前言:
接上一篇负载均衡部署(3)部署UI界面
yaml下载:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
部署环境
负载均衡
Nginx1:192.168.13.128/24
Nginx2:192.168.13.129/24
Master节点
master1:192.168.13.131/24 kube-apiserver kube-controller-manager kube-scheduler etcd
master2:192.168.13.130/24 kube-apiserver kube-controller-manager kube-scheduler etcd
Node节点
node1:192.168.13.132/24 kubelet kube-proxy docker flannel etcd
node2:192.168.13.133/24 kubelet kube-proxy docker flannel etcd
1,在master01上创建dashboard
[[email protected] ~]# cd k8s/
[[email protected] k8s]# mkdir dashboard ##创建工作目录
[[email protected] k8s]# cd dashboard/
[[email protected] dashboard]# rz -E ##上传dashboard的yaml文件
[[email protected] dashboard]# ls
dashboard-configmap.yaml ##配置应用
dashboard-rbac.yaml ##授权访问api
dashboard-service.yaml ##发布应用
dashboard-controller.yaml ##控制器
dashboard-secret.yaml ##安全加密
k8s-admin.yaml ##生成令牌
[[email protected] dashboard]# kubectl create -f dashboard-rbac.yaml ##创建api授权
[[email protected] dashboard]# kubectl create -f dashboard-secret.yaml ##创建安全加密
[[email protected] dashboard]# kubectl create -f dashboard-configmap.yaml ##创建配置
[[email protected] dashboard]# kubectl create -f dashboard-controller.yaml ##创建应用
[[email protected] dashboard]# kubectl create -f dashboard-service.yaml ##创建发布
[[email protected] dashboard]# kubectl get pods -n kube-system
##查看创建在指定的kube-system命名空间
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-xwhcb 1/1 Running 0 2m31s
[[email protected] dashboard]# kubectl get pods,svc -n kube-system ##查看如何访问
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-xwhcb 1/1 Running 0 4m55s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.119 <none> 443:30001/TCP 4m51s
2,用浏览器访问node节点ip(Google浏览器无法访问的问题)
##更多工具——开发者工具——security
3,进行自签证书
[[email protected] dashboard]# vim dashboard-cert.sh ##创建证书脚本文件
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
[[email protected] dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
##执行证书脚本,指定证书的应用
[[email protected] dashboard]# ls ##查看生成的证书
dashboard-cert.sh dashboard-csr.json dashboard-secret.yaml
dashboard-configmap.yaml dashboard-key.pem dashboard-service.yaml
dashboard-controller.yaml dashboard.pem k8s-admin.yaml
dashboard.csr dashboard-rbac.yaml
[[email protected] dashboard]# vim dashboard-controller.yaml ##修改应用配置文件
45 args:
46 # PLATFORM-SPECIFIC ARGS HERE
47 - --auto-generate-certificates
48 - --tls-key-file=dashboard-key.pem ##添加证书文件
49 - --tls-cert-file=dashboard.pem ##添加证书文件
[[email protected] dashboard]# kubectl apply -f dashboard-controller.yaml ##重新部署
4,重新用浏览器访问node1节点地址
5,生成令牌,进行使用UI界面
vim k8s-admin.yaml ##证书生成的yaml配置文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
[[email protected] dashboard]# kubectl create -f k8s-admin.yaml ##生成令牌
[[email protected] dashboard]# kubectl get secret -n kube-system ##保存令牌
NAME TYPE DATA AGE
dashboard-admin-token-489x2 kubernetes.io/service-account-token 3 2m2s
[[email protected] dashboard]# kubectl describe secret dashboard-admin-token-489x2 -n kube-system
##查看令牌
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNDg5eDIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiY2Q2NzQ4NGYtNGJjZi0xMWVhLThkZTAtMDAwYzI5ZjNiNTNiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.lXmRZS2TSk5HHmXzrjvp8ISj4fna_anekJDCZW5NV7vB45s-IZTq7VLG1qd8MfMP0MCOQgKdE-1ulg9b6ql3a6zbUJe848mk99yVOIwKbZTN2M-SG848ljSAjCt66rUkilbcTqByK719rTLbwTtmibgI7jy1NXeZXp_Q_8QE8aXAfJz1EnxI3kbz7Qr1FetZ1O1hTnzc-hEwCgUOMhMZsheBBry9SahXj-3fYNRyK1MpuhkDleNyjQnuNfdsSmgrJI1HvVNczw_tYNQb1QqpppegAdLNvIArMmIDA15q_vL9Wg7h9nb8Ay3KSss7IgHkqN1YxTNdWZyeMpEt9pPQOw
6,利用令牌进行登录
##成功访问到UI界面
k8s部署全部完成,谢谢阅读!!!
原文地址:https://blog.51cto.com/14080162/2470075