前言:Kubernetes Dashboard(仪表板)是Kubernetes集群的基于Web的通用UI。它允许用户管理集群中运行的应用程序,对其进行故障排除以及管理集群本身
Kubectl是管理k8s集群的命令行工具,通过生成的json格式传递给apiserver进行创建、查看、管理的操作
文章目录
一、Dashboard仪表板部署
1.部署
- 在master01上操作,创建dashboard工作目录
[root@master01 k8s]# mkdir dashboard
[root@master01 k8s]# cd dashboard/
- 拷贝官方的文件:文件地址
[root@master01 dashboard]# ls
dashboard-configmap.yaml//配置应用 dashboard-rbac.yaml//授权访问api dashboard-service.yaml//发布容器相关应用
dashboard-controller.yaml//控制器 dashboard-secret.yaml//安全加密 k8s-admin.yaml//生成令牌
- 创建指定yaml文件,这里注意创建的顺序不能出错,否则创建出来的pod资源不能使用
[root@master01 dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@master01 dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@master01 dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@master01 dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@master01 dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
-完成后查看创建在指定的kube-system名称空间下
[root@master01 dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-kw2gm 1/1 Running 0 34h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.195 <none> 443:30001/TCP 34h
- 此时便可以通过30001端口访问
- https://192.168.170.145:30001/
2.关于谷歌浏览器无法访问的问题
- 用谷歌浏览器访问会显示如下界面
- 点开右上角的自定义及控制,找到更多工具并点开开发者工具
- 找到security可以看到证书处于失败状态,所以需要创建自签证书让浏览器可以访问
1)自签证书
[root@master01 dashboard]# vim dashboard-cert.sh
cat > dashboard-scr.json << EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1 //证书的存放位置
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-scr.json | cfssljson -bare dashboard
//清空与同意生成
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
- 直接执行脚本
[root@master01 dashboard]# bash dashboard-cert.sh /root/k8s/k8s-sert/
2020/05/12 22:49:31 [INFO] generate received request
2020/05/12 22:49:31 [INFO] received CSR
2020/05/12 22:49:31 [INFO] generating key: rsa-2048
2020/05/12 22:49:31 [INFO] encoded CSR
2020/05/12 22:49:31 [INFO] signed certificate with serial number 179259715918697656123820654725947594940606429677
2020/05/12 22:49:31 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
[root@master01 dashboard]# ls
dashboard-cert.sh dashboard.csr dashboard-rbac.yaml dashboard-service.yaml
dashboard-configmap.yaml dashboard-key.pem dashboard-scr.json k8s-admin.yaml
dashboard-controller.yaml dashboard.pem//证书生成成功 dashboard-secret.yaml
- 应用证书,更改yaml文件
oot@master01 dashboard]# vim dashboard-controller.yaml
45 args: //在传参加入两句
46 # PLATFORM-SPECIFIC ARGS HERE
47 - --auto-generate-certificates
48 - --tls-key-file=dashboard-key.pem //添加
49 - --tle-cert-file=dashboard.pem //添加
//重新部署
[root@master01 dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
//注意地址
[root@master01 dashboard]# kubectl get pods -o wide -n kube-system
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
kubernetes-dashboard-7dffbccd68-7h6th 1/1