這是kubernetes二進(jìn)制部署的第四篇
如果沒有看過前面第一篇的朋友可以看看下面的:
Kubernetes二進(jìn)制部署(一)單節(jié)點(diǎn)部署
kubernetes二進(jìn)制部署(二)多節(jié)點(diǎn)部署
kubernetes二進(jìn)制部署(三)負(fù)載均衡部署
成都創(chuàng)新互聯(lián)公司網(wǎng)站建設(shè)公司���,提供成都網(wǎng)站制作�����、成都做網(wǎng)站����,網(wǎng)頁設(shè)計(jì),建網(wǎng)站��,PHP網(wǎng)站建設(shè)等專業(yè)做網(wǎng)站服務(wù);可快速的進(jìn)行網(wǎng)站開發(fā)網(wǎng)頁制作和功能擴(kuò)展����;專業(yè)做搜索引擎喜愛的網(wǎng)站,是專業(yè)的做網(wǎng)站團(tuán)隊(duì)�,希望更多企業(yè)前來合作!
在master01上操作
1、創(chuàng)建dashborad工作目錄
[root@localhost k8s]# mkdir dashboard
2�、拷貝官方文件
[root@localhost k8s]# cd dashboard/
[root@localhost dashboard]# ls? ? ? ? ? ??
dashboard-configmap.yaml ? dashboard-rbac.yaml ? ?dashboard-service.yaml
dashboard-controller.yaml ?dashboard-secret.yaml ?k8s-admin.yaml
##相關(guān)文件用途:
dashboard-configmap.yaml:配置應(yīng)用
dashboard-rbac.yaml:授權(quán)訪問api����,web界面
dashboard-service.yaml:訪問應(yīng)用
dashboard-controller.yaml:控制器
dashboard-secret.yaml:安全、加密
k8s-admin.yaml:生成令牌
3�����、組件創(chuàng)建
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
4、完成后查看創(chuàng)建在指定的kube-system命名空間下
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?READY ? STATUS ? ?RESTARTS ? AGE
kubernetes-dashboard-65f974f565-8b88b ? 1/1 ? ? Running ? 0 ? ? ? ? ?2m56s
5���、查看如何訪問
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?READY ? STATUS ? ?RESTARTS ? AGE
pod/kubernetes-dashboard-65f974f565-8b88b ? 1/1 ? ? Running ? 0 ? ? ? ? ?4m4s
NAME ? ? ? ? ? ? ? ? ? ? ? ? ? TYPE ? ? ? CLUSTER-IP ? EXTERNAL-IP ? PORT(S) ? ? ? ? AGE
service/kubernetes-dashboard ? NodePort ? 10.0.0.26 ? ? ? ? ? ?443:30001/TCP ? 3m50s
6�、訪問nodeIP就可以訪問
瀏覽器訪問https://192.168.35.101:30001/
7���、google瀏覽器無法訪問的問題����,解決辦法如下
(1)證書自簽
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <
(2)生成證書
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/02/08 19:55:08 [INFO] generate received request
2020/02/08 19:55:08 [INFO] received CSR
2020/02/08 19:55:08 [INFO] generating key: rsa-2048
2020/02/08 19:55:09 [INFO] encoded CSR
2020/02/08 19:55:09 [INFO] signed certificate with serial number 702272605681507929850954926507995861695177925647
2020/02/08 19:55:09 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
[root@localhost dashboard]# ls
dashboard-cert.sh ? ? ? ? ?dashboard-csr.json ? dashboard-secret.yaml
dashboard-configmap.yaml ? dashboard-key.pem ? ?dashboard-service.yaml
dashboard-controller.yaml ?dashboard.pem ? ? ? ?k8s-admin.yaml
dashboard.csr ? ? ? ? ? ? ?dashboard-rbac.yaml
(3)dashboard-controller.yaml 增加證書兩行���,然后apply
[root@localhost dashboard]# vim dashboard-controller.yaml
? ? ? ? args:
? ? ? ? ? # PLATFORM-SPECIFIC ARGS HERE
? ? ? ? ? - --auto-generate-certificates
? ? ? ? ? - --tls-key-file=dashboard-key.pem
? ? ? ? ? - --tls-cert-file=dashboard.pem
(4)重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
(5)再次進(jìn)行訪問:https://192.168.35.101:30001/
8�����、生成令牌
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
9�、保存
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? TYPE ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?DATA ? AGE
dashboard-admin-token-ls8r7 ? ? ? ?kubernetes.io/service-account-token ? 3 ? ? ?73s
default-token-685rn ? ? ? ? ? ? ? ?kubernetes.io/service-account-token ? 3 ? ? ?6h36m
kubernetes-dashboard-certs ? ? ? ? Opaque ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?11 ? ? 16m
kubernetes-dashboard-key-holder ? ?Opaque ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?2 ? ? ?41m
kubernetes-dashboard-token-drpwb ? kubernetes.io/service-account-token ? 3 ? ? ?40m
10���、查看令牌
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-ls8r7 -n kube-system
Name: ? ? ? ? dashboard-admin-token-ls8r7
Namespace: ? ?kube-system
Labels: ? ? ?
Annotations: ?kubernetes.io/service-account.name: dashboard-admin
? ? ? ? ? ? ? kubernetes.io/service-account.uid: f283296f-4a6b-11ea-b063-000c29148af8
Type: ?kubernetes.io/service-account-token
Data
====
ca.crt: ? ? 1359 bytes
namespace: ?11 bytes
token: ? ? ?eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHM4cjciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjI4MzI5NmYtNGE2Yi0xMWVhLWIwNjMtMDAwYzI5MTQ4YWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.dBbCRc4aRFrqAGxW55Zdu0JZz47Yh3DvtLUXZcK0-eV_3sdKz8fCS2K4x6Ey-USKRlIFc2VTH1AEIeWDzFvON5NrVLiyxEF5uQu9Ezo7f74lTwFnOYnASspF-8pi7_HzVQu9CtWcp1WEJAqQg_Ng2E7Ibo-gZmoy2DFgQ-60qcLfFm2ylxoM9yNrMEmSVcMDi8aC9JLsZxQlSRKb7gZn7Sns31Yot8NLxS8oXOmx8m7NysYWoOjZE3q645v96y4tqr3cuG9cCe1_tB5io3c1jiYxKfMLJetxcvNcyH4pbx6YwLu0PKI3o9tescu1uhRtxUN33dY5o4ple-ENPsan_w
11����、復(fù)制令牌進(jìn)行登錄
主界面:
進(jìn)入容器:點(diǎn)擊容器組——》點(diǎn)擊運(yùn)行命令——》進(jìn)入容器
在node節(jié)點(diǎn)訪問IP:
[root@localhost cfg]# curl 172.17.45.2
Welcome to nginx!
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
web界面查看日志:
當(dāng)前標(biāo)題:kubernetes二進(jìn)制部署(四)webUI界面部署
文章起源:
http://weahome.cn/article/gjsjjd.html
重慶分公司
重慶分公司
