kubernetes1.9中部署dashboard
在1.9k8s中 dashboard能夠有兩種訪問方式node
kubeconfig(HTTPS)和token(http)git
2018-03-18github
1、基於token的訪問
一、下載官方的dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
二、編輯yaml文件
1)添加類型nodeport
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
2)修改鏡像爲本身可用的鏡像
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.3
三、建立pod
kubectl create -f kube-dashboard-admin.yamlvim
四、查看pod
kubectl get svc,pod --all-namespaces | grep dashboard
kube-system svc/kubernetes-dashboard NodePort 10.254.15.217 <none> 443:27446/TCP 19h
kube-system po/kubernetes-dashboard-cdc8db7d-7xnsw 1/1 Running 0 19hapi
五、建立RBAC
vim kube-dashboard-admin.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-systemapp
六、修改deployment文件中的ServiceAccount名稱
146 serviceAccountName: kubernetes-dashboard-admin
重啓pod
kubectl apply -f kubernetes-dashboard.yaml -f kubernetes-dashboard-admin.rbac.yaml
七、查看RBAC的token登陸UI界面時用
kubectl -n kube-system get secret | grep kubernetes-dashboard-admin
kubectl describe -n kube-system secret kubernetes-dashboard-admin-token-7ss4xide
八、使用proxy暴露服務
kubectl proxy --address='192.168.11.70' --port=23455 --accept-hosts='^*$' &
9訪問 192.168.11.70:2355/ui
訪問dashboard後直接skip就能夠了
post
2、利用token或是kubeconfig登陸dashboard
ui
首先:kubeconfig就是.kube/config文件
可是得手動的將token放到裏面
一、wget下載dashboard
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/admin-rbac.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kube-rbac.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kubernetes-dashboard.yaml
配置apiserver服務
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/kube-apiserver.servicegoogle
二、修改master上的API
vim /etc/systemd/system/kube-apiserver.service
重啓API
systemctl daemon-reload
systemctl restart kube-apiserver
systemctl status kube-apiserver
三、部署heapster服務
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/grafana.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster-rbac.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/influxdb.yaml
按順序建立
heapster-rbac.yaml>>>>> influxdb.yaml >>>>> heapster.yaml >>>>> grafana.yaml
注:在k8s中服務的域名是:
服務名.空間名.svc.cluster.local
例如:
monitoring-influxdb.kube-system.svc.cluster.local
# 部署dashboard 主yaml配置文件
kubectl create -f kubernetes-dashboard.yaml
kubectl create -f ui-admin-rbac.yaml
kubectl create -f ui-read-rbac.yaml
kubectl create -f admin-user-sa-rbac.yaml
三、驗證
kubectl get pod -n kube-system | grep dashboard
kubectl get svc -n kube-system|grep dashboard
kubectl cluster-info|grep dashboard
四、修改apiserver配置
修改配置文件中的IP
basic-auth.csv設置dashboard密碼登陸
格式:密碼,用戶,ID號
例如:
admin123, admin, 2
重啓master
五、登陸
https://192.168.11.70:6443/ui
https://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/ingress?namespace=default
使用token訪問
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
將token複製到對話框中點擊登陸
使用kubeconfig訪問
上傳config配置文件到Windows上
sz /root/.kube/config
將上邊的token添加到config中
注:
一、apiserver中開啓了RBAC認證,因此要鎖RBAC
二、kubeconfig = ./kube/conf = kubernetes.pem要在config文件的最後添加token信息才能訪問
三、修改API組件的配置文件 添加密碼和用登陸認證,開啓CA認證,關閉匿名訪問
--authorization-mode=Node,RBAC \ 開啓RBAC認證
--anonymous-auth=false \ 關閉匿名訪問
--basic-auth-file=/etc/kubernetes/ssl/basic-auth.csv \ 添加密碼和用登陸認證(密碼,用戶名,ID號)
四、訪問方式一共有三種:
1)經過kubectl proxy訪問
kubectl proxy --address='192.168.11.70' --port=23455 --accept-hosts='^*$' &
訪問 192.168.11.70:2355/ui
2)經過API訪問(密碼+用戶名+token(kubeconfig))
https://192.168.11.70:6443/ui
https://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
參考文檔:
主要https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.md
https://blog.qikqiak.com/post/add-authorization-for-kubernetes-dashboard/
在1.9k8s中 dashboard能夠有兩種訪問方式
kubeconfig(HTTPS)和token(http)
1、基於token的訪問
一、下載官方的dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
二、編輯yaml文件
1)添加類型nodeport
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
2)修改鏡像爲本身可用的鏡像
