kubernetes二进制集群部署----web页面的部署
一、部署环境
在前期多节点部署好的情况下部署web页面
二、部署步骤
- master01上操作
创建dashborad工作目录
[root@localhost k8s]# mkdir dashboard
把需要的yaml文件拖进来
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
创建Pod资源有两种方式:
- 1、kubectl run 服务 --images=镜像,例如:kubectl run nginx --images=nginx
- 2、使用 yaml文件格式进行创建,即kubectl create -f yaml文件名
[root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml #创建角色
[root@localhost dashboard]#kubectl get role -n kube-system
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
[root@localhost dashboard]#kubectl get secret -n kube-system
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
[root@localhost dashboard]#kubectl get configmap -n kube-system
[root@localhost dashboard]#kubectl get configmap -n kube-system
[root@localhost dashboard]#kubectl get ServiceAccount -n kube-system
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
[root@localhost dashboard]#kubectl get Service -n kube-system
完成后查看创建在指定的kube-system命名空间下
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-7dffbccd68-mscpt 1/1 Running 0 175m
查看如何访问
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-7dffbccd68-mscpt 1/1 Running 0 176m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.117 <none> 443:30001/TCP 15h
三、访问web页面
3.1 火狐浏览器可以直接访问
访问nodeIP就可以访问:https://192.168.126.20:30001/
3.2 解决谷歌浏览器无法访问的问题
谷歌浏览器需要TLS证书才能访问。
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
[root@localhost dashboard]# vim dashboard-controller.yaml
在 args目录下,添加生成的两个证书的路径:
args:
#PLATFORM-SPECIFIC ARGS HERE
\- --auto-generate-certificates
\- --tls-key-file=dashboard-key.pem
\- --tls-cert-file=dashboard.pem
- 接下来,进行重新部署(用apply更新):
[root@localhost dashboard]# vim dashboard-controller.yaml
args:
\# PLATFORM-SPECIFIC ARGS HERE
\- --auto-generate-certificates
\- --tls-key-file=dashboard-key.pem
\- --tls-cert-file=dashboard.pem
//重新部署(注意:当apply不生效时,先使用delete清除资源,再apply创建资源)
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
- 生成令牌
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
- 保存
[root@localhost dashboard]# kubectl get secret -n kube-system
- 查看令牌
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-qctfr -n kube-system