zoukankan      html  css  js  c++  java

  • 第四课:部署Dashboard服务

    13 部署dashboard(master01)

    13.1 创建dashboard证书

    13.1.1 创建目录

    mkdir /root/certs && cd /root/certs

    13.1.2 创建命名空间
    [root@master01 certs]# kubectl create namespace kubernetes-dashboard
namespace/kubernetes-dashboard created
[root@master01 certs]# kubectl get ns
NAME                   STATUS   AGE
default                Active   28h
kube-node-lease        Active   28h
kube-public            Active   28h
kube-system            Active   28h
kubernetes-dashboard   Active   5s
    13.1.3 创建key文件
    [root@master01 certs]# openssl genrsa -out dashboard.key 2048 
Generating RSA private key, 2048 bit long modulus
................................................+++
...........+++
e is 65537 (0x10001)
    13.1.4 创建证书请求
    [root@master01 certs]# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
[root@master01 certs]# ll
total 8
-rw-r--r-- 1 root root  899 Aug 11 13:42 dashboard.csr
-rw-r--r-- 1 root root 1679 Aug 11 13:41 dashboard.key
    13.1.5自签证书
    [root@master01 certs]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt  
Signature ok
subject=/CN=dashboard-cert
Getting Private key

[root@master01 certs]# ll
total 12
-rw-r--r-- 1 root root  989 Aug 11 13:42 dashboard.crt
-rw-r--r-- 1 root root  899 Aug 11 13:42 dashboard.csr
-rw-r--r-- 1 root root 1679 Aug 11 13:41 dashboard.key
    13.1.6 创建kubernetes-dashboard-certs对象
    [root@master01 certs]# kubectl delete secrets kubernetes-dashboard-certs -n kubernetes-dashboard
Error from server (NotFound): secrets "kubernetes-dashboard-certs" not found
[root@master01 certs]# kubectl create secret generic kubernetes-dashboard-certs --from-file=/root/certs -n kubernetes-dashboard 
secret/kubernetes-dashboard-certs created
    13.1.7 查看系统是否存在证书
    [root@master01 certs]# kubectl get secret
NAME                  TYPE                                  DATA   AGE
default-token-kjfkg   kubernetes.io/service-account-token   3      27h

    13.2 安装dashboard

    13.2.1 创建目录

    mkdir /root/dashboard/ && cd /root/dashboard

    13.2.2 下载yaml文件

    wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

    13.2.3 修改yaml文件

    由于证书问题,只能firefox浏览器才能打开,通过修改证书的方式,使所有浏览器都能打开
    以下行全部注释掉,使用我们上面创建的证书

     48 #apiVersion: v1
 49 #kind: Secret
 50 #metadata:
 51 #  labels:
 52 #    k8s-app: kubernetes-dashboard
 53 #  name: kubernetes-dashboard-certs
 54 #  namespace: kubernetes-dashboard
 55 #type: Opaque
    13.2.4 修改nodeport模式
     39 spec:
 40   type: NodePort
 41   ports:
 42     - port: 443
 43       targetPort: 8443
 44   selector:
 45     k8s-app: kubernetes-dashboard
    13.2.5 应用yaml启动dashboard
    kubectl create -f recommand.yaml
    13.2.6 查看服务信息
    [root@master01 dashboard]# kubectl get pods -A -o wide
kubernetes-dashboard   dashboard-metrics-scraper-76679bc5b9-krkrc   1/1     Running   0          47s   172.17.15.4   192.168.68.149   <none>           <none>

[root@master01 dashboard]# kubectl get svc -A
NAMESPACE              NAME                        TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kubernetes-dashboard   kubernetes-dashboard        NodePort    10.0.0.115   <none>        443:30916/TCP            14m

    13.3 创建dashboard访问账户

    13.3.1 创建SA
    [root@master01 dashboard]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
serviceaccount/dashboard-admin created
    13.3.2 绑定集群管理员
    [root@master01 dashboard]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created

    13.5 获取token

    kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOG05ZzQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2UyMmQzZGQtMDE3OS00MzA3LWFhZjEtMGJkNjAzMjRjOTE4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.NPbtxU24mq7u8z3d2DJpbW7SFjxhCivr8s0_phodY9e9F8Vp_GcfCIDRmxooygu5hNHLgFb-zNGJI2LpyKRP7EniCsdBaQYX2igVzcjZnOldoXwLp6kM9H8BNIQYTTj14UnAIZ3bOPdm7lW2xDvlyI9njDQ6WkrGu5sX1O7c7tAdXzTKXkQH6Vv3ELpxugx9ozXhgakFTJQS85_ZfAAvP9kZ9eXjBWcoG4FlAoKmp4JEYFqE1KYfvH4Bar0_XTxA7nRY-60jMt6iE-nBT9gb3dTO-yEh-oexBKbwYjMI_MnL0Kwj1Vui-aCNY3qHS9IM_hBzra664Uhilok6RfhNbw

    13.4 页面访问

    https://192.168.68.149:30916
    输入上面命令获取到的token后,可以正常访问页面。

    avator
  • 相关阅读:
    img标签与span一起使用不在同一条线上
    媒体查询
    section标签实现文字滚动
    js活jQuery实现动态添加、移除css/js文件
    页面中动态改变浏览器标题
    css清浮动与动态计算元素宽度
    js实现60s倒计时效果
    js与es6中获取时间戳
    JavaScript中实现小数点后保留2位
    GMT时间转换
  • 原文地址:https://www.cnblogs.com/Doc-Yu/p/13552679.html
Copyright © 2011-2022 走看看