image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.3
三、建立pod
kubectl create -f kube-dashboard-admin.yaml
四、查看pod
kubectl get svc,pod --all-namespaces | grep dashboard
kube-system svc/kubernetes-dashboard NodePort 10.254.15.217 <none> 443:27446/TCP 19h
kube-system po/kubernetes-dashboard-cdc8db7d-7xnsw 1/1 Running 0 19h
五、建立RBAC
vim kube-dashboard-admin.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
六、修改deployment文件中的ServiceAccount名稱
146 serviceAccountName: kubernetes-dashboard-admin
重啓pod
kubectl apply -f kubernetes-dashboard.yaml -f kubernetes-dashboard-admin.rbac.yaml
七、查看RBAC的token登陸UI界面時用
kubectl -n kube-system get secret | grep kubernetes-dashboard-admin
kubectl describe -n kube-system secret kubernetes-dashboard-admin-token-7ss4x
八、使用proxy暴露服務
kubectl proxy --address='192.168.11.70' --port=23455 --accept-hosts='^*$' &
9訪問 192.168.11.70:2355/ui
訪問dashboard後直接skip就能夠了
利用token或是kubeconfig登陸dashboard
參考文檔:
https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.md
https://jimmysong.io/posts/kubernetes-dashboard-upgrade/
首先:kubeconfig就是.kube/config文件
可是得手動的將token放到裏面
一、wget下載dashboard
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/admin-rbac.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kube-rbac.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kubernetes-dashboard.yaml
配置apiserver服務
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/kube-apiserver.service
二、修改master上的API
vim /etc/systemd/system/kube-apiserver.service
重啓API
systemctl daemon-reload
systemctl restart kube-apiserver
systemctl status kube-apiserver
三、部署heapster服務
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/grafana.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster-rbac.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster.yaml
wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/influxdb.yaml
按順序建立
heapster-rbac.yaml>>>>> influxdb.yaml >>>>> heapster.yaml >>>>> grafana.yaml
注:在k8s中服務的域名是:
服務名.空間名.svc.cluster.local
例如:
monitoring-influxdb.kube-system.svc.cluster.local
# 部署dashboard 主yaml配置文件
kubectl create -f kubernetes-dashboard.yaml
kubectl create -f ui-admin-rbac.yaml
kubectl create -f ui-read-rbac.yaml
kubectl create -f admin-user-sa-rbac.yaml
三、驗證
kubectl get pod -n kube-system | grep dashboard
kubectl get svc -n kube-system|grep dashboard
kubectl cluster-info|grep dashboard
四、修改apiserver配置
修改配置文件中的IP
basic-auth.csv設置dashboard密碼登陸
格式:密碼,用戶,ID號
例如:
admin123, admin, 2
重啓master
五、登陸
https://192.168.11.70:6443/ui
https://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/ingress?namespace=default
使用token訪問
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
將token複製到對話框中點擊登陸
使用kubeconfig訪問
上傳config配置文件到Windows上
sz /root/.kube/config
將上邊的token添加到config中
注:
一、apiserver中開啓了RBAC認證,因此要鎖RBAC
二、kubeconfig = ./kube/conf = kubernetes.pem要在config文件的最後添加token信息才能訪問
三、修改API組件的配置文件 添加密碼和用登陸認證,開啓CA認證,關閉匿名訪問
--authorization-mode=Node,RBAC \ 開啓RBAC認證
--anonymous-auth=false \ 關閉匿名訪問
--basic-auth-file=/etc/kubernetes/ssl/basic-auth.csv \ 添加密碼和用登陸認證(密碼,用戶名,ID號)
四、訪問方式:
1)經過kubectl proxy訪問
kubectl proxy --address='192.168.11.70' --port=23455 --accept-hosts='^*$' &
訪問 192.168.11.70:2355/ui
2)經過API訪問(密碼+用戶名+token(kubeconfig))
https://192.168.11.70:6443/ui
https://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
- 1. kubernetes1.9部署metrics-server0.3.1、dashboard、heapster
- 2. kubernetes1.9 部署ingress-nginx
- 3. kubernetes1.9離線部署
- 4. Kubernetes1.9 二進制部署
- 5. Kubernetes(k8s)中dashboard的部署。
- 6. Kubernetes-dashboard部署
- 7. kubernetes部署dashboard
- 8. 部署kubernetes-dashboard
- 9. k8s Dashboard部署
- 10. Kubernetes- Dashboard 部署
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • ionic 頭部與底部 - ionic 教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • Scala 中文亂碼解決
-
每一个你不满意的现在,都有一个你没有努力的曾经。