6.kubernetes的GUI资源管理插件-dashboard
目录
1.准备dashboard镜像
2.创建资源配置清单
3.应用资源配置清单
4.查看创建的资源
5.解析域名
6.浏览器访问
7.令牌命令行获取方式
准备dashboard镜像
[root@hdss7-200 k8s-yaml]# docker pull k8scn/kubernetes-dashboard-amd64:v1.8.3
[root@hdss7-200 k8s-yaml]# docker images|grep dashboard
[root@hdss7-200 k8s-yaml]# docker tag fcac9aa03fd6 harbor.fx.com/public/dashboard:v1.8.3
[root@hdss7-200 k8s-yaml]# docker push harbor.fx.com/public/dashboard:v1.8.3
创建资源配置清单
[root@hdss7-200 k8s-yaml]# mkdir -p /data/k8s-yaml/dashboard && cd /data/k8s-yaml/dashboard
rabc.yaml
[root@hdss7-200 dashboard]# vim rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
dp.yaml
[root@hdss7-200 dashboard]# vi dp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-dashboard
image: harbor.fx.com/public/dashboard:v1.8.3
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8443
protocol: TCP
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
volumeMounts:
- name: tmp-volume
mountPath: /tmp
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard-admin
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
svc.yaml
[root@hdss7-200 dashboard]# vim svc.yaml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
ingress.yaml
[root@hdss7-200 dashboard]# vim ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: dashboard.fx.com
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
应用资源配置清单
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/rbac.yaml
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/dp.yaml
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/svc.yaml
[root@hdss7-21 ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/ingress.yaml
查看创建的资源
[root@hdss7-21 ~]# kubectl get pods -n kube-system
[root@hdss7-21 ~]# kubectl get svc -n kube-system
[root@hdss7-21 ~]# kubectl get ingress -n kube-system
解析域名
[root@hdss7-11 ~]# vim /var/named/fx.com.zone
$ORIGIN fx.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.fx.com. dnsadmin.fx.com. (
2020061010 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS dns.fx.com.
$TTL 60 ; 1 minute
dns A 10.4.7.11
harbor A 10.4.7.200
k8s-yaml A 10.4.7.200
traefik A 10.4.7.10
dashboard A 10.4.7.10
[root@hdss7-11 ~]# systemctl restart named
浏览器访问
http://dashboard.fx.com/
创建dashboard证书
[root@hdss7- certs]# (umask ; openssl genrsa -out dashboard.fx.com.key )
[root@hdss7- certs]# openssl req -new -key dashboard.fx.com.key -out dashboard.fx.com.csr -subj "/CN=dashboard.fx.com/C=CN/ST=BJ/L=Beijing/O=fangxing/OU=ops"
[root@hdss7- certs]# openssl x509 -req -in dashboard.fx.com.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out dashboard.fx.com.crt -days
拷贝证书
在HDSS7-11.host.com上
[root@hdss7- conf.d]# mkdir -p /etc/nginx/certs && cd /etc/nginx/certs
[root@hdss7- certs]# scp hdss7-:/opt/certs/dashboard.fx.com.crt .
[root@hdss7- certs]# scp hdss7-:/opt/certs/dashboard.fx.com.key .
注:HDSS7-12.host.com也需要copy证书
配置nginx证书
在HDSS7-11.host.com上
[root@hdss7- conf.d]# vim dashboard.fx.com.conf
server {
listen ;
server_name dashboard.fx.com; rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen ssl;
server_name dashboard.fx.com; ssl_certificate "certs/dashboard.fx.com.crt";
ssl_certificate_key "certs/dashboard.fx.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on; location / {
proxy_pass http://default_backend_traefik;
proxy_set_header Host $http_host;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
}
}
注:HDSS7-12.host.com也需要配置nginx
令牌命令行获取方式
[root@hdss7-21 ~]# kubectl get secret -n kube-system
[root@hdss7-21 ~]# kubectl describe secret kubernetes-dashboard-admin-token-c8gsp -n kube-system
Name: kubernetes-dashboard-admin-token-c8gsp
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard-admin
kubernetes.io/service-account.uid: 22e7c7e4-8c03-4dad-a942-2a00a6689d14 Type: kubernetes.io/service-account-token Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi1jOGdzcCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjIyZTdjN2U0LThjMDMtNGRhZC1hOTQyLTJhMDBhNjY4OWQxNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.eM2aJ7L9amwdo6XHYT2S5w6FMTdsu8u6hmB5bAcLrDJPwdiNMevriF9LensNtdobZlUd10qTmJ_uVDl7W_pW7sycN1MYpSyre7FPMiwaH8bSpcwCibgMSoCA5ce9eShePJ14iErBD12h1ru0BI1O-Vk-WC9yfBdrbBG4e9R3YclaKCo38Y7wS2WgMi0intELPyG-Sb8s3BTpPdnFBN5I_FAFtmAmonpuAz17FpxrMxF7ZlJXxhPwY1GoAHkKDkvw3J3z6peEGAazqZup-N4b6cjAyIucLd4xNbUXviAP6lGDGFAaHF7E-oN2Ec8WWNm3M26m2I3zxb_fyl8v9lNacQ
ca.crt: 1342 bytes
namespace: 11 bytes
注:令牌对应的是token
验证令牌登录
部署heapster
[root@hdss7- dashboard]# mkdir heapster
[root@hdss7- heapster]# docker pull quay.io/bitnami/heapster:1.5.
