K8s1.17部署Dashboard2.0(上)
自己制作证书1、删除上面创建的各种资源#kubectldelete-fcreate-admin.yaml#kubectldelete-fdashboard-admin-bind-clusterrole.yaml#kubectldelete-frecommended.yaml2、修改recommended.yaml⽂件#因为我们要⼿动创建名称空间,把这⾥的创建删除掉,不然如果出了错⽤yaml删除ns
·
自己制作证书
1、删除上面创建的各种资源
# kubectl delete -f create-admin.yaml
# kubectl delete -f dashboard-admin-bind-clusterrole.yaml
# kubectl delete -f recommended.yaml
2、修改recommended.yaml⽂件
#因为我们要⼿动创建名称空间,把这⾥的创建删除掉,不然如果出了
错⽤yaml删除ns的时候也会把⾥⾯的资源全部删掉
#apiVersion: v1
#kind: Namespace
#metadata:
# name: kubernetes-dashboard
---
#增加直接访问端⼝
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30008 #增加
selector:
k8s-app: kubernetes-dashboard
---
#注释掉kubernetes-dashboard-certs对象声明
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-rc6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
protocol: TCP
args:
#- --auto-generate-certificates ##注释掉
⾃动⽣成证书
- --namespace=kubernetes-dashboard
# Uncomment the following line to
manually specify Kubernetes API server Host
# If not specified, Dashboard will
attempt to auto discover the API server and connect
# to it. Uncomment only if the default
does not work.
# - --apiserver-host=http://myaddress:port
# 添加我们⾃⼰⽣成的证书名称
- --tls-cert-file=/dashboard.crt
- --tls-key-file=/dashboard.key
- --token-ttl=3600
3、创建证书
# mkdir /root/certs
# cd /root/certs/
创建key⽂件
# openssl genrsa -out dashboard.key 2048
证书请求
# openssl req -new -out dashboard.csr -key
dashboard.key -subj '/CN=192.168.1.201'
⾃签证书
# openssl x509 -req -days 365 -in dashboard.csr -
signkey dashboard.key -out dashboard.crt
创建命名空间
# kubectl create namespace kubernetes-dashboard
创建kubernetes-dashboard-certs对象
# kubectl create secret generic kubernetesdashboard-certs --fromfile=/root/certs/dashboard.key --fromfile=/root/certs/dashboard.crt -n kubernetesdashboard
4、安装 Dashboard
创建账号绑定权限
# vim create-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
安装Dashboard
# kubectl create -f ~/recommended.yaml
检查结果
# kubectl get pods -A -o wide
# kubectl get service -n kubernetes-dashboard -o
wide
5、查看⽤户Token
# kubectl -n kubernetes-dashboard describe secret
$(kubectl -n kubernetes-dashboard get secret | grep
admin-user | awk '{print $1}')
Name: admin-user-token-z4jp6
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name:
admin-user
kubernetes.io/service-account.uid:
349285ce-741d-4dc1-a600-1843a6ec9751
Type: kubernetes.io/service-account-token
Data
====
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6InY5M1pSc3RpejBVZ0x6LTN
SbWlCc2t5b01ualNZWnpYMVB5YzUwNmZ3ZmsifQ.eyJpc3MiOiJr
dWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5p
by9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVz
LWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291
bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXo0anA2
Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNl
LWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVz
LmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQi
OiIzNDkyODVjZS03NDFkLTRkYzEtYTYwMC0xODQzYTZlYzk3NTEi
LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRl
cy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JtCa0VC7tYtIGLWlwSK
UwqSL0T8eRvZ8jk_AUxB4Atmi5PjF9IjAHNNwGS3HaTL3Q86fCI8
MvYGf3Eplk9X-ng9WsrFIxXxa0wGJxZp0d8R78A6vuN7I7Zd5CeQm_O2ycTUuQhYnS
ZlNplF8X033QOfjOoFnKKevbn2094XXWWZuAsT9haGnZ8BX92DmY
zsaMyLesfv7ZziJD80KgSQ8_jtb0n55zw5cedYTsRCZgofJ_o9U5
SUW3I0AXG-vVhI28m0sMBjZkuMppfB4eMLnSDHXAw3Gvwe_2NOLfS4hBTkYu7gJketgif9Cs8Ybkzvf2qXdZW5fydZUuSylafg
ca.crt: 1025 bytes
namespace: 20 bytes
6、访问
安装 metrics-server 插件
1、简单介绍
Heapster已经被Metrics-Server取代,如果使⽤Kubernetes的⾃ 动扩容功能的话,那⾸先得有⼀个插件,然后该插件将收集到的信息 (cpu、memory..)与⾃动扩容的设置的值进⾏⽐对,⾃动调整pod数 量。关于该插件,在kubernetes的早些版本中采⽤的是heapster, 1.13版本正式发布后,丢弃了heapster,官⽅推荐采⽤metricssever。
2、下载相关yaml⽂件
https://github.com/kubernetes-incubator/metrics-server
[root@k8s-master ~]# git clone
https://github.com/kubernetes-incubator/metricsserver.git
[root@k8s-master ~]# cd metrics-server/deploy/1.8+/
[root@k8s-master 1.8+]# ll
总⽤量 28
-rw-r--r-- 1 root root 384 4⽉ 28 09:46 aggregatedmetrics-reader.yaml
-rw-r--r-- 1 root root 308 4⽉ 28 09:46 authdelegator.yaml
-rw-r--r-- 1 root root 329 4⽉ 28 09:46 authreader.yaml
-rw-r--r-- 1 root root 298 4⽉ 28 09:46 metricsapiservice.yaml
-rw-r--r-- 1 root root 815 4⽉ 28 09:46 metricsserver-deployment.yaml
-rw-r--r-- 1 root root 291 4⽉ 28 09:46 metricsserver-service.yaml
-rw-r--r-- 1 root root 502 4⽉ 28 09:46 resourcereader.yaml
3、修改安装脚本
vim metrics-server-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use fromscratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: mirrorgooglecontainers/metricsserver-amd64:v0.3.6 # 修改镜像下载地址
args: # 添加以下内容
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-insecure-tls
- --kubelet-preferred-addresstypes=InternalIP,ExternalIP,Hostname
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
imagePullPolicy: Always
volumeMounts:
- name: tmp-dir
mountPath: /tmp
4、执⾏安装脚本并产看结果
#安装
[root@k8s-master 1.8+]# kubectl create -f .
#1-2分钟后查看结果
[root@k8s-master 1.8+]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes)
MEMORY%
k8s-master 256m 12% 2002Mi 52%
k8s-node1 103m 5% 1334Mi 34%
k8s-node2 144m 7% 1321Mi 34%以上与大家分享的内容,如果需要领取免费学习资料,或者学习交流,扫码加我拉你进群
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)