K8S网站页面
一、实验及步骤
1、实验准备
先具备多节点部署环境
Master01:192.168.150.128/24 kube-apiserver kube-controller-manager kube-scheduler etcd
Node01: 192.168.150.179/24 kubelet kube-proxy docker flannel etcd
Node02: 192.168.150.163/24 kubelet kube-proxy docker flannel etcd
Master02:192.168.150.130/24 安装软件同Master01
lb01: 192.168.150.131/24 nginx keepalived
lb02: 192.168.150.132/24 nginx keepalived
2、官网下载配置文件(master01)
cd /opt
mkdir dashboard
cd dashboard
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
##从官网上拷贝文件,我们采用本地上传这六个文件dashboard-configmap.yaml,dashboard-rbac.yaml,dashboard-service.yaml,dashboard-controller.yaml,dashboard-secret.yaml,k8s-admin.yaml
kubectl create -f dashboard-rbac.yaml ##创建资源
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml
kubectl get pods -n kube-system ##完成后查看创建在指定的kube-system命名空间下
kubectl get pods,svc -n kube-system ##查看如何访问
kubectl get pods -o wide ##查看pod网络
https://192.168.150.163:30001/ ##访问nodeIP就可以访问,显示您的连接不是私密连接
3、谷歌浏览器制作证书
vim dashboard-cert.sh ##文件中内容如下所示
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
4、添加证书内容
vim dashboard-controller.yaml ##增加两行内容
args:
#PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
kubectl apply -f dashboard-controller.yaml ##如果重新部署配置文件,不能生效,就先删除资源,再重新创建资源
bash dashboard-cert.sh /root/k8s/k8s-cert/
kubectl create -f k8s-admin.yaml ##生成令牌
kubectl get secret -n kube-system ##保存
kubectl describe secret dashboard-admin-token-qctfr -n kube-system ##查看令牌
5、测试
https://192.168.150.163:30001/
点击令牌,复制生成的令牌信息,粘贴到下面的文本框中,点击登录,可正常登录成功