32位字符串，此密钥变更后，需要删除 Kuboard Agent 重新导入。KUBOARD_AGENT_KEY: 32b7d6572c6255211b4eec9009e4a816 KUBOARD_AGENT_IMAG: swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard-agent KUBOARD_QUESTDB_IMAGE: swr.cn-east-2.myhuaweicloud.com/kuboard-dependency/questdb:6.0.4 KUBOARD_DISABLE_AUDIT:'false'# 如果要禁用 Kuboard 审计功能，将此参数的值设置为 'true'，必须带引号。# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-gitlab.html# [gitlab login]# KUBOARD_LOGIN_TYPE: "gitlab"# KUBOARD_ROOT_USER: "your-user-name-in-gitlab"# GITLAB_BASE_URL: "http://gitlab.mycompany.com"# GITLAB_APPLICATION_ID: "7c10882aa46810a0402d17c66103894ac5e43d6130b81c17f7f2d8ae182040b5"# GITLAB_CLIENT_SECRET: "77c149bd3a4b6870bffa1a1afaf37cba28a1817f4cf518699065f5a8fe958889"# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-github.html# [github login]# KUBOARD_LOGIN_TYPE: "github"# KUBOARD_ROOT_USER: "your-user-name-in-github"# GITHUB_CLIENT_ID: "17577d45e4de7dad88e0"# GITHUB_CLIENT_SECRET: "ff738553a8c7e9ad39569c8d02c1d85ec19115a7"# 关于如下参数的解释，请参考文档 https://kuboard.cn/install/v3/install-ldap.html# [ldap login]# KUBOARD_LOGIN_TYPE: "ldap"# KUBOARD_ROOT_USER: "your-user-name-in-ldap"# LDAP_HOST: "ldap-ip-address:389"# LDAP_BIND_DN: "cn=admin,dc=example,dc=org"# LDAP_BIND_PASSWORD: "admin"# LDAP_BASE_DN: "dc=example,dc=org"# LDAP_FILTER: "(objectClass=posixAccount)"# LDAP_ID_ATTRIBUTE: "uid"# LDAP_USER_NAME_ATTRIBUTE: "uid"# LDAP_EMAIL_ATTRIBUTE: "mail"# LDAP_DISPLAY_NAME_ATTRIBUTE: "cn"# LDAP_GROUP_SEARCH_BASE_DN: "dc=example,dc=org"# LDAP_GROUP_SEARCH_FILTER: "(objectClass=posixGroup)"# LDAP_USER_MACHER_USER_ATTRIBUTE: "gidNumber"# LDAP_USER_MACHER_GROUP_ATTRIBUTE: "gidNumber"# LDAP_GROUP_NAME_ATTRIBUTE: "cn"--- apiVersion: v1 kind: ServiceAccount metadata: name: kuboard-boostrap namespace: kuboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kuboard-boostrap-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kuboard-boostrap namespace: kuboard --- apiVersion: apps/v1 kind: DaemonSet metadata: labels: k8s.kuboard.cn/name: kuboard-etcd name: kuboard-etcd namespace: kuboard spec: revisionHistoryLimit:10selector: matchLabels: k8s.kuboard.cn/name: kuboard-etcd template: metadata: labels: k8s.kuboard.cn/name: kuboard-etcd spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/master operator: Exists - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Exists - matchExpressions: - key: k8s.kuboard.cn/role operator: In values: - etcd containers: - env: - name:HOSTNAMEvalueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: HOSTIP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP image:'swr.cn-east-2.myhuaweicloud.com/kuboard/etcd-host:3.4.16-2'imagePullPolicy: Always name: etcd ports: - containerPort:2381hostPort:2381name: server protocol: TCP - containerPort:2382hostPort:2382name: peer protocol: TCP livenessProbe: failureThreshold:3httpGet: path: /health port:2381scheme: HTTP initialDelaySeconds:30periodSeconds:10successThreshold:1timeoutSeconds:1volumeMounts: - mountPath: /data name: data dnsPolicy: ClusterFirst hostNetwork:truerestartPolicy: Always serviceAccount: kuboard-boostrap serviceAccountName: kuboard-boostrap tolerations: - key: node-role.kubernetes.io/master operator: Exists - key: node-role.kubernetes.io/control-plane operator: Exists volumes: - hostPath: path: /usr/share/kuboard/etcd name: data updateStrategy: rollingUpdate: maxUnavailable:1type: RollingUpdate --- apiVersion: apps/v1 kind: Deployment metadata: annotations:{}labels: k8s.kuboard.cn/name: kuboard-v3 name: kuboard-v3 namespace: kuboard spec: replicas:1revisionHistoryLimit:10selector: matchLabels: k8s.kuboard.cn/name: kuboard-v3 template: metadata: labels: k8s.kuboard.cn/name: kuboard-v3 spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: node-role.kubernetes.io/master operator: Exists weight:100- preference: matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Exists weight:100containers: - env: - name: HOSTIP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name:HOSTNAMEvalueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName envFrom: - configMapRef: name: kuboard-v3-config image:'swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v3'imagePullPolicy: Always livenessProbe: failureThreshold:3httpGet: path: /kuboard-resources/version.json port:80scheme: HTTP initialDelaySeconds:30periodSeconds:10successThreshold:1timeoutSeconds:1name: kuboard ports: - containerPort:80name: web protocol: TCP - containerPort:443name: https protocol: TCP - containerPort:10081name: peer protocol: TCP - containerPort:10081name: peer-u protocol: UDP readinessProbe: failureThreshold:3httpGet: path: /kuboard-resources/version.json port:80scheme: HTTP initialDelaySeconds:30periodSeconds:10successThreshold:1timeoutSeconds:1resources:{}# startupProbe:# failureThreshold: 20# httpGet:# path: /kuboard-resources/version.json# port: 80# scheme: HTTP# initialDelaySeconds: 5# periodSeconds: 10# successThreshold: 1# timeoutSeconds: 1dnsPolicy: ClusterFirst restartPolicy: Always serviceAccount: kuboard-boostrap serviceAccountName: kuboard-boostrap tolerations: - key: node-role.kubernetes.io/master operator: Exists --- apiVersion: v1 kind: Service metadata: annotations:{}labels: k8s.kuboard.cn/name: kuboard-v3 name: kuboard-v3 namespace: kuboard spec: ports: - name: web nodePort:30080port:80protocol: TCP targetPort:80- name: tcp nodePort:30081port:10081protocol: TCP targetPort:10081- name: udp nodePort:30081port:10081protocol: UDP targetPort:10081selector: k8s.kuboard.cn/name: kuboard-v3 sessionAffinity: None type: NodePort