zoukankan      html  css  js  c++  java

  • kubernetes dashboard 2.0 部署

    dashboard
可以从微软中国提供的 gcr.io :http://mirror.azure.cn/help/gcr-proxy-cache.html免费代理下载被墙的镜像
docker pull gcr.azk8s.cn/google_containers/<imagename>:<version>
1. 下载文件
下载三个文件:https://github.com/gjmzj/kubeasz/tree/master/manifests/dashboard
[root@hs-k8s-master01 dashboard]# pwd
/data/k8s/dashboard
[root@hs-k8s-master01 dashboard]# ll
总用量 32
-rw-r--r-- 1 root root  843 2月   5 15:31 admin-user-sa-rbac.yaml
-rw-r--r-- 1 root root 8026 2月   5 15:38 kubernetes-dashboard.yaml
-rw-r--r-- 1 root root 3084 2月   5 15:33 read-user-sa-rbac.yaml


2. 部署dashboard主yaml配置文件
#修改镜像下载地址
[root@hs-k8s-master01 dashboard]# cat kubernetes-dashboard.yaml |grep image
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0-rc3
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.3


[root@hs-k8s-master01 dashboard]# kubectl apply -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created

3. 创建可读可写admin Service Account
[root@hs-k8s-master01 dashboard]# kubectl apply -f admin-user-sa-rbac.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

4. 创建只读 read Service Account
[root@hs-k8s-master01 dashboard]# kubectl apply -f read-user-sa-rbac.yaml
serviceaccount/dashboard-read-user created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-read-binding created
clusterrole.rbac.authorization.k8s.io/dashboard-read-clusterrole created

5. 查看
#查看pod运行状态
[root@hs-k8s-master01 dashboard]# kubectl get pod -n kube-system | grep dashboard
dashboard-metrics-scraper-6b66849c9-8lvqd   1/1     Running   0          23m
kubernetes-dashboard-6dc6c4f59-84526        1/1     Running   0          23m


#查看dashboard service
[root@hs-k8s-master01 dashboard]#  kubectl get svc -n kube-system|grep dashboard
dashboard-metrics-scraper   ClusterIP   10.107.131.160   <none>        8000/TCP                 23m
kubernetes-dashboard        NodePort    10.99.144.160    <none>        443:31110/TCP            23m

 
#查看集群服务
[root@hs-k8s-master01 dashboard]# kubectl cluster-info
Kubernetes master is running at https://20.0.0.250:8443
KubeDNS is running at https://20.0.0.250:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://20.0.0.250:8443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.


#查看pod运行日志
[root@hs-k8s-master01 dashboard]# kubectl logs kubernetes-dashboard-6dc6c4f59-84526 -n kube-system

6. 生成证书
供本地google浏览器使用
#生成client-certificate-data
[root@k8s-master01 dashboard]# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
 

#生成client-key-data
[root@k8s-master01 dashboard]# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

 
#生成p12
[root@k8s-master01 dashboard]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
Enter Export Password:   1
Verifying - Enter Export Password:     1
[root@hs-k8s-master01 dashboard]# ll
总用量 28
-rw-r--r-- 1 root root  843 2月   5 15:31 admin-user-sa-rbac.yaml
-rw-r--r-- 1 root root 1082 2月   5 15:41 kubecfg.crt
-rw-r--r-- 1 root root 1679 2月   5 15:41 kubecfg.key
-rw-r--r-- 1 root root 2464 2月   5 15:43 kubecfg.p12
-rw-r--r-- 1 root root 8026 2月   5 15:38 kubernetes-dashboard.yaml
-rw-r--r-- 1 root root 3084 2月   5 15:33 read-user-sa-rbac.yaml
[root@k8s-master01 dashboard]# sz kubecfg.p12
谷歌浏览器导入证书:
备注把上一步骤的kubecfg.p12 文件导入证书后需要重启浏览器:

7. 导出令牌
[root@hs-k8s-master01 dashboard]#  kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-4d2r4
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: cf8638e0-1434-4f61-aded-262f213dd803

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjZaOTZ5MmR5MEs3eUVnclJ4R0MtOTNmVDlTTGlteGdzQ1RJc1ZZT2xvT00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRkMnI0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjg2MzhlMC0xNDM0LTRmNjEtYWRlZC0yNjJmMjEzZGQ4MDMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.HXlI_vXP4b9VVP6_jptMFjp99u1NLlmgC26ITfA7cHRPIyjxW6vKv97GjAOxF3Ne691cTZLcOAh_b1dNXExLkmUqKoWY8Cg_ys5hvQ2rcC_CEpS7S4shKWEb_DeLUUgr4UjjIDQKCH_tczX3nNpfsqiooMsMYkac-MlwgCHVvxgkqKmfrkub6ifP02yuaWBLhvuYvJc6DX_NvHQzy9w8FFbB2d4gpthzt_sinSR4x84MzgKHdOsj9CHXqwHMdCMwu0A-FM-bg7yr1fHZLKORrSrHz9OZ1pJeU-82VYRSOEntW7o6X3b0zOi2nB6yIpDmVDzzk5g30sI32vivmrNEJg


 
#导出令牌
[root@k8s-master01 dashboard]# vim /root/.kube/config   加
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjZaOTZ5MmR5MEs3eUVnclJ4R0MtOTNmVDlTTGlteGdzQ1RJc1ZZT2xvT00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRkMnI0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjg2MzhlMC0xNDM0LTRmNjEtYWRlZC0yNjJmMjEzZGQ4MDMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.HXlI_vXP4b9VVP6_jptMFjp99u1NLlmgC26ITfA7cHRPIyjxW6vKv97GjAOxF3Ne691cTZLcOAh_b1dNXExLkmUqKoWY8Cg_ys5hvQ2rcC_CEpS7S4shKWEb_DeLUUgr4UjjIDQKCH_tczX3nNpfsqiooMsMYkac-MlwgCHVvxgkqKmfrkub6ifP02yuaWBLhvuYvJc6DX_NvHQzy9w8FFbB2d4gpthzt_sinSR4x84MzgKHdOsj9CHXqwHMdCMwu0A-FM-bg7yr1fHZLKORrSrHz9OZ1pJeU-82VYRSOEntW7o6X3b0zOi2nB6yIpDmVDzzk5g30sI32vivmrNEJg


 [root@k8s-master01 dashboard]#  cp /root/.kube/config /data/k8s/tmp/k8s-dashboard.kubeconfig
[root@k8s-master01 dashboard]#  sz /data/k8s/tmp/k8s-dashboard.kubeconfig
  • 相关阅读:
    一个功能完善的资源管理器
    数据结构和算法
    Build Native Mobile Apps in HTML5: PhoneGap from Start to Finish
    HTML5安全:CORS(跨域资源共享)简介
    Start A mobile web app
    ASP.NET MVC4 常见问题集
    ASP.NET MVC4 ASP.NET Web API OAuth2 delegation with Windows Azure Access Control Service
    【转】HTTP access control (CORS)
    ASP.NET MVC4最新特性介绍 (待续)
    C#实现小写金额转换大写的方法
  • 原文地址:https://www.cnblogs.com/zisefeizhu/p/12318401.html
Copyright © 2011-2022 走看看