文章目錄
- k8s的WEB界面部署
- 兩個master節點檢查pod資源是否正常
- master節點上創建dashboard作業目錄,并拷貝部署web界面所需的檔案到指定目錄
- 創建資源(順序不可以亂)
- 谷歌瀏覽器無法訪問的問題解決
- 生成令牌
- 選擇使用令牌訪問
k8s的WEB界面部署
兩個master節點檢查pod資源是否正常
[root@localhost ~]# kubectl get nodes '//檢查node節點是否運行正常'
NAME STATUS ROLES AGE VERSION
192.168.136.30 Ready <none> 15h v1.12.3
192.168.136.40 Ready <none> 15h v1.12.3
[root@master ~]# kubectl get pods '//檢查之前創建的pod資源是否運行正常'
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-5s6h7 1/1 Running 0 7d8h
master節點上創建dashboard作業目錄,并拷貝部署web界面所需的檔案到指定目錄
- 下載的網址(直接復制即可):https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-NhajZWOl-1602208622693)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20201009085433309.png)]](https://img.uj5u.com/2020/10/10/136254101706171.png)
在master01上操作
創建dashborad作業目錄
[root@localhost k8s]# mkdir dashboard
[root@localhost k8s]# cd /root/k8s/dashboard/
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
configmap.yaml:配置,deployment.yaml:控制器,rbac.yaml:角色控制,訪問控制,secret.yaml:安全,service.yaml:服務’
我們查看一下里面的內容
[root@localhost dashboard]# vim dashboard-rbac.yaml
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-JCHnJB6B-1602208622701)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20201009092006493.png)]](https://img.uj5u.com/2020/10/10/136254101706172.png)
創建資源(順序不可以亂)
1:創建rbac.yaml:角色控制
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
2:創建secret.yaml:安全
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
3:創建configmap.yaml:配置
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
4:創建controller
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
5:創建service
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
查看資源是否被創建
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-7dffbccd68-jmbgg 1/1 Running 1 10h
查看所有創建的資源
[root@localhost dashboard]# kubectl get role -n kube-system
[root@localhost dashboard]# kubectl get Secret -n kube-system
[root@localhost dashboard]# kubectl get ConfigMap -n kube-system
[root@localhost dashboard]# kubectl get ServiceAccount -n kube-system
[root@localhost dashboard]# kubectl get Service -n kube-system
查看server資源和pods資源
kubectl get pods,svc -n kube-system
查看地址
kubectl get pods -n kube-system -o wide(查看pod資源)
kubernetes-dashboard-7dffbccd68-jmbgg 1/1 Running 1 10h 172.17.38.2 192.168.136.40 <none>
訪問https://192.168.136.40:300001這里是無法訪問的
谷歌瀏覽器無法訪問的問題解決
建立簽名證書
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
創建證書
先洗掉資源
kubectl delete secret kubernetes-dashboard-certs -n kube-system
創建證書
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
執行指令
bash dashboard-cert.sh /root/k8s/k8s-cert/
自簽證書
[root@localhost dashboard]# vim dashboard-controller.yaml
47 - --auto-generate-certificates 下面添加
48 - --tls-key-file=dashboard-key.pem
49 - --tls-cert-file=dashboard.pem
重新部署
kubectl apply -f dashboard-controller.yaml
如果上面命令無法操作請嘗試下面
kubectl delete -f dashboard-controller.yaml
kubectl create -f dashboard-controller.yaml
在次訪問出現點擊繼續訪問
生成令牌
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
保存
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-gxfmr kubernetes.io/service-account-token 3 34s
default-token-zpjbp kubernetes.io/service-account-token 3 6h9m
kubernetes-dashboard-certs Opaque 11 7m24s
kubernetes-dashboard-key-holder Opaque 2 3h53m
kubernetes-dashboard-token-qjkln kubernetes.io/service-account-token 3 3m58s
查看令牌
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-gxfmr -n kube-system
復制命令
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZ3hmbXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjgwOTJkZTAtMDk3OC0xMWViLTljZWItMDAwYzI5MmU3ZWY0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.ksTrreEa-yJYx1YxQTm-IQ7wanV4zMqfLqvkwPuYAq8fsR40hKufY7l0UPp9Z6bTRWydNtqWBdgGdJGnzstNHR11g5xEFvE4RGqBbcowLqXGofIBCx-axMWdy6eFLmScrUKOjfK-0v5QP9RxoIawVqmhiWTKezfsmft474psjfQpQCNxPsuwASejEHhFI8NOZtXMLYQj1k_L_zS8FhskvpZkJ7VZo6r4O8HZcrgbGuB57_9eTpdl0Y8qB88ADHGXcwor-Kii4mtmS3XNNPWf0XfvYd22Y-AFrfx3g7l2ssTuJkNjo6osfK5hkGjf8etPyNtD7KUArooFE2rUE7bN4Q
再次訪問web界面
選擇使用令牌訪問
復制上面生成的令牌
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-kpYvQbFU-1602208622715)(C:\Users\19437\AppData\Roaming\Typora\typora-user-images\image-20201009094522793.png)]](https://img.uj5u.com/2020/10/10/136254101706176.png)
訪問成功
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/166428.html
標籤:其他