欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

019.Kubernetes二进制部署插件dashboard

程序员文章站 2022-07-01 15:50:41
一 修改配置文件 1.1 下载解压 1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/ 2 [root@k8smaster01 kubernetes]# tar -xzvf kubernetes-src.tar.gz 提示:k8smaster01 ......

一 修改配置文件

1.1 下载解压

  1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/
  2 [root@k8smaster01 kubernetes]# tar -xzvf kubernetes-src.tar.gz
提示:k8smaster01节点已解压完毕,可直接修改配置。

1.2 修改配置

  1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard
  2 [root@k8smaster01 dashboard]# vi dashboard-service.yaml
  3 ……
  4   type: nodeport			#增加此行,使用node形式访问
  5 ……
  6 #使用node方式访问dashboard

1.3 修改为国内源

  1 [root@k8smaster01 dashboard]# vi dashboard-controller.yaml
  2 ……
  3         image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
  4 ……
提示:将yaml文件中的image字段修改为mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1。

二 创建 dashboard

2.1 创建dashboard并检查

  1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard
  2 [root@k8smaster01 dashboard]# kubectl apply -f .

2.2 查看分配的nodeport

  1 [root@k8smaster01 ~]# kubectl get deployment kubernetes-dashboard -n kube-system
  2 name                  ready    up-to-date    available    age
  3 kubernetes-dashboard  1/1      1             1            84s
  4 [root@k8smaster01 ~]# kubectl --namespace kube-system get pods -o wide
  5 [root@k8smaster01 ~]# kubectl get services kubernetes-dashboard -n kube-system
019.Kubernetes二进制部署插件dashboard
提示:k8smaster02 nodeport 31181 映射到 dashboard pod 443 端口。

2.3 查看dashboard参数

  1 [root@k8smaster01 ~]# kubectl exec --namespace kube-system -it kubernetes-dashboard-7848d45466-bgz94  -- /dashboard --help
提示:dashboard 的 --authentication-mode 支持 token、basic,默认为 token。如果使用 basic,则 kube-apiserver 必须配置 --authorization-mode=abac 和 --basic-auth-file 参数。

三 dashboard验证方式

由于kubernetes默认证书可能过期导致无法访问dashboard,本实验在已成功部署kubernetes后手动重新创建证书。

3.1 创建证书

  1 [root@k8smaster01 ~]# cd /opt/k8s/work/
  2 [root@k8smaster01 work]# openssl genrsa -out dashboard.key 2048
  3 [root@k8smaster01 work]# openssl rsa -passin pass:x -in dashboard.key -out dashboard.key
  4 [root@k8smaster01 work]# openssl req -new -key dashboard.key -out dashboard.csr
  5 -----
  6 country name (2 letter code) [xx]:cn
  7 state or province name (full name) []:shanghai
  8 locality name (eg, city) [default city]:shanghai
  9 organization name (eg, company) [default company ltd]:k8s
 10 organizational unit name (eg, section) []:system
 11 [root@k8smaster01 work]# openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
 12 [root@k8smaster01 work]# openssl x509  -noout -text -in ./dashboard.crt		#查看证书

3.2 分发证书

  1 [root@k8smaster01 ~]# cd /opt/k8s/work
  2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh
  3 [root@k8smaster01 work]# for all_ip in ${all_ips[@]}
  4   do
  5     echo ">>> ${all_ip}"
  6     scp dashboard.* root@${all_ip}:/etc/kubernetes/cert
  7   done

3.3 修改默认证书配置

  1 [root@k8smaster01 work]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard
  2 [root@k8smaster01 dashboard]# kubectl delete -f .		#删除使用默认证书所创建的dashboard
  3 [root@k8smaster01 dashboard]# ll /etc/kubernetes/cert/dashboard.*
  4 -rw-r--r-- 1 root root 1.2k jun 28 18:06 /etc/kubernetes/cert/dashboard.crt
  5 -rw-r--r-- 1 root root  976 jun 28 18:06 /etc/kubernetes/cert/dashboard.csr
  6 -rw-r--r-- 1 root root 1.7k jun 28 18:06 /etc/kubernetes/cert/dashboard.key
  7 
  8 [root@master dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file="/etc/kubernetes/cert/dashboard.crt,/etc/kubernetes/cert/dashboard.key" -n kube-system	#挂载新证书到dashboard
  9 [root@master dashboard]# kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml	#查看新证书

3.4 重新部署dashboard

  1 [root@k8smaster01 work]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard
  2 [root@master dashboard]# kubectl apply -f .
  3 [root@master dashboard]# kubectl get pods --namespace=kube-system | grep dashboard		#确认验证

3.5 确认验证

  1 [root@k8smaster01 ~]# kubectl get deployment kubernetes-dashboard -n kube-system
  2 [root@k8smaster01 ~]# kubectl --namespace kube-system get pods -o wide
  3 [root@k8smaster01 ~]# kubectl get services kubernetes-dashboard -n kube-system
019.Kubernetes二进制部署插件dashboard
提示:k8smaster03 nodeport 30938 映射到 dashboard pod 443 端口。

