K8S多节点二进制部署-------UI页面搭建

文章目录一、概述二、环境介绍三、配置dashboard页面一、概述Kubernetes有一个基于web的用户界面，它可以图表化显示当前集群状态。Kubernetes UI可以被用于监控你当前的集群，例如查看资源利用率或者检查错误信息。但是你不能用UI修改集群。访问Kubernetes UI后，你可以看到主页动态列出的你当前集群的所有节点，而且还会有相关信息列出，包括内部IP地址，CPU状...

时光慢旅

646人浏览 · 2020-05-08 01:44:59

时光慢旅 · 2020-05-08 01:44:59 发布

文章目录

一、概述

Kubernetes有一个基于web的用户界面，它可以图表化显示当前集群状态。
Kubernetes UI可以被用于监控你当前的集群，例如查看资源利用率或者检查错误信息。但是你不能用UI修改集群。
访问Kubernetes UI后，你可以看到主页动态列出的你当前集群的所有节点，而且还会有相关信息列出，包括内部IP地址，CPU状态，内存状态和文件系统状态。

在这里插入图片描述

二、环境介绍

此UI页面是基于k8s多节点二进制部署基础上搭建的，K8S多节点二进制部署，点此跳～～

三、配置dashboard页面

在master01上创建dashborad工作目录

[root@k8s_master ~]#  mkdir /root/dashboard

拷贝官方的配置文件到dashboard目录下
官方地址：https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard

[root@k8s_master dashboard]# ls
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml

基于官方yaml文件创建pod资源，形成dashboard页面

[root@k8s_master dashboard]# kubectl create -f dashboard-configmap.yaml 
configmap/kubernetes-dashboard-settings created

[root@k8s_master dashboard]# kubectl create -f dashboard-rbac.yaml 
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

[root@k8s_master dashboard]# kubectl create -f dashboard-service.yaml 
service/kubernetes-dashboard created

[root@k8s_master dashboard]# kubectl create -f dashboard-controller.yaml 
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created

[root@k8s_master dashboard]# kubectl create -f dashboard-secret.yaml 
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created

查看已创建的资源和服务

##查看kube-system名称空间内的资源和服务（因为官方下载的ymal中指定名称空间为kube-system）
[root@k8s_master dashboard]# kubectl get pods,svc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-56sjj   1/1     Running   1          7m4s

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.61    <none>        443:30001/TCP   7m13s

##查看该pod资源被创建在哪个node上
[root@k8s_master dashboard]# kubectl get pods -n kube-system -o wide
NAME                                    READY   STATUS    RESTARTS   AGE   IP            NODE           NOMINATED NODE
kubernetes-dashboard-65f974f565-56sjj   1/1     Running   1          12m   172.17.56.2   192.168.5.20   <none>

谷歌浏览器网页访问node01 dashboard页面，发现无法访问

在这里插入图片描述
解决方法：对于谷歌浏览器证书错误无法访问的问题

给dashboard颁发证书

##给dashboard颁发证书
[root@k8s_master dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   },
   "names": [
       {
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"
       }
   ]
}
EOF

K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

##执行脚本生成证书到/root/k8s-cert
[root@k8s_master dashboard]# bash dashboard-cert.sh /root/k8s-cert/
2020/05/08 01:14:18 [INFO] generate received request
2020/05/08 01:14:18 [INFO] received CSR
2020/05/08 01:14:18 [INFO] generating key: rsa-2048
2020/05/08 01:14:19 [INFO] encoded CSR
2020/05/08 01:14:19 [INFO] signed certificate with serial number 301938884116900831714724982152836225162670460222
2020/05/08 01:14:19 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created

修改dashboard-controller.yaml ，增加证书两行，然后apply

[root@k8s_master dashboard]# vim  dashboard-controller.yaml

在这里插入图片描述

重新部署dashboard资源

##重新部署dashboard资源
[root@k8s_master dashboard]# kubectl apply -f dashboard-controller.yaml 
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured

编写yaml文件，生成访问令牌

##创建ymal文件
[root@k8s_master dashboard]# vi k8s-admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

##生成令牌资源
[root@k8s_master dashboard]# kubectl create -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

##查看生成的用户
[root@k8s_master dashboard]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-lp8jt        kubernetes.io/service-account-token   3      3m7s
default-token-jm2lm                kubernetes.io/service-account-token   3      8d
kubernetes-dashboard-certs         Opaque                                10     18m
kubernetes-dashboard-key-holder    Opaque                                2      47m
kubernetes-dashboard-token-mwmfv   kubernetes.io/service-account-token   3      48m

##查看令牌详细信息
[root@k8s_master dashboard]# kubectl describe secret dashboard-admin-token-lp8jt  -n kube-system
Name:         dashboard-admin-token-lp8jt
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 643a6e88-9088-11ea-bd75-000c29d0473d

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1359 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHA4anQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjQzYTZlODgtOTA4OC0xMWVhLWJkNzUtMDAwYzI5ZDA0NzNkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.b_CR8fNdqCNNt7DDchLDQoA47KchYbanIJkWRtNO1UYzRwylq7pMUTEab9Duw7rdgJNGcS-dK_r0Bfmh56BsVQaq_jUvYEvu4QYC4FYrrR0C4FPZTddUeR5eJc05k6GalS9RC5fElZIXmBzwT0qhx5nALVdKZvGHLx2JX7Jm6ShJyU3S1Jzx-MMWS-4zngSFRZIjQ7PxmlCHTkE9cuqIw15TmPfYou7-bH6fAqlyuW0bn7fLhEBCoRvQxLbDTJLpTwiNK2MHFgYDNuyFnkcFx4lFg-x6eNxDtXtrCZewFfTe6erhv8zGp4fA-8g1-BQPpWxr0RPr5SVO3F3dpsnryw

完成后需要重新查看该网页pod被分配到哪个node，然后进行网页访问

[root@k8s_master dashboard]# kubectl get pods -n kube-system -o wide
NAME                                    READY   STATUS    RESTARTS   AGE   IP            NODE           NOMINATED NODE
kubernetes-dashboard-7dffbccd68-6lvzp   1/1     Running   1          17m   172.17.93.4   192.168.5.30   <none>

网页访问node2，https://192.168.5.30

在这里插入图片描述

成功进入k8s UI页面

在这里插入图片描述

K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 | 韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号前言台湾作家林清玄在接受记者采访的时候，如此评价自己 30 多年写作生涯：“第一个十年我才华横溢，‘贼光闪现’，令周边黯然失色；第二个十年，我终于‘宝光现形’，不再去抢风头，反而与身边的美丽相得益彰；进入第三个十年，繁华落尽见真醇，我进入了‘醇光初现’的阶段，真正体味到了境界之美”。长夜有穷，真水无香。领略过了 K8s“身在江

K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台？

作者 | 孙健波（天元）导读：当前云原生 DevOps 体系现状如何？面临哪些挑战？如何通过 OAM 解决云原生 DevOps 场景下的诸多问题？云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答，并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps？为什么基于 Kub