2. 程式人生 > 其它 >kubernetes1.18.5安裝kubernetes-dashboard2.0.0版本

kubernetes1.18.5安裝kubernetes-dashboard2.0.0版本

阿新 發佈:2021-06-30

Kubernetes dashboard是Kubernetes叢集的基於Web的通用UI。它允許使用者管理叢集中執行的應用程式並對其進行故障排除,以及管理叢集本身。

一、檢視系統pod

[root@master69 kubernetes]# kubectl get pods -n kube-system -o wide
NAME                               READY   STATUS    RESTARTS   AGE     IP             NODE             NOMINATED NODE   READINESS GATES
coredns
 
-66bff467f8-7kbhf           1/1     Running   0          42h     10.244.8.164   redis-02.hlqxt   <none>           <none>
coredns-66bff467f8-v6bw2           1/1     Running   0          42h     10.244.7.201   redis-01.hlqxt   <none>           <none>
etcd-master69                      1
 
/1     Running   0          3d17h   172.28.18.69   master69         <none>           <none>
kube-apiserver-master69            1/1     Running   0          3d16h   172.28.18.69   master69         <none>           <none>
kube-controller-manager-master69   1/1     Running   1          3d17h   172.28
 
.18.69   master69         <none>           <none>
kube-flannel-ds-5tthk              1/1     Running   0          41h     172.28.5.124   redis-02.hlqxt   <none>           <none>
kube-flannel-ds-7mr6j              1/1     Running   0          41h     172.28.18.69   master69         <none>           <none>
kube-flannel-ds-9ml9m              1/1     Running   0          41h     172.28.5.120   redis-01.hlqxt   <none>           <none>
kube-flannel-ds-ws8sc              1/1     Running   0          41h     172.28.5.125   redis-03.hlqxt   <none>           <none>
kube-proxy-6pzzk                   1/1     Running   0          41h     172.28.5.125   redis-03.hlqxt   <none>           <none>
kube-proxy-99jjj                   1/1     Running   1          41h     172.28.18.69   master69         <none>           <none>
kube-proxy-h7nl7                   1/1     Running   0          41h     172.28.5.124   redis-02.hlqxt   <none>           <none>
kube-proxy-lktgm                   1/1     Running   0          41h     172.28.5.120   redis-01.hlqxt   <none>           <none>
kube-scheduler-master69            1/1     Running   1          3d17h   172.28.18.69   master69         <none>           <none>

二、下載recommended.yaml檔案

[root@master69 kubernetes]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

三、修改recommended.yaml檔案

修改service(nodeport)方式

[root@master69 kubernetes]# vim recommended.yaml 
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort   #增加
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 31000  #增加
  selector:
    k8s-app: kubernetes-dashboard

因為自動生成的證書很多瀏覽器無法使用,所以我們自己建立,註釋掉kubernetes-dashboard-certs物件宣告

#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#  name: kubernetes-dashboard-certs
#  namespace: kubernetes-dashboard
#type: Opaque

四、建立證書

[root@master69 kubernetes]# mkdir /etc/kubernetes/dashboard-certs
[root@master69 kubernetes]# cd dashboard-certs/

1、建立namespace

[root@master69 dashboard-certs]# kubectl create namespace kubernetes-dashboard

2、建立私鑰key檔案

[root@master69 dashboard-certs]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
.......+++
...............................+++
e is 65537 (0x10001)
[root@master69 dashboard-certs]# ll
總用量 4
-rw-r--r-- 1 root root 1675 1月  13 13:48 dashboard.key

3、使用openssl req 生成證書請求檔案

生成證書請求檔案需要將申請者的私鑰以及公鑰放入證書請求中,但在實際操作中,只需要提供私鑰,openssl會自動從私鑰中提取公鑰另外,還需要將提供的資料進行數字簽名(使用單向加密),保證該證書請求檔案的完整性和一致性,防止他人盜取後進行篡改,例如黑客將為www.baidu.com所申請的證書請求檔案中的公司名改成對方的公司名稱,如果能夠篡改成功,則簽署該證書請求時,所頒發的證書資訊中將變成他人資訊。

根據私鑰生成一個證書請求檔案

[root@master69 dashboard-certs]# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'

