k8s网站页面
前提已部署好多节点k8s
一、在master01上操作创建资源
mkdir /root/k8s/dashboard
拷贝官方的文件
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
版本已更新
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-GKaEt2dJ-1602215494285)(file:///C:\Users\LIU\AppData\Local\Temp\ksohtml20144\wps1.jpg)]
下面用旧版的文件
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
利用上述yaml文件创建资源
kubectl create -f dashboard-rbac.yaml
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml
查看创建指定的kube-system命名空间下的pod资源
kubectl get pods -n kube-system
查看创建指定的kube-system命名空间下的pod,service资源
kubectl get pods,svc -n kube-system
查看访问节点及端口
[root@master ~]# kubectl get pods,svc -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod/kubernetes-dashboard-7dffbccd68-tlrlw 1/1 Running 0 10h 172.17.48.2 192.168.10.80 <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.65 <none> 443:30001/TCP 10h k8s-app=kubernetes-dashboard
二、访问页面问题及解决方法
2.1故障
用谷歌浏览器访问https://192.168.10.80:30001
发现谷歌浏览器无法访问
2.2解决方法
2.2.1方法一
故障时由于缺少证书或缺少浏览器认可的证书导致,所以需要制作证书
在master节点创建证书
编写生成证书的脚本
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
dashboard-controller.yaml 增加证书两行,然后apply
\# args:
\# # PLATFORM-SPECIFIC ARGS HERE
\# - --auto-generate-certificates
--tls-key-file=dashboard-key.pem ##添加这两行证书
--tls-cert-file=dashboard.pem
执行脚本来生成证书
bash dashboard-cert.sh /root/k8s/k8s-cert/
重新部署
kubectl apply -f dashboard-controller.yaml
然后再次访问https://192.168.10.80:30001
2.2.2方法二
直接在网页页面打 thisisunsafe
2.2.3方法三
直接换火狐浏览器
三、生成令牌并登陆网页
用k8s-admin.yaml生成令牌
kubectl create -f k8s-admin.yaml
查看令牌详细信息
[root@master dashboard]# kubectl describe secret dashboard-admin-token-tzgcx -n kube-system
Name: dashboard-admin-token-tzgcx
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 35a406c9-0989-11eb-bcfa-000c29b7e70c
Type: kubernetes.io/service-account-token
Data
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHpnY3giLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzVhNDA2YzktMDk4OS0xMWViLWJjZmEtMDAwYzI5YjdlNzBjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.s7cAjSBfbX3YL5KBHnmr7YowNkKFHvUA9Tdpyg61GEMe87YLYOo4cOGmoVHkd9kb_Ii1_ZWlBjFbWzrzTgtJez5aSbEkPg-oa1MskRIUwYhAPN9F8vboNyJ-XOFvjyi4FG2x_82Kx3aqW1KWl9p9__tHgTAiNjc_UUyb_tbYMJtIyyNk3lbV4_3zQux-i_Nizm-od1wskJaNZxHKOYPxv0JeSOA0xa6iwD8HoE1JL-cIM19aNEFvc-JLYxt7vsqdj2oafFHhPIuUCUkb2HMi8sdZSyUooqgL41nouKoSrYguGVutsFwH6QJ6ZmhEz2BXIlINlPSyegdWKvQFWxXdPg
将令牌复制粘贴到浏览器的令牌处
0xa6iwD8HoE1JL-cIM19aNEFvc-JLYxt7vsqdj2oafFHhPIuUCUkb2HMi8sdZSyUooqgL41nouKoSrYguGVutsFwH6QJ6ZmhEz2BXIlINlPSyegdWKvQFWxXdPg
将令牌复制粘贴到浏览器的令牌处
[外链图片转存中...(img-6XAZSvIy-1602215494292)]
![mark](https://img-blog.csdnimg.cn/img_convert/9b90e7fdb49c7a7987ceb4839695048d.png)