kubernets集羣搭建web管理界面
K8S集羣搭建web管理界面
1、部署前查看K8S集羣狀態node
[root@master1 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION 192.168.191.131 NotReady <none> 7d22h v1.12.3 192.168.191.132 Ready <none> 7d21h v1.12.3 [root@master1 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h
2、在master節點部署UI界面
一、建立dashboard工做目錄nginx
[root@master1 ~]# mkdir /k8s/dashboard
二、推送官方的文件到本地
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
五個導入文檔詳解:git
- dashboard-configmap.yaml 配置映射服務
- dashboard-deployment.yaml 控制器
- dashboard-rbac.yaml 角色控制,訪問控制
- dashboard-secret.yaml 安全
- dashboard-service.yaml 服務
建立這些資源時的步驟:
①身份角色
②安全
③配置映射
④控制器
⑤服務
這裏我使用dashboard的1.8.4版本。1.8.4版本中有一個配置文件叫controller.yaml,如今的是1.10版本,名稱改deployment.yaml,都是控制器。[root@master1 ~]# cd /k8s/dashboard/ [root@master1 dashboard]# ls [root@master1 dashboard]# ls dashboard-configmap.yaml dashboard-controller.yaml dashboard-rbac.yaml dashboard-secret.yaml dashboard-service.yaml k8s-admin.yaml
3.基於yaml文件建立pod資源github
- 查看當前各個資源的狀態
命名空間[root@master1 dashboard]# kubectl get ns NAME STATUS AGE default Active 7d23h kube-public Active 7d23h kube-system Active 7d23h
[root@master1 dashboard]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h [root@master1 dashboard]# kubectl get pod -n kube-system No resources found.
kubectl get all //這個all 包含pod、deployment、service和副本replicaset四個資源web
[root@master1 dashboard]# kubectl get all #這個all 包含pod、deployment、service和副本replicaset四個個資源 NAME READY STATUS RESTARTS AGE pod/nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 7d23h NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/nginx 1 1 1 1 5d14h NAME DESIRED CURRENT READY AGE replicaset.apps/nginx-dbddb74b8 1 1 1 5d14h
查看當前k8s中的角色json
[root@master1 dashboard]# kubectl get Role -n kube-system NAME AGE extension-apiserver-authentication-reader 7d23h system::leader-locking-kube-controller-manager 7d23h system::leader-locking-kube-scheduler 7d23h system:controller:bootstrap-signer 7d23h system:controller:cloud-provider 7d23h system:controller:token-cleaner 7d23h
- 建立rbac資源
[root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
- 查看建立後的資源狀態
[root@master1 dashboard]# kubectl get all NAME READY STATUS RESTARTS AGE pod/nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 7d23h NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/nginx 1 1 1 1 5d14h NAME DESIRED CURRENT READY AGE replicaset.apps/nginx-dbddb74b8 1 1 1 5d14h
查看角色,在配置文件中,角色的命名空間指定的是kube-system,因此查看的時候要-n指定bootstrap
[root@master1 dashboard]# kubectl get role -n kube-system NAME AGE extension-apiserver-authentication-reader 7d23h kubernetes-dashboard-minimal 3m system::leader-locking-kube-controller-manager 7d23h system::leader-locking-kube-scheduler 7d23h system:controller:bootstrap-signer 7d23h system:controller:cloud-provider 7d23h system:controller:token-cleaner 7d23h
#建立身份角色 [root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created #建立安全管理 [root@localhost dashboard]# kubectl create -f dashboard-secret.yaml secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-key-holder created #配置映射服務 [root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml configmap/kubernetes-dashboard-settings created #建立控制器 #本文建立的是1.84版本因此使用的是controller.yaml,在1.10版本使用的是deployment.yaml,二者都是同樣的,都是控制器 [root@localhost dashboard]# kubectl create -f dashboard-controller.yaml serviceaccount/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created #建立服務 [root@localhost dashboard]# kubectl create -f dashboard-service.yaml service/kubernetes-dashboard created
5.完成後查看建立在指定的kube-system命名空間下vim
[root@localhost dashboard]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE kubernetes-dashboard-65f974f565-m9gm8 0/1 ContainerCreating 0 88s
6.查看訪問地址api
[root@localhost dashboard]# kubectl get pods,svc -n kube-system NAME READY STATUS RESTARTS AGE pod/kubernetes-dashboard-65f974f565-m9gm8 1/1 Running 0 2m49s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes-dashboard NodePort 10.0.0.243 <none> 443:30001/TCP 2m24s
此時訪問node節點的ip地址
發現並不能訪問到,由於此時是不信任的證書
7.建立證書安全
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
#執行生成認證證書
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
#在dashboard-controller.yaml的args標籤下面增長證書兩行
[root@localhost dashboard]# vim dashboard-controller.yaml
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
#從新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
生成證書後便可正常訪問
生成令牌
AGE
dashboard-admin-token-vnm9z kubernetes.io/service-account-token 3 65s
default-token-zb8bw kubernetes.io/service-account-token 3 8d
kubernetes-dashboard-certs Opaque 11 162s
kubernetes-dashboard-key-holder Opaque 2 262s
kubernetes-dashboard-token-ctfp9 kubernetes.io/service-account-token 3 62s
#查看令牌
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-vnm9z -n kube-system
Name: dashboard-admin-token-vnm9z
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: de06f523-905f-11ea-80d3-000c29535012
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
//複製使用下面的令牌信息便可登陸
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdm5tOXoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZGUwNmY1MjMtOTA1Zi0xMWVhLTgwZDMtMDAwYzI5NTM1MDEyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.gfj0Yba5aexCLCDiPp2MzFEesuFUOxqJf0HFofijRm5_MjucfsLVdIgWg4eIS8Vuf8Fz7JX0sqhhDN-j4KgNAfIi7ZwREDC73NExYCTpbcBZSVff9MA0ynmLcAySRUToDNS58My2ZQpPsDokI0-wrOyql-VQcTgKdJ3Qwj6wdZVvBGXJlWzDS4AxSZTdJVGJtrfN9SNr1372wqWY7QLJj3zn-mc6F5eLU-bR9DJ7909qSV7Vh-XSJtzbRpbxQk9AGo5r1Rb2I04fchiVLVVE8K362bLtGkjXulmybya_t1naG0_YRlOZDG3GOQcKG0KyvYcFjPWLX89uop7u2Tl5Kg
到這裏K8S羣集的web管理界面搭建完成了
相關文章
- 1. Kubernets容器集羣管理
- 2. Kubernetes集羣web界面搭建
- 3. Ambari web界面下HDP集羣管理
- 4. 搭建zookeeper管理集羣
- 5. dnsmasq搭建及web-ui管理界面webproc搭建
- 6. kubernetes可視化搭建集羣,web界面一鍵操做
- 7. Haproxy 搭建 Web羣集
- 8. keepalived+haproxy搭建web羣集
- 9. Haproxy搭建web羣集
- 10. haproxy+keepalived搭建WEB羣集
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • Maven 依賴管理 - Maven教程
- • ☆技術問答集錦(13)Java Instrument原理
- • Docker 清理命令
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