檢視證書請求檔案

[root@master69 dashboard-certs]# openssl req -in dashboard.csr -text

驗證證書請求檔案

[root@master69 dashboard-certs]# openssl req -verify -in dashboard.csr 
verify OK
-----BEGIN CERTIFICATE REQUEST-----
MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOZGFzaGJvYXJkLWNlcnQwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRK3gJoOGpB+cxJJNvE0dl4/6xZgVFS1Sq
sx35t6dmiysf7Za+GwYWQbfHHXOjMvRMVSmBpodyQJirXUn0pnV+q2QIihOAub9f
8jsQO2e2uTSWKZ08OnAFqGaGQLMtzwHdsG1wqytVtA82afQsBkMK/rhACHxEwz8L
jesfeUqHc5jO86rjxN/AI70ndFMhq66L9WJGVVh5AAvfttQJC2TmYMlAC/nQesBi
L60TasrqB1NvyS0ko/VWAjqEIAeO93kEL2kx0GoOVwsddfI25POEsgTGjbAx+ir1
QLa8eyfl6nqrb/zKdQHVHBd/5Bsz/2ST2sbtsjqgDXoVY9NXV5AbAgMBAAGgADAN
BgkqhkiG9w0BAQsFAAOCAQEAYisttfpJfmyrkKej6Cvxq9VaW2OwBPX8z31fECU1
sGi7nCgk97mYMUqkhuVG6VzEw6ddrVMn4yCxssmKX4cGP0yJ8WeqjzygVGY7GDRc
HFucNqF2sljYHppSPgGWzxwCVGfq9RKc2bQPndY0FZbV97m2O5I5Rl81yz3NxEoO
vlN3G6h5KahAvv6LmwCowDGoBkn7is892EMZHHyhm3qLCBvFDQTuy/xwKcbIIJc7
yS57125PxoJNf/d3Ay75d+ABtiRGCkX7BalcGvLbnoNQnhKy2+1FBxBT+yFOAHvx
geBHvVxJP1rCCsu9yPnga6/mHpAfOLDQ+wQcPusO32xi7A==
-----END CERTIFICATE REQUEST-----

4、自簽證書

[root@master69 dashboard-certs]# openssl x509 -req -in dashboard.csr -signkey dashboard.key  -out dashboard.crt -days 3650
Signature ok
subject=/CN=dashboard-cert
Getting Private key
[root@master69 dashboard-certs]#

檢視證書有效期

[root@master69 dashboard-certs]# openssl x509 -in dashboard.crt -noout -dates
notBefore=Jan 13 06:47:32 2021 GMT
notAfter=Jan 11 06:47:32 2031 GMT
[root@master69 dashboard-certs]#

六、建立kubernetes-dashboard-certs物件

[root@master69 dashboard-certs]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created
[root@master69 dashboard-certs]# kubectl get secrets -n kubernetes-dashboard
NAME                   TYPE                                  DATA   AGE
default-token-nnxdk    kubernetes.io/service-account-token   3      65m
kubernetes-dashboard-certs   Opaque                                2      22s

七、建立dashboard

[root@master69 kubernetes]# kubectl create -f recommended.yaml            
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
Error from server (AlreadyExists): error when creating "recommended.yaml": clusterroles.rbac.authorization.k8s.io "kubernetes-dashboard" already exists
Error from server (AlreadyExists): error when creating "recommended.yaml": clusterrolebindings.rbac.authorization.k8s.io "kubernetes-dashboard" already exists

結尾的報錯資訊,是因為前面建立證書時,已經手動建立了namespace空間。

檢視kubernetes-dashboard空間的資源

[root@master69 kubernetes]# kubectl get all -n kubernetes-dashboard
NAME                                             READY   STATUS              RESTARTS   AGE
pod/dashboard-metrics-scraper-6b4884c9d5-dzhdh   1/1     Running             0          5m29s
pod/kubernetes-dashboard-7b544877d5-f9kg8        0/1     ContainerCreating   0          5m29s

NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.105.4.217   <none>        8000/TCP        5m29s
service/kubernetes-dashboard        NodePort    10.98.91.216   <none>        443:31000/TCP   5m29s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           5m29s
deployment.apps/kubernetes-dashboard        0/1     1            0           5m29s

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-6b4884c9d5   1         1         1       5m29s
replicaset.apps/kubernetes-dashboard-7b544877d5        1         1         0       5m29s
[root@master69 kubernetes]#

