内容要点:
1、环境介绍
2、web界面部署
一、环境介绍:
1、此篇作为k8s群集部署的最后一步,前几步博客地址:
kubernetes二进制集群部署一——etcd存储组件、flannel网络组件部署:
https://blog.51cto.com/14475876/2470049
kubernetes二进制集群部署二——单master集群部署+多master群及部署:
https://blog.51cto.com/14475876/2470063
kubernetes二进制集群部署三——负载均衡调度器部署:
https://blog.51cto.com/14475876/2470086
2、dashborad 官方文件地址:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
二、web界面部署:
在 master01上操作: //创建 dashborad(控制面板)工作目录: [root@localhost k8s]# mkdir dashboard //拷贝官方文件(总共6个): [root@localhost dashboard]# ls dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml //加载、创建所有的文件: [root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created [root@localhost dashboard]# kubectl create -f dashboard-secret.yaml secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-key-holder created [root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml configmap/kubernetes-dashboard-settings created [root@localhost dashboard]# kubectl create -f dashboard-controller.yaml serviceaccount/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created [root@localhost dashboard]# kubectl create -f dashboard-service.yaml service/kubernetes-dashboard created //完成创建后查看创建在指定的 kube-system命名空间下: [root@localhost dashboard]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE kubernetes-dashboard-65f974f565-rs2h5 1/1 Running 0 4m23s //查看如何访问: [root@localhost dashboard]# kubectl get pods,svc -n kube-system NAME READY STATUS RESTARTS AGE pod/kubernetes-dashboard-65f974f565-x9vrg 1/1 Running 0 8m32s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes-dashboard NodePort 10.0.0.110 <none> 443:30001/TCP 8m18s
此时,我们用谷歌浏览器访问:https://192.168.109.131:30001/
原因:没有自签证书
如何解决:写一个证书
在 master01上: [root@localhost dashboard]# vim dashboard-cert.sh cat > dashboard-csr.json <<EOF { "CN": "Dashboard", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing" } ] } EOF K8S_CA=$1 cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard kubectl delete secret kubernetes-dashboard-certs -n kube-system kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system //接下来,就是生成证书: [root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/ [root@localhost dashboard]# vim dashboard-controller.yaml 在 args目录下,添加证书的路径: ... (省略内容) ... args: # PLATFORM-SPECIFIC ARGS HERE - --auto-generate-certificates - --tls-key-file=dashboard-key.pem - --tls-cert-file=dashboard.pem ... (省略内容) ...
//接下来,进行重新部署: [root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply serviceaccount/kubernetes-dashboard configured Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply deployment.apps/kubernetes-dashboard configured
然后,我们再次访问刚刚的那个网站:https://192.168.220.136:30001/
选择接受风险并继续,选择令牌:
接下来,我们要做的就是生成令牌,在浏览器中填入即可:
//生成令牌: [root@localhost dashboard]# kubectl create -f k8s-admin.yaml //保存: [root@localhost dashboard]# kubectl get secret -n kube-system NAME TYPE DATA AGE dashboard-admin-token-829rp kubernetes.io/service-account-token 3 9s default-token-rsrxp kubernetes.io/service-account-token 3 3h20m kubernetes-dashboard-certs Opaque 11 12m kubernetes-dashboard-key-holder Opaque 2 119m kubernetes-dashboard-token-6rdlf kubernetes.io/service-account-token 3 118m //查看令牌: [root@localhost dashboard]# kubectl describe secret dashboard-admin-token-829rp -n kube-system
而下面,就是生成令牌的一段密文:
我们把这段密文复制,然后粘贴到,浏览器上面的空白处即可:
然后,我们可以在控制面板上,管理我们的各个组件,查看各类信息和概况等等,非常的方便
原创文章,作者:3628473679,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/183206.html