kubernetes web部署
1、下载yaml文件
2、部署WEB页面
2.1在master机器上创建角色
kubectl create -f dashboard-rbac.yaml
检验角色创建
kubectl get Role -n kube-system
2.2创建安全认证
kubectl create -f dashboard-secret.yaml
验证安全认证
kubectl get Secret -n kube-system
2.3创建配置内容
kubectl create -f dashboard-configmap.yaml
验证配置内容
#查看服务资源
kubectl get ServiceAccount -n kube-system
#查看控制器资源
kubectl get deployment -n kube-system
READY为0/1说明资源没到位
查看原因
kubectl describe pods deployment -n kube-system
是因为镜像地址错误,修改yaml文件
vi dashboard-controller.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
nodeSelector:
disktype: etcd03
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: kubernetes-dashboard
image: 10.25.193.138/teamco/kubernetes-dashboard-amd64:v1.8.3
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8443
protocol: TCP
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- name: tmp-volume
mountPath: /tmp
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
2.4创建控制服务
kubectl create -f dashboard-service.yaml
查看控制服务是否正常创建
kubectl get deployment -n kube-system
2.5查看创建服务位置
kubectl get pods -n kube-system -o wide
因为dashboard-controller.yaml文件的nodeSelector标签为该机器标签,所以创建在10.25.247.143机器上
2.6访问https://10.25.247.143:30001/地址
2.7创建证书
2.7.1编写创建脚本
vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [
"10.25.245.87",
"10.25.245.83",
"10.25.245.84",
"10.25.247.141",
"10.25.247.142",
"10.25.247.143",
"10.25.247.144",
"10.25.247.145",
"10.25.193.138"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
2.7.2编辑dashboard-controller.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
nodeSelector:
disktype: etcd03
imagePullSecrets:
- name: registry-pull-secret
containers:
- name: kubernetes-dashboard
image: 10.25.193.138/teamco/kubernetes-dashboard-amd64:v1.8.3
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8443
protocol: TCP
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- name: tmp-volume
mountPath: /tmp
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
2.7.3重新更新应用
执行证书脚本
sh dashboard-cert.sh /root/k8s-cert/
kubectl apply -f dashboard-controller.yaml
2.7.4查看应用
kubectl get pods -n kube-system -o wide
2.8访问web
2.8.1再次访问https://10.25.247.143:30001/
2.8.2选择令牌登陆
kubectl create -f k8s-admin.yaml
2.8.3查看生成资源名字
kubectl get secret -n kube-system
2.8.4查看令牌
kubectl describe secret dashboard-admin-token-gs8z8 -n kube-system
2.9输入令牌token后内容
kubectl create -f k8s-admin.yaml