八、建立dashboard管理員

1、建立dashboard-admin.yaml檔案

[root@master69 kubernetes]# vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namspace: kubernetes-dashboard

儲存退出,建立使用者

[root@master69 kubernetes]# kubectl create -f dashboard-admin.yaml 
serviceaccount/dashboard-admin created
[root@master69 kubernetes]# 
[root@master69 kubernetes]# kubectl get ServiceAccount -n kubernetes-dashboard   
NAME                   SECRETS   AGE
dashboard-admin        1         40s
default                1         15m
kubernetes-dashboard   1         15m

2、為使用者分配許可權

建立dashboard-admin-bind-cluster-role.yaml檔案

[root@master69 kubernetes]# vim dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin   #繫結到cluster-admin角色
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

執行分配許可權

[root@master69 kubernetes]# kubectl create -f dashboard-admin-bind-cluster-role.yaml 
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-bind-cluster-role created
[root@master69 kubernetes]#

3、檢視使用者的token資料

首先檢視kubernetes-admin使用者的secret

[root@master69 kubernetes]# kubectl get secret -n kubernetes-dashboard -o wide|grep dashboard-admin
dashboard-admin-token-znrr4        kubernetes.io/service-account-token   3      23m
[root@master69 kubernetes]#

檢視詳細資訊

[root@master69 kubernetes]# kubectl describe secret dashboard-admin-token-znrr4 -n kubernetes-dashboard     
Name:         dashboard-admin-token-znrr4
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 24dd4aab-75fa-40dc-9d9b-851c4efa0c2d

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImktcWNVbUZtdkZ1VGxsbEJINld0ZW9YZzdua0JJRmNmNlhrR005eERDc00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tem5ycjQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjRkZDRhYWItNzVmYS00MGRjLTlkOWItODUxYzRlZmEwYzJkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.WaDgJJmVIUy78-YhBqDojhpG_swWUksa9bbxOHdyHX3bEitB1ccttEhD-CwonMcNPH1R0rdx5QJTZIKeKlYbIqJ_eJ7dtfKE-DO-pxnbd6JpeyKW9nIcVs5iCFgyL_rFVEiuYYgEVu-CRaIVaqb0zQCmzQPaeTiy_vzS0QCUHj4TYvpmZWclyE_BruuH57BS24-n2EA0iyvbHDwfb-t5aS87c9nhCeZ1XIPYVE8hF_nbKvbGdzd5PGUvvjV-5a2Q-SHFIau7JZFb2DenopnDlzMhPt_S_vrEOXJujCfeEV_28ovCvfgSZo1ITSRbeRkVHxoxs3O41Dd1RZ93gERtfg
ca.crt:     1025 bytes
namespace:  20 bytes
[root@master69 kubernetes]#

將token值複製出來

九、瀏覽器開啟https://masterip:31000

輸入token,登入

我們檢視工作量-pods

CPU和記憶體使用率沒有顯示,因為我們還沒有安裝Metrics-Server服務,請參考:kubernetes1.18安裝metrics-server服務

安裝以後,顯示如下

相關推薦

kubernetes1.18.5安裝kubernetes-dashboard2.0.0版本

Kubernetes dashboard是Kubernetes叢集的基於Web的通用UI。它允許使用者管理叢集中執行的應用程式並對其進行故障排除,以及管理叢集本身。

Ubuntu-12.04.5 安裝 oracle 12.2.0.1 資料庫database軟體

as of: 提示:對gcc的配置不敏感!好好。 #!/bin/sh ##ubunt-12.04 ##Linux ubuntu1204 3.13.0-32-generic #57~precise1-Ubuntu SMP Tue Jul 15 03:51:20 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

centos7安裝kubernetes1.18.5

一、設定hosts 修改主機名 [root@localhost kubernetes]# hostnamectl set-hostname master69 四臺伺服器安裝kebernetes,一個master節點和三個node節點(一主三從)

kubeadm安裝Kubernetes v1.24.0 docker

一、Kubernetes簡介 Kubernetes(簡稱K8S)是開源的容器叢集管理系統,可以實現容器叢集的自動化部署、自動擴縮容、維護等功能。它既是一款容器編排工具,也是全新的基於容器技術的分散式架構領先方案。在Docker技術

