zoukankan      html  css  js  c++  java

  • K8s(7)-安装Web UI

      仪表板是基于Web的Kubernetes用户界面。您可以使用仪表板将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障排除,以及管理集群资源。您可以使用仪表板来概述群集上运行的应用程序,以及创建或修改单个Kubernetes资源(例如部署,作业,守护进程等)。例如,您可以使用部署向导扩展部署,启动滚动更新,重新启动Pod或部署新应用程序。

    仪表板还提供有关群集中Kubernetes资源状态以及可能发生的任何错误的信息。

    Kubernetes仪表板UI

    安装

    1. 制作证书
    openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm dashboard.pass.key
#编写RSA密钥
openssl req -new -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=GuangDong/L=ShenZhen/O=Sin/OU=IT/CN=192.168.1.101"

      

    生成三个证书

    root@scott-Lenovo:/etc/kubernetes/pki# ll dashboard.*
-rw-rw-r-- 1 root root 1034 1月  26 12:04 dashboard.crt
-rw-rw-r-- 1 root root  920 1月  26 12:04 dashboard.csr
-rw-rw-r-- 1 root root 1675 1月  26 12:04 dashboard.key
     2.  用自定义证书创建secret
    kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt

      

    2. 从官网下载yaml文件

    wegt https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

      yaml文件需要修改三个地方

    镜像地址:

         image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

    部署方式:

         

    kind: Service
    apiVersion: v1
    metadata:
    labels:
    k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard
    namespace: kube-system
    spec:
    type: NodePort
    ports:
    - port: 443
    nodePort: 30000
    targetPort: 8443
    selector:
    k8s-app: kubernetes-dashboard

    注释掉自动生成证书,否则无法用google和IE浏览器访问。

    # ------------------- Dashboard Secret ------------------- #

    #apiVersion: v1
    #kind: Secret
    #metadata:
    # labels:
    # k8s-app: kubernetes-dashboard
    # name: kubernetes-dashboard-certs
    # namespace: kube-system
    #type: Opaque

      

    2. 创建服务

    kubectl apply -f kubernetes-dashboard.yaml

      

    3. 查看NodePod,并访问服务

    [root@master yaml]# kubectl get service  -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP   2d16h
kubernetes-dashboard   NodePort    10.111.126.84   <none>        443:31943/TCP   5m10s

      添加例外访问。

    在k8s中 dashboard可以有两种访问方式:kubeconfig(HTTPS)和token(http)

    1、token认证

    scott@scott-Lenovo:/etc/kubernetes/pki$ sudo kubectl create serviceaccount def-ns-admin -n default
serviceaccount/def-ns-admin created
    
scott@scott-Lenovo:/etc/kubernetes/pki$ sudo kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
rolebinding.rbac.authorization.k8s.io/def-ns-admin created
    
scott@scott-Lenovo:/etc/kubernetes/pki$ sudo  kubectl describe secret
Name:         def-ns-admin-token-4qm8p
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: def-ns-admin
              kubernetes.io/service-account.uid: d7b60993-2120-11e9-acd0-646e69e2bebb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi00cW04cCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkN2I2MDk5My0yMTIwLTExZTktYWNkMC02NDZlNjllMmJlYmIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.Y55NP3aDJNzvhia2yLZNcr4Y0i0NWv3YJPuGdikMIspVXxiQGWKM9kubpvUzjkwP9eL6cehyX3J7isunqJ0aI27rbuFgfszjEEl4nognOcLO6iqQAyvDoydjCOafxoT8Zua3ewASnuv6Lmqqaxs0aBj_iNWWyBClm4u8rm_EgGDMZfq8Z2-r-cmvm5gMTvzlgcz0gi5J7kR-NNpjW2o-2hl8-iLlBfaR9Dtcu-4Aksrf7dO_I6f8IictldNj-j6ly0PQMADDi594CODLL5Yti26FBaTO4dR0ykxvGkgVoYmy4r8i9OzQqY0jcN3vcZTQBTf9--XlQEEgpPgxioVBDA


Name:         default-token-lq7ct
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: default
              kubernetes.io/service-account.uid: 578bc521-20b3-11e9-acd0-646e69e2bebb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tbHE3Y3QiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjU3OGJjNTIxLTIwYjMtMTFlOS1hY2QwLTY0NmU2OWUyYmViYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.X9O3i041VXqASe8fJvRsXecec6m0vv9u-ksyEkJgNfoFXsyiATZZOBdXaWhPTbmI5fUsciAjvjI5VTavB2-hsp2XGbZfcMSqqOhtiB626xEPi9UWsNhnbFJbye2ighzwjeAO2DW4YhVXkzCFihSEhvynTWuux14a-R3GWiNPuBFPqddE8NcROnCZC5scp3HsFHgRM_kuwazc84cvpyJu8AExuFeiEGLDvztQpWCeYN7WUTtOqWr-SiauDiEgolEqrjffKCOgBMWhpK77Sz6RUHJY-uOKLFfUghjSuP1_Ma4HZOOTlBc-uiPED28Y0jIwbJ56gVaJ8rNnDzG8SGY9mA

       我们复制名字为def-ns-admin-token-4qm8p的token至浏览器,即可登陆。

      
  • 相关阅读:
    AIX下的ha高可用集群cluster
    触发redo写的几个条件
    Oracle Internals Notes Redo Write Triggers
    触发写Redo&nbsp;Log的条件
    [Oracle]理解undo表空间
    MySQL数据备份之mysqldump使用
    Orabbix无法获取Oracle DB Size和DB Files Size的解决方法
    ES5和ES6那些你必须知道的事儿(三)
    ES5和ES6那些你必须知道的事儿(二)
    ES5和ES6那些你必须知道的事儿(一)
  • 原文地址:https://www.cnblogs.com/zydev/p/10314815.html
Copyright © 2011-2022 走看看