Kubernetes网页端部署以及谷歌浏览器无法访问解决

从github上获取k8s网页资源文件
GitHub地址

将6个yaml文件上传至k8s的master节点上

[root@master01 k8s]# mkdir /root/k8s/dashborad
[root@master01 k8s]# cd dashborad/
[root@master01 dashborad]# ls
dashboard-configmap.yaml  dashboard-controller.yaml  dashboard-rbac.yaml  dashboard-secret.yaml  dashboard-service.yaml  k8s-admin.yaml

# 使用yaml文件创建
# 这些yaml文件创建需按顺序
# 不能任意创建
kubectl  create -f dashboard-rbac.yaml
kubectl  create -f dashboard-secret.yaml
kubectl  create -f dashboard-configmap.yaml
kubectl  create -f dashboard-controller.yaml
kubectl  create -f dashboard-service.yaml

[root@master01 dashborad]# kubectl get pods,svc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-vvfh2   1/1     Running   0          112s

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.154   <none>        443:30001/TCP   103s

使用kubectl get pod -o wide -n kube-system命令查看dashboard的pod运行在k8s的哪个节点上

访问节点IP地址的30001端口进入网页

Kubernetes网页端部署以及谷歌浏览器无法访问解决_第1张图片
谷歌浏览器访问出现问题,证书无法认证

# 解决谷歌浏览器无法访问问题
# 需要配置证书
[root@master01 dashborad]# vim dashboard-cert.sh
# 写入
cat > dashboard-csr.json <<EOF
{
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   },
   "names": [
       {
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"
       }
   ]
}
EOF

K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system



# 添加证书配置
[root@master01 dashborad]# vim dashboard-controller.yaml
...
        args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem
          - --tls-cert-file=dashboard.pem
...

Kubernetes网页端部署以及谷歌浏览器无法访问解决_第2张图片

[root@master01 dashborad]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/03/16 23:30:44 [INFO] generate received request
2020/03/16 23:30:44 [INFO] received CSR
2020/03/16 23:30:44 [INFO] generating key: rsa-2048
2020/03/16 23:30:45 [INFO] encoded CSR
2020/03/16 23:30:45 [INFO] signed certificate with serial number 552615628355143829518244419300925036195197540386
2020/03/16 23:30:45 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created

# apply 重新应用修改过的dashboard-controller.yaml
[root@master01 dashborad]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured

重新应用资源后可能会使资源运行节点发生改变,

使用kubectl get pod -n kube-system -o wide命令查看节点IP

再访问相应的节点IP进入网页

Kubernetes网页端部署以及谷歌浏览器无法访问解决_第3张图片

登陆认证使用令牌

下面获取令牌

# 生成令牌
[root@master01 dashborad]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@master01 dashborad]# kubectl  get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-lzzfl        kubernetes.io/service-account-token   3      10s
default-token-bt8hf                kubernetes.io/service-account-token   3      6h6m
kubernetes-dashboard-certs         Opaque                                11     12m
kubernetes-dashboard-key-holder    Opaque                                2      21m
kubernetes-dashboard-token-9zblr   kubernetes.io/service-account-token   3      20m

# 从secret列表中
# kubernetes-dashboard-token通过获取token
[root@master01 dashborad]# kubectl describe secret dashboard-admin-token-lzzfl -n kube-system
...
token:      eyJhbGciOiJSUzI1NiIsImtpZC..........

把输出信息中的token填入令牌,就可以登陆k8s的网页端了

你可能感兴趣的:(Kubernetes)