1.什么是OKD Web控制台:
OKD Web 控制台是可从 Web 浏览器访问的用户界面。开发人员可以使用 Web 控制台来可视化、浏览和管理命名空间的内容。它也被称为更友好kubectl的单页 Web 应用程序形式。它与监控、计费和Operator Lifecycle Manager 或 OLM等其他服务集成。幕后发生的一些事情包括:
- 在 /api/kubernetes 下代理 Kubernetes API
- 提供额外的非 Kubernetes API 用于与集群交互
- 提供所有前端静态资产
- 用户认证
2.以容器形式部署OKD Web控制台
创建一个特定的服务帐户(控制台)来运行 OpenShift Web 控制台,以防之前未创建它并授予集群管理员权限:
$ kubectl create serviceaccount console -n kube-system
$ kubectl create clusterrolebinding console --clusterrole=cluster-admin --serviceaccount=kube-system:console -n kube-system
提取与控制台服务帐户关联的令牌秘密名称:
$ kubectl get serviceaccount console --namespace=kube-system -o jsonpath='{.secrets[0].name}'
console-token-ppfc2
修改YAML 文件,为令牌部分分配适当的值。
apiVersion: apps/v1
kind: Deployment
metadata:
name: console-deployment
namespace: kube-system
labels:
app: console
spec:
replicas: 1
selector:
matchLabels:
app: console
template:
metadata:
labels:
app: console
spec:
containers:
- name: console-app
image: quay.io/openshift/origin-console:4.2
imagePullPolicy: IfNotPresent
env:
- name: BRIDGE_USER_AUTH
value: disabled # no authentication required
- name: BRIDGE_K8S_MODE
value: off-cluster
- name: BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT
value: https://kubernetes.default #master api
- name: BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS
value: "true" # no tls enabled
- name: BRIDGE_K8S_AUTH
value: bearer-token
- name: BRIDGE_K8S_AUTH_BEARER_TOKEN
valueFrom:
secretKeyRef:
name: console-token-ppfc2 # console serviceaccount token
key: token
---
kind: Service
apiVersion: v1
metadata:
name: console-np-service
namespace: kube-system
spec:
selector:
app: console
type: NodePort # nodePort configuration
ports:
- name: http
port: 9000
targetPort: 9000
nodePort: 30036
protocol: TCP
---
创建部署和服务对象
$ kubectl create -f okd-web-console-install.yaml
deployment.apps/console-deployment created
service/console-service created
$ kubectl get pods -o wide -n kube-system
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
console-deployment-59d8956db5-td462 1/1 Running 0 4m49s 10.244.0.13 blog-master-00.kubevirt.local <none> <none>
$ kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
console-np-service NodePort 10.96.195.45 <none> 9000:30036/TCP 19m
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 20d
查看web控制台: