kubernets集群搭建web管理界面
K8S集群搭建web管理界面
一、部署前查看K8S集群状态
[root@master1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.191.131 NotReady 7d22h v1.12.3
192.168.191.132 Ready 7d21h v1.12.3
[root@master1 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h
二、在master节点部署UI界面1、创建dashboard工作目录
[root@master1 ~]# mkdir /k8s/dashboard
dashboard-configmap.yaml 配置映射服务
dashboard-deployment.yaml 控制器
dashboard-rbac.yaml 角色控制,访问控制
dashboard-secret.yaml 安全
dashboard-service.yaml 服务创建这些资源时的步骤:①身份角色②安全③配置映射④控制器⑤服务这里我使用dashboard的1.8.4版本。1.8.4版本中有一个配置文件叫controller.yaml,现在的是1.10版本,名称改deployment.yaml,都是控制器。
[root@master1 ~]# cd /k8s/dashboard/
[root@master1 dashboard]# ls
[root@master1 dashboard]# ls
dashboard-configmap.yaml dashboard-controller.yaml dashboard-rbac.yaml dashboard-secret.yaml dashboard-service.yaml k8s-admin.yaml
3.基于yaml文件创建pod资源
查看当前各个资源的状态命名空间
[root@master1 dashboard]# kubectl get ns
NAME STATUS AGE
default Active 7d23h
kube-public Active 7d23h
kube-system Active 7d23h
[root@master1 dashboard]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h
[root@master1 dashboard]# kubectl get pod -n kube-system
No resources found.
kubectl get all //这个all 包含pod、deployment、service和副本replicaset四个资源
[root@master1 dashboard]# kubectl get all #这个all 包含pod、deployment、service和副本replicaset四个个资源
NAME READY STATUS RESTARTS AGE
pod/nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 443/TCP 7d23h
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 1 1 1 1 5d14h
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dbddb74b8 1 1 1 5d14h
查看当前k8s中的角色
[root@master1 dashboard]# kubectl get Role -n kube-system
NAME AGE
extension-apiserver-authentication-reader 7d23h
system::leader-locking-kube-controller-manager 7d23h
system::leader-locking-kube-scheduler 7d23h
system:controller:bootstrap-signer 7d23h
system:controller:cloud-provider 7d23h
system:controller:token-cleaner 7d23h
创建rbac资源
[root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
查看创建后的资源状态
[root@master1 dashboard]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nginx-dbddb74b8-sx4m6 1/1 Running 0 5d14h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 443/TCP 7d23h
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 1 1 1 1 5d14h
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dbddb74b8 1 1 1 5d14h
查看角色,在配置文件中,角色的命名空间指定的是kube-system,所以查看的时候要-n指定
[root@master1 dashboard]# kubectl get role -n kube-system
NAME AGE
extension-apiserver-authentication-reader 7d23h
kubernetes-dashboard-minimal 3m
system::leader-locking-kube-controller-manager 7d23h
system::leader-locking-kube-scheduler 7d23h
system:controller:bootstrap-signer 7d23h
system:controller:cloud-provider 7d23h
system:controller:token-cleaner 7d23h
#创建身份角色
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
#创建安全管理
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
#配置映射服务
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
#创建控制器
#本文创建的是1.84版本所以使用的是controller.yaml,在1.10版本使用的是deployment.yaml,两者都是一样的,都是控制器
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
#创建服务
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
5.完成后查看创建在指定的kube-system命名空间下
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-m9gm8 0/1 ContainerCreating 0 88s
6.查看访问地址
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-m9gm8 1/1 Running 0 2m49s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.243 443:30001/TCP 2m24s
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <AGE
dashboard-admin-token-vnm9z kubernetes.io/service-account-token 3 65s
default-token-zb8bw kubernetes.io/service-account-token 3 8d
kubernetes-dashboard-certs Opaque 11 162s
kubernetes-dashboard-key-holder Opaque 2 262s
kubernetes-dashboard-token-ctfp9 kubernetes.io/service-account-token 3 62s
#查看令牌
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-vnm9z -n kube-system
Name: dashboard-admin-token-vnm9z
Namespace: kube-system
Labels:
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: de06f523-905f-11ea-80d3-000c29535012
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
//复制使用下面的令牌信息即可登录
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdm5tOXoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZGUwNmY1MjMtOTA1Zi0xMWVhLTgwZDMtMDAwYzI5NTM1MDEyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.gfj0Yba5aexCLCDiPp2MzFEesuFUOxqJf0HFofijRm5_MjucfsLVdIgWg4eIS8Vuf8Fz7JX0sqhhDN-j4KgNAfIi7ZwREDC73NExYCTpbcBZSVff9MA0ynmLcAySRUToDNS58My2ZQpPsDokI0-wrOyql-VQcTgKdJ3Qwj6wdZVvBGXJlWzDS4AxSZTdJVGJtrfN9SNr1372wqWY7QLJj3zn-mc6F5eLU-bR9DJ7909qSV7Vh-XSJtzbRpbxQk9AGo5r1Rb2I04fchiVLVVE8K362bLtGkjXulmybya_t1naG0_YRlOZDG3GOQcKG0KyvYcFjPWLX89uop7u2Tl5Kg
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
暂时没有评论,来抢沙发吧~