kubernets集群搭建web管理界面

# 前端 2024-05-05 07:03 0 28 来源: 云博客

K8S集群搭建web管理界面

一、部署前查看K8S集群状态

[root@master1 ~]# kubectl get nodesNAME STATUS ROLES AGE VERSION192.168.191.131 NotReady <none> 7d22h v1.12.3192.168.191.132 Ready <none> 7d21h v1.12.3[root@master1 ~]# kubectl get podNAME READY STATUS RESTARTS AGEnginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h

二、在master节点部署UI界面
1、创建dashboard工作目录

[root@master1 ~]# mkdir /k8s/dashboard

2、推送官方的文件到本地
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
kubernets集群搭建web管理界面
五个导入文档详解:

  • dashboard-configmap.yaml 配置映射服务
  • dashboard-deployment.yaml 控制器
  • dashboard-rbac.yaml 角色控制,访问控制
  • dashboard-secret.yaml 安全
  • dashboard-service.yaml 服务
    创建这些资源时的步骤:
    ①身份角色
    ②安全
    ③配置映射
    ④控制器
    ⑤服务
    这里我使用dashboard的1.8.4版本。1.8.4版本中有一个配置文件叫controller.yaml,现在的是1.10版本,名称改deployment.yaml,都是控制器。
    [root@master1 ~]# cd /k8s/dashboard/[root@master1 dashboard]# ls[root@master1 dashboard]# lsdashboard-configmap.yaml dashboard-controller.yaml dashboard-rbac.yaml dashboard-secret.yaml dashboard-service.yaml k8s-admin.yaml

    3.基于yaml文件创建pod资源

  • 查看当前各个资源的状态
    命名空间
    [root@master1 dashboard]# kubectl get nsNAME STATUS AGEdefault Active 7d23hkube-public Active 7d23hkube-system Active 7d23h
    [root@master1 dashboard]# kubectl get podNAME READY STATUS RESTARTS AGEnginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h[root@master1 dashboard]# kubectl get pod -n kube-systemNo resources found.

    kubectl get all //这个all 包含pod、deployment、service和副本replicaset四个资源

    [root@master1 dashboard]# kubectl get all #这个all 包含pod、deployment、service和副本replicaset四个个资源NAME READY STATUS RESTARTS AGEpod/nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14hNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 7d23hNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdeployment.apps/nginx 1 1 1 1 5d14hNAME DESIRED CURRENT READY AGEreplicaset.apps/nginx-dbddb74b8 1 1 1 5d14h

    查看当前k8s中的角色

    [root@master1 dashboard]# kubectl get Role -n kube-systemNAME AGEextension-apiserver-authentication-reader 7d23hsystem::leader-locking-kube-controller-manager 7d23hsystem::leader-locking-kube-scheduler 7d23hsystem:controller:bootstrap-signer 7d23hsystem:controller:cloud-provider 7d23hsystem:controller:token-cleaner 7d23h
  • 创建rbac资源
    [root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
  • 查看创建后的资源状态
    [root@master1 dashboard]# kubectl get allNAME READY STATUS RESTARTS AGEpod/nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14hNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 7d23hNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdeployment.apps/nginx 1 1 1 1 5d14hNAME DESIRED CURRENT READY AGEreplicaset.apps/nginx-dbddb74b8 1 1 1 5d14h

    查看角色,在配置文件中,角色的命名空间指定的是kube-system,所以查看的时候要-n指定

    [root@master1 dashboard]# kubectl get role -n kube-systemNAME AGEextension-apiserver-authentication-reader 7d23hkubernetes-dashboard-minimal 3msystem::leader-locking-kube-controller-manager 7d23hsystem::leader-locking-kube-scheduler 7d23hsystem:controller:bootstrap-signer 7d23hsystem:controller:cloud-provider 7d23hsystem:controller:token-cleaner 7d23h
    #创建身份角色[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created#创建安全管理[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml secret/kubernetes-dashboard-certs createdsecret/kubernetes-dashboard-key-holder created#配置映射服务[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml configmap/kubernetes-dashboard-settings created#创建控制器#本文创建的是1.84版本所以使用的是controller.yaml,在1.10版本使用的是deployment.yaml,两者都是一样的,都是控制器[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml serviceaccount/kubernetes-dashboard createddeployment.apps/kubernetes-dashboard created#创建服务[root@localhost dashboard]# kubectl create -f dashboard-service.yaml service/kubernetes-dashboard created