四 访问dashboard

3.1 导入证书

将dashboard.crt导入ie浏览器,并设置为信任,导入操作略。

3.2 访问方式

本实验采用nodeip:nodepord方式访问。
浏览器访问:https://172.24.8.73:30938
019.Kubernetes二进制部署插件dashboard
提示:
更多dashboard访问方式及认证可参考《附004.kubernetes dashboard简介及使用》。
dashboard登录整个流程可参考:https://www.cnadn.net/post/2613.htm
apiserver方式见3.4,kubeconfig验证方式见《附006.kubernetes身份认证》中的3.5。

五 验证方式

5.1 创建token

  1 [root@k8smaster01 ~]# kubectl create sa dashboard-admin -n kube-system
  2 [root@k8smaster01 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
  3 [root@k8smaster01 ~]# admin_secret=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
  4 [root@k8smaster01 ~]# dashboard_login_token=$(kubectl describe secret -n kube-system ${admin_secret} | grep -e '^token' | awk '{print $2}')
  5 [root@k8smaster01 ~]# echo ${dashboard_login_token}	#输入登录的token
  6 eyjhbgcioijsuzi1niisimtpzci6iij9.eyjpc3mioijrdwjlcm5ldgvzl3nlcnzpy2vhy2nvdw50iiwia3vizxjuzxrlcy5pby9zzxj2awnlywnjb3vudc9uyw1lc3bhy2uioijrdwjllxn5c3rlbsisimt1ymvybmv0zxmuaw8vc2vydmljzwfjy291bnqvc2vjcmv0lm5hbwuioijkyxnoym9hcmqtywrtaw4tdg9rzw4tdmc5bwgilcjrdwjlcm5ldgvzlmlvl3nlcnzpy2vhy2nvdw50l3nlcnzpy2utywnjb3vudc5uyw1lijoizgfzagjvyxjklwfkbwluiiwia3vizxjuzxrlcy5pby9zzxj2awnlywnjb3vudc9zzxj2awnllwfjy291bnqudwlkijoiztlkngrjngutotk3oc0xmwu5ltkzntitmdawyzi5zme3ytc5iiwic3viijoic3lzdgvtonnlcnzpy2vhy2nvdw50omt1ymutc3lzdgvtomrhc2hib2fyzc1hzg1pbij9.x1njspnaagv2tzjo0nlqowfofdyossdkeiyhfgqfk5nny0nbbnfnnoh0yumj_ld0ngpakijepsuq9dqgcazecpgk5esygd6ulsg5sya2stlswbdozds3qzrojy5mxwd3vdc_oqofd94mzqhmmw7iabvlfvsz0vmevhe-qtyt6eqlflhq5qjwdx8dcqdkrbwuicr-iy_dcwhhihat25bref2viei8sz497d8h4txgo_u2cgf3qxrgnxj26vsdd8bt-bfgiddyuxpbdhpu5lalvxf4wthchrfjo4zhli2foxq8bbf6djbjhtg4x8fluvjaxf4ywamvs_78ejhha3nvrg

3.4 创建kubeconfig文件

使用token相对复杂,可将token添加至kubeconfig文件中,使用kubeconfig 文件访问dashboard。
  1 [root@k8smaster01 ~]# cd /opt/k8s/work/
  2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh
  3 [root@k8smaster01 work]# kubectl config set-cluster kubernetes \
  4   --certificate-authority=/etc/kubernetes/cert/ca.pem \
  5   --embed-certs=true \
  6   --server=${kube_apiserver} \
  7   --kubeconfig=dashboard.kubeconfig		# 设置集群参数
  8 [root@k8smaster01 work]# kubectl config set-credentials dashboard_user \
  9   --token=${dashboard_login_token} \
 10   --kubeconfig=dashboard.kubeconfig		# 设置客户端认证参数,使用上面创建的 token
 11 [root@k8smaster01 work]# kubectl config set-context default \
 12   --cluster=kubernetes \
 13   --user=dashboard_user \
 14   --kubeconfig=dashboard.kubeconfig		# 设置上下文参数
 15 [root@k8smaster01 work]# kubectl config use-context default --kubeconfig=dashboard.kubeconfig			# 设置默认上下文,将dashboard.kubeconfig文件导入,以便于浏览器使用该文件登录。

六 正式登录

6.1 kubeconfig访问

浏览器访问:https://172.24.8.73:30938
019.Kubernetes二进制部署插件dashboard

019.Kubernetes二进制部署插件dashboard
提示:由于缺少 heapster 插件,当前 dashboard 不能展示 pod、nodes 的 cpu、内存等统计数据和图表。

上一篇: 华为nova7 Pro首次采用70°环幕屏:仅重178g

下一篇: MySQL数据库(二)事务

推荐阅读