【K8S】K8S 1.18.2安裝dashboard(基於kubernetes-dashboard 2.0.0版本

【K8S】K8S 1.18.2安裝dashboard(基於kubernetes-dashboard 2.0.0版本) 寫在前面 K8S叢集部署成功了,如何對叢集進行視覺化管理呢?彆著急,接下來,我們一起搭建kubernetes-dashboard來解決這個問題。

windows7下mysql8.0.18部署安裝教程圖解

一、前期準備(windows7+mysql-8.0.18-winx64) 1.下載地址:https://dev.mysql.com/downloads/ 2.選擇直接下載不登入賬號,下載的壓縮包大概兩百多M,解壓後一個G左右

mysql8.0.18安裝winx64的詳細教程(圖文詳解)

到網站 https://dev.mysql.com/downloads/mysql/ 下載MySQL資料庫 解壓後進入目錄 D:\\Program Files\\mysql-8.0.18

mysql 8.0.18.zip安裝配置方法圖文教程(windows 64位)

關於解除安裝以前安裝版的資料庫,大家可以參考一下這篇文章。 解除安裝前記住一定要記得複製保留以前的資料,安裝版的資料是在

Ubuntu 18.04安裝MongoDB 4.0 的教程詳解

首先,匯入包管理的公鑰。 Ubuntu包管理工具(即dpkg和apt)要求發行商使用GPG金鑰簽署包,從而確保包的一致性和真實性。

CentOS7.5 安裝 Mysql8.0.19的教程圖文詳解

一、前言 此篇文章安裝mysql部分沒有截圖,適合有一定基礎的同學。 安裝方法是通過mysql官網下載的tar檔案,解壓後安裝rpm檔案。

86) 離線二進位制安裝kubernetes v1.18.5 生產CI-CD環境 [1. 環境部署篇]

1- 環境規劃說明 1.1- 系統環境 節點資訊 節點角色 主機名 IP cpu ram disk kernel 元件 master/worker

Ubuntu-12.04.5 再再再次安裝 oracle 11.2.0.4 資料庫database軟體(又不一樣了!)

重點:根本不需要libstdc++5 安裝setup-oracle11g-for-ubuntu-12.04.5.sh,如下: #!/bin/sh ##ubunt-12.04

Ubuntu 18.04 安裝R 4.0.2 和Rstudio server

1、軟體原始檔,新增CRAN源(預設安裝成功是R3.4版本,使用這個方法更新也是可以的)

centos7.5+ambari-2.7.4.0部署安裝

--環境資訊: namenodemaster.hadoop 公網:122.225.77.45 內網:192.168.1.45 yarnserver.hadoop 公網:122.225.77.46

ubuntu 18安裝aflgo(llvm-4.0)報錯解決

bug1 aggregate ‘sigaltstack handler_stack’ has incomplete type and cannot be defined bug2 aggregate ‘__esan::SidelineThread::runSideline(void*)::sigaltstack SigAltStack’ has incomplete ty

第二節 VMware View 6.0 菜鳥入門 vSphere 5.5 安裝和配置

第二節 VMware View 6.0 菜鳥入門 vSphere 5.5 安裝和配置 安裝vSphere 5.5 有兩種方式:

Zabbix 5.0 LTS 版本安裝

zabbix 5.0 版本5 月 11 日正式釋出,是最新的 LTS(長期支援)版本5.0 帶來很多功能和特性,後面會陸續推出文章介紹,下面主要介紹下 5.0 版本安裝,目前該LTS版本最新版本號為5.0.5

windows7下mysql8.0.18部署安裝

一、前期準備(windows7+mysql-8.0.18-winx64) 1.下載地址:             2.選擇直接下載不登入賬號,下載的壓縮包大概兩百多M,解壓後一個G左右

segmap重新安裝protobuf還是遇到了版本問題This program requires version 3.5.0 of the Protocol Buffer runtime

技術標籤:環境與庫segmap 1.問題描述 編譯好segmap後,滿心歡喜的去跑了一下程式

linux環境(centos 7.2)下redis5.0.5安裝

1.安裝 gcc yum install -y gcc 2.下載redis5.0.5 wget http://download.redis.io/releases/redis-5.0.5.tar.gz