    5.完成后查看创建在指定的kube-system命名空间下

    [root@localhost dashboard]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEkubernetes-dashboard-65f974f565-m9gm8 0/1 ContainerCreating 0 88s

6.查看访问地址

[root@localhost dashboard]# kubectl get pods,svc -n kube-systemNAME READY STATUS RESTARTS AGEpod/kubernetes-dashboard-65f974f565-m9gm8 1/1 Running 0 2m49sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/kubernetes-dashboard NodePort 10.0.0.243 <none> 443:30001/TCP 2m24s

此时访问node节点的ip地址
发现并不能访问到,因为此时是不信任的证书

7.创建证书

[root@localhost dashboard]# vim dashboard-cert.shcat > dashboard-csr.json <<EOF{ "CN": "Dashboard", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing" } ]}EOFK8S_CA=$1cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboardkubectl delete secret kubernetes-dashboard-certs -n kube-systemkubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system#执行生成认证证书[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/#在dashboard-controller.yaml的args标签下面增加证书两行[root@localhost dashboard]# vim dashboard-controller.yamlargs: # PLATFORM-SPECIFIC ARGS HERE - --auto-generate-certificates - --tls-key-file=dashboard-key.pem - --tls-cert-file=dashboard.pem#重新部署[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml

生成证书后即可正常访问

生成令牌

AGEdashboard-admin-token-vnm9z kubernetes.io/service-account-token 3 65sdefault-token-zb8bw kubernetes.io/service-account-token 3 8dkubernetes-dashboard-certs Opaque 11 162skubernetes-dashboard-key-holder Opaque 2 262skubernetes-dashboard-token-ctfp9 kubernetes.io/service-account-token 3 62s#查看令牌[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-vnm9z -n kube-systemName: dashboard-admin-token-vnm9zNamespace: kube-systemLabels: <none>Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: de06f523-905f-11ea-80d3-000c29535012Type: kubernetes.io/service-account-tokenData====ca.crt: 1359 bytesnamespace: 11 bytes//复制使用下面的令牌信息即可登录token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdm5tOXoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZGUwNmY1MjMtOTA1Zi0xMWVhLTgwZDMtMDAwYzI5NTM1MDEyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.gfj0Yba5aexCLCDiPp2MzFEesuFUOxqJf0HFofijRm5_MjucfsLVdIgWg4eIS8Vuf8Fz7JX0sqhhDN-j4KgNAfIi7ZwREDC73NExYCTpbcBZSVff9MA0ynmLcAySRUToDNS58My2ZQpPsDokI0-wrOyql-VQcTgKdJ3Qwj6wdZVvBGXJlWzDS4AxSZTdJVGJtrfN9SNr1372wqWY7QLJj3zn-mc6F5eLU-bR9DJ7909qSV7Vh-XSJtzbRpbxQk9AGo5r1Rb2I04fchiVLVVE8K362bLtGkjXulmybya_t1naG0_YRlOZDG3GOQcKG0KyvYcFjPWLX89uop7u2Tl5Kg


到这里K8S群集的web管理界面搭建完成了

相关文章

36.VUE — 认识 Webpack 和 安装
36.VUE — 认识 Webpack 和 安装
nginx + http + svn
nginx + http + svn
kubernets kube-proxy的代理 iptables和ipvs
kubernets kube-proxy的代理 iptables和ipvs
基于Docker搭建 Php-fpm + Nginx 环境
基于Docker搭建 Php-fpm + Nginx 环境
.net 5+ 知新:【1】 .Net 5 基本概念和开发环境搭建
.net 5+ 知新:【1】 .Net 5 基本概念和开发环境搭建
Three.js中显示坐标轴、平面、球体、四方体
Three.js中显示坐标轴、平面、球体、四方体