k8s 部署dashboard

栏目: 编程工具 · 发布时间: 5年前

内容简介:4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
复制代码

2.准备镜像

3.分析yaml文件

3.1Dashboard Secret

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: OpaqueapiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
复制代码

3.2 Dashboard Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
复制代码

3.3 Dashboard Role & Role Binding

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
复制代码

3.4 Dashboard Deployment

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
复制代码

3.5 Dashboard Service

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
复制代码

四.修改配置文件

4.1默认访问方式是集群ip,并适合实际使用,所以先修改访问方式

type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001

复制代码

4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤

4.2.1删除 Dashboard Secret 部分

4.2.2重新生成证书,注意换成自己的ip

[root@dev-api ca]# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200'
[root@dev-api ca]# ls
dashboard.csr  dashboard.key
[root@dev-api ca]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=192.168.246.200
Getting Private key
You have new mail in /var/spool/mail/root
[root@dev-api ca]# ls
dashboard.crt  dashboard.csr  dashboard.key
[root@dev-api ca]# openssl x509 -in dashboard.crt -text -noout
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            b9:07:50:1a:19:79:36:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=192.168.246.200
        Validity
            Not Before: Jun 27 09:00:51 2019 GMT
            Not After : Jul 27 09:00:51 2019 GMT
        Subject: CN=192.168.246.200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c5:a4:ad:9f:80:82:9f:ff:b0:04:8d:3f:99:3b:
                    65:93:76:a9:c3:89:87:da:21:41:45:a6:ab:da:01:
                    f8:b4:08:cc:6a:2a:b4:94:05:9e:8d:38:9d:f7:a5:
                    d7:f9:40:11:d8:85:18:04:9e:90:60:36:32:57:8f:
                    f4:f8:59:5b:4b:74:f9:da:ec:30:a1:5e:86:45:83:
                    d7:90:12:c7:ee:b6:b9:63:9b:1c:3b:fe:b2:79:95:
                    f2:90:80:c8:be:2d:48:2f:fe:7d:ba:9a:3c:93:8f:
                    7d:82:04:4b:65:ef:70:7c:5b:92:5c:45:96:54:7e:
                    77:e9:a4:1b:ee:8a:44:14:c9:67:1e:f8:46:f1:a1:
                    ef:78:e1:ed:21:01:6e:5b:b6:85:de:40:93:54:d2:
                    5c:a1:6f:9b:45:0c:d8:5f:77:a0:d1:e3:d8:0c:07:
                    28:cc:38:ed:a3:cb:ab:2e:33:3a:83:e3:18:3f:06:
                    ac:21:2e:c0:e2:3e:af:f8:33:a7:06:2f:4e:6f:6d:
                    8d:c4:5d:56:52:b9:83:d9:d6:7d:f2:f5:9e:58:77:
                    47:47:f0:f8:da:09:a1:47:cf:16:f2:72:3a:c1:99:
                    b2:eb:61:5a:a2:3c:49:7e:e4:b4:bd:76:05:d0:fe:
                    13:d1:8e:e4:9c:7b:fc:fb:97:16:41:40:2f:87:8c:
                    8f:fd
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         70:d9:a1:3a:19:d6:76:9e:91:fc:39:92:4f:bc:3b:3e:70:f3:
         72:d6:c2:f3:13:be:f8:0e:75:d3:3e:68:c1:43:95:a0:9a:3f:
         96:f8:9c:de:23:a0:49:da:ce:fb:a8:cc:e6:34:9b:a9:aa:9f:
         9d:86:bb:a9:6d:d2:80:8c:b2:3d:89:c9:ff:44:e6:b1:90:e2:
         99:2e:c1:9a:83:d0:7a:f4:cd:2a:02:4f:51:2c:c5:f2:c4:cd:
         34:79:36:e1:8a:ee:10:a0:e7:6d:31:14:02:57:27:53:9d:40:
         02:4b:ee:e0:7d:17:ee:80:fa:b0:10:66:03:98:26:b3:16:a0:
         62:5a:ac:7b:f8:5b:98:15:c8:68:26:bd:f4:c3:df:35:34:ab:
         c1:dc:fc:8f:5e:85:5d:cf:70:2f:83:72:68:4c:69:49:42:da:
         28:06:a9:71:86:85:db:79:28:8e:5a:f2:cc:24:e1:71:b2:dc:
         3f:6f:94:cf:19:8d:cd:18:3a:c8:be:e8:dc:8c:05:30:21:09:
         54:ac:22:6d:e0:47:14:9f:16:07:4e:ed:6b:c5:d0:3e:73:37:
         3b:12:85:83:34:1c:18:74:e4:96:af:6e:b5:b7:3f:60:58:e5:
         09:8c:07:b2:19:77:bd:61:d0:a5:0a:56:6b:c3:4b:f7:c5:bc:
         3d:d0:74:9e
[root@dev-api ca]# ls
dashboard.crt  dashboard.csr  dashboard.key
复制代码

4.2.3 生成自己的secret

kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt
kubectl -n kube-system get secret |grep kubernetes-dashboard-certs
kubernetes-dashboard-certs                       Opaque                                2      88m

复制代码

以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

应用密码学:协议、算法与C源程序(原书第2版)

应用密码学:协议、算法与C源程序(原书第2版)

(美)Bruce Schneier / 吴世忠、祝世雄、张文政 等 / 机械工业出版社 / 2014-1 / 79.00

......我所读过的关于密码学最好的书......该书是美国国家安全局最不愿意见到出版的书...... —— 《Wired》 ......不朽的......令人着迷的......计算机程序员必读的密码学上决定性的著作...... —— 《Dr.Dobb's Journal》 ......该领域勿庸置疑的一本权威之作。 —— 《PC Magazine》 ..........一起来看看 《应用密码学:协议、算法与C源程序(原书第2版)》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

URL 编码/解码
URL 编码/解码

URL 编码/解码