kubernetes二进制集群部署----web页面的部署

kubernetes二进制集群部署----web页面的部署

一、部署环境

在前期多节点部署好的情况下部署web页面

二、部署步骤

• master01上操作

创建dashborad工作目录

[root@localhost k8s]# mkdir dashboard

把需要的yaml文件拖进来

[root@localhost dashboard]# ls

dashboard-configmap.yaml  dashboard-rbac.yaml   dashboard-service.yaml

dashboard-controller.yaml  dashboard-secret.yaml  k8s-admin.yaml

创建Pod资源有两种方式：

• 1、kubectl run 服务 --images=镜像，例如：kubectl run nginx --images=nginx
• 2、使用 yaml文件格式进行创建，即kubectl create -f yaml文件名

[root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml    #创建角色

[root@localhost dashboard]#kubectl get role -n kube-system

[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml 

[root@localhost dashboard]#kubectl get secret -n kube-system

[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml 

[root@localhost dashboard]#kubectl get configmap -n kube-system

[root@localhost dashboard]#kubectl get configmap -n kube-system

[root@localhost dashboard]#kubectl get ServiceAccount -n kube-system

[root@localhost dashboard]# kubectl create -f dashboard-service.yaml 

[root@localhost dashboard]#kubectl get Service -n kube-system

完成后查看创建在指定的kube-system命名空间下

[root@localhost dashboard]# kubectl get pods -n kube-system

NAME                                    READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-7dffbccd68-mscpt   1/1     Running   0          175m

查看如何访问

[root@localhost dashboard]# kubectl get pods,svc -n kube-system

NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-7dffbccd68-mscpt   1/1     Running   0          176m

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.117   <none>        443:30001/TCP   15h

三、访问web页面

3.1 火狐浏览器可以直接访问

访问nodeIP就可以访问：https://192.168.126.20:30001/

3.2 解决谷歌浏览器无法访问的问题

谷歌浏览器需要TLS证书才能访问。

[root@localhost dashboard]# vim dashboard-cert.sh

cat > dashboard-csr.json <<EOF

{

  "CN": "Dashboard",

  "hosts": [],

  "key": {

​    "algo": "rsa",

​    "size": 2048

  },

  "names": [

​    {

​      "C": "CN",

​      "L": "BeiJing",

​      "ST": "BeiJing"

​    }

  ]

}

EOF

 

K8S_CA=$1

cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard

kubectl delete secret kubernetes-dashboard-certs -n kube-system

kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/

[root@localhost dashboard]# vim dashboard-controller.yaml
在 args目录下，添加生成的两个证书的路径：
 args:

#PLATFORM-SPECIFIC ARGS HERE

\- --auto-generate-certificates

\- --tls-key-file=dashboard-key.pem

\- --tls-cert-file=dashboard.pem

• 接下来，进行重新部署（用apply更新）：

[root@localhost dashboard]# vim dashboard-controller.yaml

args:

​     \# PLATFORM-SPECIFIC ARGS HERE

​     \- --auto-generate-certificates

​     \- --tls-key-file=dashboard-key.pem

​     \- --tls-cert-file=dashboard.pem

//重新部署（注意：当apply不生效时，先使用delete清除资源，再apply创建资源）

[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml 

Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply

serviceaccount/kubernetes-dashboard configured

Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply

deployment.apps/kubernetes-dashboard configured

• 生成令牌

[root@localhost dashboard]# kubectl create -f k8s-admin.yaml 

serviceaccount/dashboard-admin created

clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

• 保存

[root@localhost dashboard]# kubectl get secret -n kube-system

• 查看令牌

[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-qctfr -n kube-system