内容简介:4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 复制代码
2.准备镜像
3.分析yaml文件
3.1Dashboard Secret
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: OpaqueapiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
复制代码
3.2 Dashboard Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
复制代码
3.3 Dashboard Role & Role Binding
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system 复制代码
3.4 Dashboard Deployment
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
复制代码
3.5 Dashboard Service
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
复制代码
四.修改配置文件
4.1默认访问方式是集群ip,并适合实际使用,所以先修改访问方式
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
复制代码
4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
4.2.1删除 Dashboard Secret 部分
4.2.2重新生成证书,注意换成自己的ip
[root@dev-api ca]# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200'
[root@dev-api ca]# ls
dashboard.csr dashboard.key
[root@dev-api ca]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=192.168.246.200
Getting Private key
You have new mail in /var/spool/mail/root
[root@dev-api ca]# ls
dashboard.crt dashboard.csr dashboard.key
[root@dev-api ca]# openssl x509 -in dashboard.crt -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
b9:07:50:1a:19:79:36:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=192.168.246.200
Validity
Not Before: Jun 27 09:00:51 2019 GMT
Not After : Jul 27 09:00:51 2019 GMT
Subject: CN=192.168.246.200
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:a4:ad:9f:80:82:9f:ff:b0:04:8d:3f:99:3b:
65:93:76:a9:c3:89:87:da:21:41:45:a6:ab:da:01:
f8:b4:08:cc:6a:2a:b4:94:05:9e:8d:38:9d:f7:a5:
d7:f9:40:11:d8:85:18:04:9e:90:60:36:32:57:8f:
f4:f8:59:5b:4b:74:f9:da:ec:30:a1:5e:86:45:83:
d7:90:12:c7:ee:b6:b9:63:9b:1c:3b:fe:b2:79:95:
f2:90:80:c8:be:2d:48:2f:fe:7d:ba:9a:3c:93:8f:
7d:82:04:4b:65:ef:70:7c:5b:92:5c:45:96:54:7e:
77:e9:a4:1b:ee:8a:44:14:c9:67:1e:f8:46:f1:a1:
ef:78:e1:ed:21:01:6e:5b:b6:85:de:40:93:54:d2:
5c:a1:6f:9b:45:0c:d8:5f:77:a0:d1:e3:d8:0c:07:
28:cc:38:ed:a3:cb:ab:2e:33:3a:83:e3:18:3f:06:
ac:21:2e:c0:e2:3e:af:f8:33:a7:06:2f:4e:6f:6d:
8d:c4:5d:56:52:b9:83:d9:d6:7d:f2:f5:9e:58:77:
47:47:f0:f8:da:09:a1:47:cf:16:f2:72:3a:c1:99:
b2:eb:61:5a:a2:3c:49:7e:e4:b4:bd:76:05:d0:fe:
13:d1:8e:e4:9c:7b:fc:fb:97:16:41:40:2f:87:8c:
8f:fd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
70:d9:a1:3a:19:d6:76:9e:91:fc:39:92:4f:bc:3b:3e:70:f3:
72:d6:c2:f3:13:be:f8:0e:75:d3:3e:68:c1:43:95:a0:9a:3f:
96:f8:9c:de:23:a0:49:da:ce:fb:a8:cc:e6:34:9b:a9:aa:9f:
9d:86:bb:a9:6d:d2:80:8c:b2:3d:89:c9:ff:44:e6:b1:90:e2:
99:2e:c1:9a:83:d0:7a:f4:cd:2a:02:4f:51:2c:c5:f2:c4:cd:
34:79:36:e1:8a:ee:10:a0:e7:6d:31:14:02:57:27:53:9d:40:
02:4b:ee:e0:7d:17:ee:80:fa:b0:10:66:03:98:26:b3:16:a0:
62:5a:ac:7b:f8:5b:98:15:c8:68:26:bd:f4:c3:df:35:34:ab:
c1:dc:fc:8f:5e:85:5d:cf:70:2f:83:72:68:4c:69:49:42:da:
28:06:a9:71:86:85:db:79:28:8e:5a:f2:cc:24:e1:71:b2:dc:
3f:6f:94:cf:19:8d:cd:18:3a:c8:be:e8:dc:8c:05:30:21:09:
54:ac:22:6d:e0:47:14:9f:16:07:4e:ed:6b:c5:d0:3e:73:37:
3b:12:85:83:34:1c:18:74:e4:96:af:6e:b5:b7:3f:60:58:e5:
09:8c:07:b2:19:77:bd:61:d0:a5:0a:56:6b:c3:4b:f7:c5:bc:
3d:d0:74:9e
[root@dev-api ca]# ls
dashboard.crt dashboard.csr dashboard.key
复制代码
4.2.3 生成自己的secret
kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt kubectl -n kube-system get secret |grep kubernetes-dashboard-certs kubernetes-dashboard-certs Opaque 2 88m 复制代码
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- linux 部署golang 项目(直接部署和基于nginx部署)
- 部署策略对比:蓝绿部署、金丝雀发布及其他
- 使用Docker容器化部署实践之Django应用部署(一)
- 【前端打包部署】谈一谈我在SPA项目打包=>部署的处理
- 「实战篇」开源项目docker化运维部署-后端java部署(七)
- Kubernetes 中的渐进式交付:蓝绿部署和金丝雀部署
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
个性化网页设计与鉴赏
梁景红 / 西安电子科技大学出版社 / 2003-07-14 / 22.00
本书比较全面地介绍了网页设计应注意的相关问题, 在网页设计基础方面着重讲解了网页框架、页面元素、色彩设计,分析了一些人们容易忽视的细小环节,如页面装饰物、图片、文字、连接等。书中结合实例分析了优秀网页的设计创意思想,可以给读者提供一些启示。书中还介绍了作为网页设计者需要了解的信息管理和技术应用,以及网站VI设计和视觉美学等必要知识,读者可针对各种类别的站点具体实践这些知识,寻找进行网页设计的切入点......一起来看看 《个性化网页设计与鉴赏》 这本书的介绍吧!
