Kubernetes 集群部署 ------ 二进制集群 (部署 web界面)4
接着之前的几篇博客,接下来是我们部署 k8s 集群的最后一步,搭建 web界面,最后直接在 web界面上管理 pod即可。———— 部署开始:dashborad 官方文件地址:官网地址———— 在 master01上操作://创建 dashborad(控制面板)工作目录:[root@localhost k8s]# mkdir dashboard//拷贝官方文件(总共6个):[ro...
·
接着之前的几篇博客,接下来是我们部署 k8s 集群的最后一步,搭建 web界面,最后直接在 web界面上管理 pod即可。
———— 部署开始:
dashborad 官方文件地址:官网地址
———— 在 master01上操作:
//创建 dashborad(控制面板)工作目录:
[root@localhost k8s]# mkdir dashboard
//拷贝官方文件(总共6个):
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
//加载、创建所有的文件:
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
//完成创建后查看创建在指定的 kube-system命名空间下:
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-rs2h4 1/1 Running 0 4m23s
//查看如何访问:
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-rs2h4 1/1 Running 0 6m57s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.130 <none> 443:30001/TCP 6m49s
此时,我们用火狐浏览器访问:https://192.168.220.136:30001/
原因:没有自签证书
如何解决:写一个证书
在 master01上:
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
//接下来,就是生成证书:
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
[root@localhost dashboard]# vim dashboard-controller.yaml
在 args目录下,添加证书的路径:
...
(省略内容)
...
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
...
(省略内容)
...
//接下来,进行重新部署:
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
然后,我们再次访问刚刚的那个网站:https://192.168.220.136:30001/
选择接受风险并继续,选择令牌:
接下来,我们要做的就是生成令牌,在浏览器中填入即可:
//生成令牌:
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
//保存:
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-829rp kubernetes.io/service-account-token 3 9s
default-token-rsrxp kubernetes.io/service-account-token 3 3h10m
kubernetes-dashboard-certs Opaque 11 12m
kubernetes-dashboard-key-holder Opaque 2 119m
kubernetes-dashboard-token-6rdlf kubernetes.io/service-account-token 3 118m
//查看令牌:
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-829rp -n kube-system
而下面,就是生成令牌的一段密文:
我们把这段密文复制,然后粘贴到,浏览器上面的空白处即可:
然后,我们可以在控制面板上,管理我们的各个组件,查看各类信息和概况等等,非常的方便。
更多推荐
已为社区贡献3条内容
所有评论(0)