说明: 总的目标是在k8s集群部署gitlab、jenkins,并且在本地提交代码到gitlab后jenkin流水线可以自动编译打包成为docker镜像然后部署到k8s中并实现客户端外部域名访问,在文档分为多个部分,其中涉及的技术有docker安装、k8s搭建、部署gitlab、部署jenkins、部署sonarqube、gitlab和jenkin联动、jenkins和sonarqube联动、pipline脚本编写、istio部署、istio服务网关等…
此文档接第四篇:kubernetes部署istio
这篇文档讲解的是kubernetns部署dashboard(图形化界面)以及如何试用版istio网关访问到dashboard,在图形化界面我们可以看到kubernetns集群部署的一些资源情况
如有兴趣可以去github上查看此项目相关信息,github官网地址和版本选择地址
https://github.com/kubernetes/dashboard/releases
#下载压缩包
压缩包下载位置:k8s-dashboard.zip
#解压压缩包后得到recommended.yaml和user.yaml两个文件
上传文件k8s-dashboard.yaml和user.yaml到任意目录下(我这里上传到了/opt/k8s)
进入到recommended.yaml文件目录下
执行命令: kubectl apply -f recommended.yaml -f user.yaml
//主节点k8s-master执行
root@k8s-master:/opt/k8s# kubectl apply -f recommended.yaml -f user.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
#上面cmetric资源安装完成后,可以使用命令"kubectl get pod -A"验证结果
结果如下:
// 主节点k8s-master执行
root@k8s-master:/opt/k8s# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-c45b7869d-xdvcr 1/1 Running 0 8m32s
kubernetes-dashboard-79b5779bf4-dvgbh 1/1 Running 0 8m32s
#首先我们需要部署istio中定义的资源gateway
#dashboard-gateway.yaml文件内容如下:
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: dashboard-gateway
namespace: kubernetes-dashboard
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: PASSTHROUGH
hosts:
- "dashboard.core.ez" #这是允许访问的域名
#
主节点执行:kubectl apply -f dashboard-gateway.yaml
root@k8s-master:/opt/k8s# kubectl apply -f dashboard-gateway.yaml
gateway.networking.istio.io/dashboard-gateway created
//查看创建的gateway资源
root@k8s-master:/opt/k8s# kubectl get gateways.networking.istio.io -A
NAMESPACE NAME AGE
kubernetes-dashboard dashboard-gateway 10s
root@k8s-master:/opt/k8s#
#接下来我们需要部署istio中定义的资源VirtualService
dashboard-VirtualService.yaml文件内容如下:
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: dashboard-vs
namespace: kubernetes-dashboard
spec:
hosts:
- "dashboard.core.ez"
gateways:
- dashboard-gateway
tls:
- match:
- port: 443
sniHosts:
- dashboard.core.ez
route:
- destination:
host: kubernetes-dashboard
port:
number: 443
主节点执行:kubectl apply -f dashboard-VirtualService.yaml
root@k8s-master:/opt/k8s# kubectl apply -f dashboard-VirtualService.yaml
virtualservice.networking.istio.io/dashboard-vs created
//查看创建的virtualservice资源
root@k8s-master:/opt/k8s# kubectl get virtualservices.networking.istio.io -A
NAMESPACE NAME GATEWAYS HOSTS AGE
kubernetes-dashboard dashboard-vs ["dashboard-gateway"] ["dashboard.core.ez"] 13s
root@k8s-master:/opt/k8s#
我使用的本地主机是windows, hosts文件在:C:\Windows\System32\drivers\etc\hosts
添加一条记录:192.168.100.230 dashboard.core.ez 如下图
#在浏览器输入域名:https://dashboard.core.ez
注意:上面需要输入token才可以登录, 下面我们在kubernetes查找token
#token的值是存储在secrets资源中, 我们查看一下它的名称
执行命令:kubectl get secret -n kube-system | grep admin-user
root@k8s-master:/opt/k8s# kubectl get secret -n kube-system | grep admin-user
admin-user-token-hkcxb kubernetes.io/service-account-token 3 70s
上面查出来的名称叫:default-token-8qrdk(这里的default-token是固定的, 后面字符串8qrdk是kubernetes随机加上去的)
#在主节点k8s-master上查询资源类型为secrets 名称为admin-user-token-hkcxb的详细信息
执行命令:kubectl describe secrets admin-user-token-hkcxb -n kube-system
root@k8s-master:/opt/k8s# kubectl describe secrets admin-user-token-hkcxb -n kube-system
Name: admin-user-token-hkcxb
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 71a2ea81-b1bd-4f8a-9477-10016d47186b
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImZ1a21RclVndm0tMzJSbHFRZHlPSHZxZ1laM3FUd0FORGRENXRJV1dnZ28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWhrY3hiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3MWEyZWE4MS1iMWJkLTRmOGEtOTQ3Ny0xMDAxNmQ0NzE4NmIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.IkJmfY9EN2Vce2z2Y1F1colICWgQHmezzl2g9nXUIkMxHyn7bNcDHrSN2eGnL_a4EKqc2tOTP6VHTNqkhLiaAcM8ANL5EhCnf6A-ePt0XzNeyL3lZ-GIil9BL6lmWrk4m4bvfRjVAL73ROGWOoNkDhMm4_HD5LtaLGHRdGgUE5q5jBA2P9VV3l06UYAnh3tfT1qVg8_pfLRgKaTHVLoYtirim8DLWzpdLe1YhgDI5DbvR-IQ0w_VXQs7L-urgIrjuvPEDZqcvZTAh5oUPw_rI8mNMaunsZztYSFwzwbOpdef1puuDWT6SGw9TQv5youdzzZPBHQsXJzQhMqp8g9RCg
root@k8s-master:/opt/k8s#
上面查询来的token字符串值就是我们需要的,将其中的字符”eyJhbGciOiJSUzI1NiIsImtpZCI6ImZ1a21RclVndm0tMzJSbHFRZHlPSHZxZ1laM3FUd0FORGRENXRJV1dnZ28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWhrY3hiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3MWEyZWE4MS1iMWJkLTRmOGEtOTQ3Ny0xMDAxNmQ0NzE4NmIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.IkJmfY9EN2Vce2z2Y1F1colICWgQHmezzl2g9nXUIkMxHyn7bNcDHrSN2eGnL_a4EKqc2tOTP6VHTNqkhLiaAcM8ANL5EhCnf6A-ePt0XzNeyL3lZ-GIil9BL6lmWrk4m4bvfRjVAL73ROGWOoNkDhMm4_HD5LtaLGHRdGgUE5q5jBA2P9VV3l06UYAnh3tfT1qVg8_pfLRgKaTHVLoYtirim8DLWzpdLe1YhgDI5DbvR-IQ0w_VXQs7L-urgIrjuvPEDZqcvZTAh5oUPw_rI8mNMaunsZztYSFwzwbOpdef1puuDWT6SGw9TQv5youdzzZPBHQsXJzQhMqp8g9RCg“ 粘贴到上一步浏览器中, 点击”登陆“即可登录到dashboard的管理页面了 如下:
接下来一章将讲解gitlab的部署:第六篇:kubernetes部署gitlab