这是kubernetes二进制部署的第四篇
如果没有看过前面第一篇的朋友可以看看下面的:
Kubernetes二进制部署(一)单节点部署
kubernetes二进制部署(二)多节点部署
kubernetes二进制部署(三)负载均衡部署
在master01上操作
1、创建dashborad工作目录
[root@localhost k8s]# mkdir dashboard
2、拷贝官方文件
[root@localhost k8s]# cd dashboard/
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
##相关文件用途:
dashboard-configmap.yaml:配置应用
dashboard-rbac.yaml:授权访问api,web界面
dashboard-service.yaml:访问应用
dashboard-controller.yaml:控制器
dashboard-secret.yaml:安全、加密
k8s-admin.yaml:生成令牌3、组件创建
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created4、完成后查看创建在指定的kube-system命名空间下
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-8b88b 1/1 Running 0 2m56s5、查看如何访问
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-8b88b 1/1 Running 0 4m4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.26 443:30001/TCP 3m50s 6、访问nodeIP就可以访问
浏览器访问https://192.168.35.101:30001/
7、google浏览器无法访问的问题,解决办法如下
(1)证书自签
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <(2)生成证书
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/02/08 19:55:08 [INFO] generate received request
2020/02/08 19:55:08 [INFO] received CSR
2020/02/08 19:55:08 [INFO] generating key: rsa-2048
2020/02/08 19:55:09 [INFO] encoded CSR
2020/02/08 19:55:09 [INFO] signed certificate with serial number 702272605681507929850954926507995861695177925647
2020/02/08 19:55:09 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
[root@localhost dashboard]# ls
dashboard-cert.sh dashboard-csr.json dashboard-secret.yaml
dashboard-configmap.yaml dashboard-key.pem dashboard-service.yaml
dashboard-controller.yaml dashboard.pem k8s-admin.yaml
dashboard.csr dashboard-rbac.yaml(3)dashboard-controller.yaml 增加证书两行,然后apply
[root@localhost dashboard]# vim dashboard-controller.yaml
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem(4)重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured(5)再次进行访问:https://192.168.35.101:30001/
8、生成令牌
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created9、保存
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-ls8r7 kubernetes.io/service-account-token 3 73s
default-token-685rn kubernetes.io/service-account-token 3 6h26m
kubernetes-dashboard-certs Opaque 11 16m
kubernetes-dashboard-key-holder Opaque 2 41m
kubernetes-dashboard-token-drpwb kubernetes.io/service-account-token 3 40m10、查看令牌
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-ls8r7 -n kube-system
Name: dashboard-admin-token-ls8r7
Namespace: kube-system
Labels:
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: f283296f-4a6b-11ea-b063-000c29148af8
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHM4cjciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjI4MzI5NmYtNGE2Yi0xMWVhLWIwNjMtMDAwYzI5MTQ4YWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.dBbCRc4aRFrqAGxW55Zdu0JZz47Yh2DvtLUXZcK0-eV_3sdKz8fCS2K4x6Ey-USKRlIFc2VTH1AEIeWDzFvON5NrVLiyxEF5uQu9Ezo7f74lTwFnOYnASspF-8pi7_HzVQu9CtWcp1WEJAqQg_Ng2E7Ibo-gZmoy2DFgQ-60qcLfFm2ylxoM9yNrMEmSVcMDi8aC9JLsZxQlSRKb7gZn7Sns31Yot8NLxS8oXOmx8m7NysYWoOjZE3q645v96y4tqr3cuG9cCe1_tB5io3c1jiYxKfMLJetxcvNcyH4pbx6YwLu0PKI3o9tescu1uhRtxUN33dY5o4ple-ENPsan_w 11、复制令牌进行登录
主界面:
进入容器:点击容器组——》点击运行命令——》进入容器
在node节点访问IP:
[root@localhost cfg]# curl 172.17.45.2
Welcome to nginx!
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
web界面查看日志:
