k8s-dashboard搭建
一,简单搭建,未使用ssl证书,可载谷歌浏览器访问
1,拉取镜像
docker pull gcrxio/kubernetes-dashboard-amd64:v1.10.1
docker tag gcrxio/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
# 为主节点打标签,使容器起在主节点,修改部署文件见第2步
kubectl label node k8s-master type=master
2,k8s dashboard 部署yaml
cat kubernetes-dashboard.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
nodeSelector:
type: master
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
此处为修改位置,添加了 :
imagePullPolicy: IfNotPresent #使用本地的镜像
nodeSelector: #容器起在主节点上
type: master
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
nodeSelector:
type: master
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
protocol: TCP
部署:
kubectl apply -f kubernetes-dashboard.yaml
查看:
kubectl get pods --all-namespaces
使用API Server 访问
https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
访问结果为:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}
这是因为没有进行认证,需要去创建一个证书
创建证书
#将kubectl的配置文件复制到$HOME/.kube/config中,$HOME/.kube/config 可能存在,可以先备份
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
生成p12文件
# 生成client-certificate-data
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
# 生成client-key-data
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
# 生成p12,这里会要求输入密码,记住这个密码
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
导入p12文件;可以在谷歌浏览器内导入私有证书
装过程中需要输入的密码则为生成p12文件过程中输入的密码
安装完成后,关闭所有的浏览器,再重新打开,就会显示让选择证书的界面,选择证书,就会出现登录界面。
创建用户
vi admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
kubectl create -f admin-user.yaml
用户绑定角色
vi admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl create -f admin-user-role-binding.yaml
获取token ,这个token 是系统默认的token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
访问
https://172.20.7.132:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
输入获取的token
参考感谢:
https://www.jianshu.com/p/073577bdec98
https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html
问题:
1,搭建使用了系统默认的证书,并未自己新建证书进行加载
2,对角色,用户绑定等知识点不熟
3,集成Heapster插件安装失败
4,细节不懂,只是照抄而已
操作的步骤
31 docker pull gcrxio/kubernetes-dashboard-amd64:v1.10.1
32 docker tag gcrxio/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
33 ll
34 cd /k8s/
35 ll
36 curl -O https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
37 ll
38 kubectl label node k8s-master type=master
39 vim kubernetes-dashboard.yaml
40 cat kubernetes-dashboard.yaml
41 rm kubernetes-dashboard.yaml
42 ll
43 wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
44 ll
45 wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
46 ll
47 vim kubernetes-dashboard.yaml
48 kubectl apply -f kubernetes-dashboard.yaml
49 kubectl get pods --all-namespaces
50 vim admin-user.yaml
51 kubectl create -f admin-user.yaml
52 vim admin-user-role-binding.yaml
53 kubectl create -f admin-user-role-binding.yaml
54 kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
55 kubectl cluster-info
56 ll
57 grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
58 ll
59 grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
60 openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
61 ll
62 ss -tanl
63 kubectl -n kube-system edit service kubernetes-dashboard
64 kubectl -n kube-system get service kubernetes-dashboard
65 kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
66 ll
67 kubectl create -f http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/influxdb/influxdb.yaml
68 ll
69 wget http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/influxdb/influxdb.yaml
70 kubectl create -f http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/influxdb/grafana.yaml
71 wget http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/influxdb/grafana.yaml
72 kubectl create -f http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/influxdb/heapster.yaml
73 wget http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/influxdb/heapster.yaml
74 kubectl create -f http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/rbac/heapster-rbac.yaml
75 wget http://mirror.faasx.com/kubernetes/heapster/deploy/kube-config/rbac/heapster-rbac.yaml
76 kubectl get pods --namespace=kube-system
k8s-dashboard搭建的更多相关文章
- Ubuntu下搭建Kubernetes集群(4)--部署K8S Dashboard
K8S Dashboard是官方的一个基于WEB的用户界面,专门用来管理K8S集群,并可展示集群的状态.K8S集群安装好后默认没有包含Dashboard,我们需要额外创建它. 首先我们执行命令: wg ...
- kubernetes实践之二:Kubernetes可视WEB UI Dashboard搭建
Kubernetes可视WEBUI Dashboard搭建 支持浏览器:火狐 一.Dashboard下载地址 git clone https://github.com/kubernetes/kuber ...
- Docker & k8s 系列二:本机k8s环境搭建
本篇将会讲解k8s是什么?本机k8s环境搭建,部署一个pod并演示几个kubectl命令,k8s dashboard安装. k8s是什么 k8s是kubernetes的简写,它是一个全新的基于容器技术 ...
- 【k8s】在AWS EKS部署并通过ALB访问k8s Dashboard保姆级教程
本教程适用范围 在AWS上使用EKS服务部署k8s Dashboard,并通过ALB访问 EKS集群计算节点采用托管EC2,并使用启动模板. 使用AWS海外账号,us-west-2区域 使用账号默认v ...
- 在k8s中搭建可解析hostname的DNS服务
2016-01-25更新 上篇文章总结k8s中搭建hbase时,遇到Pod中hostname的DNS解析问题,本篇将通过修改kube2sky源码来解决这个问题. 1 前言 kube2sky在Githu ...
- Hystrix + Hystrix Dashboard搭建(Spring Cloud 2.X)
本机IP为 192.168.1.102 一.搭建Hystrix Dashboard 1. 新建 Maven 项目 hystrix-dashboard 2. pom.xml <projec ...
- Alibaba Nacos 学习(五):K8S Nacos搭建,使用nfs
Alibaba Nacos 学习(一):Nacos介绍与安装 Alibaba Nacos 学习(二):Spring Cloud Nacos Config Alibaba Nacos 学习(三):Spr ...
- kubernetes学习14—Dashboard搭建和认证
本文收录在容器技术学习系列文章总目录 一.介绍 Kubernetes Dashboard是Kubernetes集群的基于Web的通用UI.它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管 ...
- k8s dashboard 安装和证书更新
1.k8s 搭建 参见https://blog.51cto.com/lizhenliang/2325770 [root@VM_0_48_centos ~]# kubectl get cs NAME ...
- k8s初始化搭建方法
http://www.cnblogs.com/cocowool/p/kubeadm_install_kubernetes.html https://www.kubernetes.org.cn/doc- ...
随机推荐
- vue项目与node项目分离
为了前后端分离,我们在前端和api层中间,架构了一层node层,用来做服务端渲染,来加快用户的首屏可用和对搜索引擎的友好.项目一开始放置在同一个git仓库里面,分别放在client目录和server目 ...
- idea 如何运行maven项目
1:run→Edit configurations 2:配置tomcat,左边如果没有tomcat server的话,点击 “+”,选择tomcat server→local,在右边server选项 ...
- 软件设计分为结构化设计(SD)
软件设计分为结构化设计(SD)与面向对象设计(OOD). 其中结构化设计SD是一种面向数据流的方法,它以SRS(软件需求规格说明书)和SA(结构化分析)阶段所产生的和数据字典等文档为基础,是一个自顶向 ...
- deepin之添加右键新建文档选项
deepin之添加右键新建文档选项 虽然Linux系统下所有皆文件,创建各种文件很简单,也很随意,但还是有人讨厌采用先创建空文件再改文件名的方式(比如我),我还是喜欢右键新建一个相应的源文件,可是默认 ...
- WorkStation Linux 客户端 虚拟机的使用过程
1. 安装Workstation 版本选择 12.5 以上的版本 2. 安装完成之后 选择 打开虚拟机->选择 ovf文件 选择 ovf 文件 选择读入即可 3. 设置虚拟机的选项: 3.1 ...
- sql中生成随机字符串的function
create or replace function random_string(integer) returns text as $body$ ))::) , $)), ''); $body$ la ...
- 【2019CSP-S游记】咕了好久了撒
对,证书已经发下来了,我才想起来写游记(虽然我个蒟蒻明明就是在写反思) 终于和父母商议好了以后怎么办,顺带找了一下班主任,在机房的电脑敲出来的(我来找教练,然后完全没找着,淦) 79分,众所周知CCF ...
- C++中的异常处理(上)
1,C++ 内置了异常处理的语法元素 try ... catch ...: 1,try 语句处理正常代码逻辑: 2,catch 语句处理异常情况: 3,try 语句中的异常由对应的 catch 语句处 ...
- tf-图像预处理
tensorflow 中自带了很多图像处理的方法,基本都在 tf.image 模块中,虽然不如 opencv 强大,但也比较常用,这里做个记录. 图像编解码 1. 用 tf 的方法读取图片后,都需要进 ...
- AtCoder Beginner Contest 072
这应该是我第二次打AtCoder, 题目其实并不难,就是自己经验不足想复杂了,再加上自己很笨,愣是做了97分钟才全做出来(最后三分钟,有点小激动..),看着前面大牛半个小时都搞完了,真心膜拜一下,代码 ...