Kubernetes集群部署———Web界面

接着之前的部署，我们Kubernetes的部署到了最后一步，就是Web界面的部署

———— 在 master01上操作：
//创建 dashborad（控制面板）工作目录：
[root@localhost k8s]# mkdir dashboard

//拷贝官方文件（总共6个）：
[root@localhost dashboard]# ls  
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml  k8s-admin.yaml

//加载、创建所有的文件：
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created


//完成创建后查看创建在指定的 kube-system命名空间下：
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-65f974f565-rs2h4   1/1     Running   0          4m23s

//查看如何访问：
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-rs2h4   1/1     Running   0          6m57s

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.130           443:30001/TCP   6m49s

这个时候我们只需要写个自签证书就可以了

在 master01上：
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <{
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   },
   "names": [
       {
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"
       }
   ]
}
EOF

K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system


//接下来，就是生成证书：
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/

[root@localhost dashboard]# vim dashboard-controller.yaml
在 args目录下，添加证书的路径：
...
(省略内容)
...
args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem
          - --tls-cert-file=dashboard.pem
...
(省略内容)
...

//接下来，进行重新部署：
[root@localhost dashboard]#  kubectl apply -f dashboard-controller.yaml 
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured

选择接受风险

接下来，我们要做的就是生成令牌，在浏览器中填入即可：

//生成令牌：
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml

//保存：
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-829rp        kubernetes.io/service-account-token   3      9s
default-token-rsrxp                kubernetes.io/service-account-token   3      3h10m
kubernetes-dashboard-certs         Opaque                                11     12m
kubernetes-dashboard-key-holder    Opaque                                2      119m
kubernetes-dashboard-token-6rdlf   kubernetes.io/service-account-token   3      118m

//查看令牌：
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-829rp -n kube-system

可以看到我们生成的密文

将密文复制到浏览器的密文处

我们就可以看到K8S的Web控制界面了