内容简介:4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 复制代码
2.准备镜像
3.分析yaml文件
3.1Dashboard Secret
apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: OpaqueapiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system 复制代码
3.2 Dashboard Service Account
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system 复制代码
3.3 Dashboard Role & Role Binding
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system 复制代码
3.4 Dashboard Deployment
kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule 复制代码
3.5 Dashboard Service
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard 复制代码
四.修改配置文件
4.1默认访问方式是集群ip,并适合实际使用,所以先修改访问方式
type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 复制代码
4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
4.2.1删除 Dashboard Secret 部分
4.2.2重新生成证书,注意换成自己的ip
[root@dev-api ca]# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200' [root@dev-api ca]# ls dashboard.csr dashboard.key [root@dev-api ca]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt Signature ok subject=/CN=192.168.246.200 Getting Private key You have new mail in /var/spool/mail/root [root@dev-api ca]# ls dashboard.crt dashboard.csr dashboard.key [root@dev-api ca]# openssl x509 -in dashboard.crt -text -noout Certificate: Data: Version: 1 (0x0) Serial Number: b9:07:50:1a:19:79:36:6b Signature Algorithm: sha256WithRSAEncryption Issuer: CN=192.168.246.200 Validity Not Before: Jun 27 09:00:51 2019 GMT Not After : Jul 27 09:00:51 2019 GMT Subject: CN=192.168.246.200 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c5:a4:ad:9f:80:82:9f:ff:b0:04:8d:3f:99:3b: 65:93:76:a9:c3:89:87:da:21:41:45:a6:ab:da:01: f8:b4:08:cc:6a:2a:b4:94:05:9e:8d:38:9d:f7:a5: d7:f9:40:11:d8:85:18:04:9e:90:60:36:32:57:8f: f4:f8:59:5b:4b:74:f9:da:ec:30:a1:5e:86:45:83: d7:90:12:c7:ee:b6:b9:63:9b:1c:3b:fe:b2:79:95: f2:90:80:c8:be:2d:48:2f:fe:7d:ba:9a:3c:93:8f: 7d:82:04:4b:65:ef:70:7c:5b:92:5c:45:96:54:7e: 77:e9:a4:1b:ee:8a:44:14:c9:67:1e:f8:46:f1:a1: ef:78:e1:ed:21:01:6e:5b:b6:85:de:40:93:54:d2: 5c:a1:6f:9b:45:0c:d8:5f:77:a0:d1:e3:d8:0c:07: 28:cc:38:ed:a3:cb:ab:2e:33:3a:83:e3:18:3f:06: ac:21:2e:c0:e2:3e:af:f8:33:a7:06:2f:4e:6f:6d: 8d:c4:5d:56:52:b9:83:d9:d6:7d:f2:f5:9e:58:77: 47:47:f0:f8:da:09:a1:47:cf:16:f2:72:3a:c1:99: b2:eb:61:5a:a2:3c:49:7e:e4:b4:bd:76:05:d0:fe: 13:d1:8e:e4:9c:7b:fc:fb:97:16:41:40:2f:87:8c: 8f:fd Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption 70:d9:a1:3a:19:d6:76:9e:91:fc:39:92:4f:bc:3b:3e:70:f3: 72:d6:c2:f3:13:be:f8:0e:75:d3:3e:68:c1:43:95:a0:9a:3f: 96:f8:9c:de:23:a0:49:da:ce:fb:a8:cc:e6:34:9b:a9:aa:9f: 9d:86:bb:a9:6d:d2:80:8c:b2:3d:89:c9:ff:44:e6:b1:90:e2: 99:2e:c1:9a:83:d0:7a:f4:cd:2a:02:4f:51:2c:c5:f2:c4:cd: 34:79:36:e1:8a:ee:10:a0:e7:6d:31:14:02:57:27:53:9d:40: 02:4b:ee:e0:7d:17:ee:80:fa:b0:10:66:03:98:26:b3:16:a0: 62:5a:ac:7b:f8:5b:98:15:c8:68:26:bd:f4:c3:df:35:34:ab: c1:dc:fc:8f:5e:85:5d:cf:70:2f:83:72:68:4c:69:49:42:da: 28:06:a9:71:86:85:db:79:28:8e:5a:f2:cc:24:e1:71:b2:dc: 3f:6f:94:cf:19:8d:cd:18:3a:c8:be:e8:dc:8c:05:30:21:09: 54:ac:22:6d:e0:47:14:9f:16:07:4e:ed:6b:c5:d0:3e:73:37: 3b:12:85:83:34:1c:18:74:e4:96:af:6e:b5:b7:3f:60:58:e5: 09:8c:07:b2:19:77:bd:61:d0:a5:0a:56:6b:c3:4b:f7:c5:bc: 3d:d0:74:9e [root@dev-api ca]# ls dashboard.crt dashboard.csr dashboard.key 复制代码
4.2.3 生成自己的secret
kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt kubectl -n kube-system get secret |grep kubernetes-dashboard-certs kubernetes-dashboard-certs Opaque 2 88m 复制代码
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:- linux 部署golang 项目(直接部署和基于nginx部署)
- 部署策略对比:蓝绿部署、金丝雀发布及其他
- 使用Docker容器化部署实践之Django应用部署(一)
- 【前端打包部署】谈一谈我在SPA项目打包=>部署的处理
- 「实战篇」开源项目docker化运维部署-后端java部署(七)
- Kubernetes 中的渐进式交付:蓝绿部署和金丝雀部署
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
应用密码学:协议、算法与C源程序(原书第2版)
(美)Bruce Schneier / 吴世忠、祝世雄、张文政 等 / 机械工业出版社 / 2014-1 / 79.00
......我所读过的关于密码学最好的书......该书是美国国家安全局最不愿意见到出版的书...... —— 《Wired》 ......不朽的......令人着迷的......计算机程序员必读的密码学上决定性的著作...... —— 《Dr.Dobb's Journal》 ......该领域勿庸置疑的一本权威之作。 —— 《PC Magazine》 ..........一起来看看 《应用密码学:协议、算法与C源程序(原书第2版)》 这本书的介绍吧!