k8s网站页面(dashboard)部署与谷歌浏览器访问k8s仪表盘问题解决
文章目录操作环境1、两个master节点检查pod资源是否正常2、master节点上创建dashboard工作目录,并拷贝部署web界面所需的文件到指定目录3、根据上传的文件创建相应的pod(顺序不能乱)4、访问web界面,并解决访问问题5、选择使用令牌访问6、小结k8s创建pod资源有两种方式重新部署时,当apply不生效时,先使用delete清除资源,再apply创建资源操作环境kuberet
·
文章目录
操作环境
kuberetes多节点部署环境下:
负载均衡lb
Nginx01:14.0.0.77/24
Nginx02:14.0.0.88/24
Master节点
master:14.0.0.11/24
master02:14.0.0.66/24
Node节点
node01:14.0.0.33/24
node02:14.0.0.55/24
1、两个master节点检查pod资源是否正常
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
14.0.0.33 NotReady <none> 8d v1.12.3
14.0.0.55 NotReady <none> 8d v1.12.3
如果是noready ,漂移地址没了,则在两个nginx节点重启keepalived服务
systemctl restart keepalived
再在master端查看:
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
14.0.0.33 Ready <none> 8d v1.12.3
14.0.0.55 Ready <none> 8d v1.12.3
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-t45hv 1/1 Running 0 14h
2、master节点上创建dashboard工作目录,并拷贝部署web界面所需的文件到指定目录
//在master上操作
//创建dashborad工作目录
[root@master ~]# cd k8s
[root@master k8s]# mkdir dashboard
//拷贝官方的文件(直接复制即可)
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
- configmap:配置文件
- deployment:部署
- rbac:授权管理,k8s安全框架
- serect:身份验证
- service:服务
现在五个合成了一个里面,需要自己辨别
从官方网站下载资源太慢了:
解决方法:
注册一个网站–码云(gitee),先将github的资源下载到gitee上,再从gitee下载资源
我这里提前下载好了文件,就直接拖进来了(一共6个yaml文件):
链接:https://pan.baidu.com/s/1R64YwY5ExgNVuJeG3DJxWw
提取码:7vvr
- dashboard-configmap.yaml
- dashboard-rbac.yaml
- dashboard-service.yaml
- dashboard-controller.yaml
- dashboard-secret.yaml
- k8s-admin.yaml
[root@master dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
3、根据上传的文件创建相应的pod(顺序不能乱)
#创建访问控制的pod
[root@master dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
#创建安全的pod
[root@master dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
#创建配置的pod
[root@master dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
创建控制器的pod
[root@master dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
创建service服务pod
[root@master dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
完成后查看创建在指定的kube-system命名空间下(-n namespace指定命名空间)
[root@master dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-bh6dm 1/1 Running 0 2m36s
其他查看
##查看命名空间
[root@master dashboard]# kubectl get configMap -n kube-system
NAME DATA AGE
extension-apiserver-authentication 1 8d
kubernetes-dashboard-settings 0 5m16s
##查看service资源(Service 或者 svc)
[root@master dashboard]# kubectl get Service -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.0.0.105 <none> 443:30001/TCP 10m
[root@master dashboard]# kubectl get Service -n kube-system -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes-dashboard NodePort 10.0.0.105 <none> 443:30001/TCP 10m k8s-app=kubernetes-dashboard
[root@master dashboard]# kubectl get svc -n kube-system -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes-dashboard NodePort 10.0.0.105 <none> 443:30001/TCP 10m k8s-app=kubernetes-dashboard
##查看pods资源
[root@master dashboard]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
kubernetes-dashboard-65f974f565-ww6ll 1/1 Running 0 11m 172.17.41.2 14.0.0.55 <none>
##同时查看(中间加逗号)
[root@master dashboard]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
kubernetes-dashboard-65f974f565-ww6ll 1/1 Running 0 11m 172.17.41.2 14.0.0.55 <none>
[root@master dashboard]# kubectl get pods,svc -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod/kubernetes-dashboard-65f974f565-ww6ll 1/1 Running 0 13m 172.17.41.2 14.0.0.55 <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.105 <none> 443:30001/TCP 13m k8s-app=kubernetes-dashboard
4、访问web界面,并解决访问问题
访问 https://14.0.0.55:30001/,打开开发者工具,查看security发现缺少证书
换一个浏览器可能就行,谷歌浏览器不行,
解决方法:自己做证书。
为谷歌浏览器写一个证书
[root@master dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
Bash执行/root/k8s/k8s-cert/路径下的脚本,生成证书到指定目录
[root@master dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/10/08 20:16:05 [INFO] generate received request
2020/10/08 20:16:05 [INFO] received CSR
2020/10/08 20:16:05 [INFO] generating key: rsa-2048
2020/10/08 20:16:05 [INFO] encoded CSR
2020/10/08 20:16:05 [INFO] signed certificate with serial number 30412001701878355171255459809575532049300388054
2020/10/08 20:16:05 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
修改dashboard-controller.yaml文件,添加密钥认证路径
[root@master dashboard]# vim dashboard-controller.yaml
......
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates ##这行下面添加两行内容
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
重新部署
- 注意:当apply不生效时,先使用delete清除资源,再apply创建资源
[root@master dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
再次访问web界面
5、选择使用令牌访问
生成令牌
[root@master dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
保存
[root@master dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-f9qcm kubernetes.io/service-account-token 3 49s
default-token-pkr55 kubernetes.io/service-account-token 3 9d
kubernetes-dashboard-certs Opaque 11 5h29m
kubernetes-dashboard-key-holder Opaque 2 5h59m
kubernetes-dashboard-token-q2slk kubernetes.io/service-account-token 3 5h59m
查看令牌(token下面的,复制下方令牌,填写到浏览器中即可)
[root@master dashboard]# kubectl describe secret dashboard-admin-token-f9qcm -n kube-system
Name: dashboard-admin-token-f9qcm
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 012c694d-098e-11eb-b94c-000c29b1e929
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZjlxY20iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDEyYzY5NGQtMDk4ZS0xMWViLWI5NGMtMDAwYzI5YjFlOTI5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.vbFYx081ltJkB5IakAKMitqHk5G6UjL4_JCiSHVSJJ4SLTL9x_M8Ppw6n6eAlljfWRj_ZwDIbfK6D48SpERqQgxJ3W9YALtSLy3SH24l_Wh-oRpcvVnIre6763TOT0oak2bbvCcMc0LczuUsQVEGpRSWo2AyJTaw3Vmgepn0lTsh2G0gXSbp5seYOc6uXDWH4GFG0txm75DCTTKNcRoiLgwOtsYBRS59A0XSAyWI1bEbw3LvVoOrSIZqvt3jasZJz9JioWztAVXdMj28pGOMhGrixBBX61mW9-MKffNOEvFZDql6lKi34gRuMQjMxio2tAAI8E0ymxxH1mTaX48RJQ
这就是kubernetes网站:
- 默认三个命名空间:
- kube-public
- default
- kube-system
6、小结
k8s创建pod资源有两种方式
1、使用kubectl 命令创建:kubectl run 名称 --image= 镜像
2、使用yaml文件格式进行创建:kubectl create -f yaml文件
重新部署时,当apply不生效时,先使用delete清除资源,再apply创建资源
kubectl apply -f dashboard-controller.yaml 无法显示更改(dashboard-controller.yaml 确定了证书是否生效)
先删除:
kubectl delete -f dashboard-controller.yaml
查看:(又变成151)
kubectl get pods,svc -n kube-system -o wide
查看token:
vim dashboard-controller.yaml
进入谷歌浏览器搜索
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)