[root@hdss7- heapster]# docker tag c359b95ad38b harbor.fx.com/public/heapster:v1.5.4
[root@hdss7- heapster]# docker push harbor.fx.com/public/heapster:v1.5.4
应用heapster配置清单
[root@hdss7- ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/heapster/rbac.yaml
[root@hdss7- ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/heapster/deployment.yaml
[root@hdss7- ~]# kubectl apply -f http://k8s-yaml.fx.com/dashboard/heapster/svc.yaml
重新登录dashboard查看
6.kubernetes的GUI资源管理插件-dashboard的更多相关文章
- 第十三章 k8s的GUI资源管理插件--dashboard
1.部署Kubernetes-dashboard 1.1 准备dashboard镜像 在10.4.7.200上操作 [root@hdss7-200 ~]# docker pull k8scn/kube ...
- kubernetes 1.14安装部署dashboard
简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...
- Kubernetes 部署Web UI (Dashboard)
Kubernetes 部署Web UI (Dashboard) 项目下载地址:https://github.com/kubernetes/kubernetes/tree/master/cluster/ ...
- Kubernetes V1.16.2部署Dashboard V2.0(beta5)
Kubernetes V1.16.2部署Dashboard V2.0(beta5) 在Master上部署Dashboard 集群安装部署请看安装Kubernetes V1.16.2 kubectl g ...
- 第21 章 : Kubernetes 存储架构及插件使用
Kubernetes 存储架构及插件使用 本文将主要分享以下三方面的内容: Kubernetes 存储体系架构: Flexvolume 介绍及使用: CSI 介绍及使用. Kubernetes 存储体 ...
- 第18 章 : Kubernetes 调度和资源管理
Kubernetes 调度和资源管理 这节课主要讲三部分的内容: Kubernetes 的调度过程: Kubernetes 的基础调度能力(资源调度.关系调度): Kubernetes 高级调度能力( ...
- 019.Kubernetes二进制部署插件dashboard
一 修改配置文件 1.1 下载解压 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/ [root@k8smaster01 kubernetes]# ...
- Kubernetes系列之Coredns and Dashboard介绍篇
本次系列使用的所需部署包版本都使用的目前最新的或最新稳定版,安装包地址请到公众号内回复[K8s实战]获取 介绍 项目地址:https://github.com/coredns/coredns Core ...
- kubernetes实战(二十八):Kubernetes一键式资源管理平台Ratel安装及使用
1. Ratel是什么? Ratel是一个Kubernetes资源平台,基于管理Kubernetes的资源开发,可以管理Kubernetes的Deployment.DaemonSet.Stateful ...
随机推荐
- 剑指Offer之旋转数组的最小数字
题目描述 把一个数组最开始的若干个元素搬到数组的末尾,我们称之为数组的旋转.输入一个非递减排序的数组的一个旋转,输出旋转数组的最小元素.例如数组{3,4,5,1,2}为{1,2,3,4,5}的一个旋转 ...
- Tortoise svn 基础知识
1 不跟踪文件.文件夹 1.1 文件.文件夹已经被svn跟踪 将本地文件.文件夹删除(windows删除文件的删除,快捷键是shift+delete),然后执行svn update 将服务器同步到 ...
- 4.String字符串类型操作
String类型操作 1.set key value 设置key对应的值为string类型的value 2.mset key1 value1 … keyN valueN 一次设置多个key的值 3. ...
- [JavaWeb基础] 015.Struts2 表单验证框架
在web开发的过程中,我们经常要用到一些填写表单的操作,我们一般都要在提交表单信息的时候对表单的内容进行验证,struts2给我们提供了简单的实现接口,让我们可以很容易的对表单进行验证.下面讲解下最传 ...
- 读-写锁 ReadWriteLock & 线程八锁
读-写锁 ReadWriteLock: ①ReadWriteLock 维护了一对相关的锁,一个用于只读操作, 另一个用于写入操作. 只要没有 writer,读取锁可以由 多个 reader 线程同时保 ...
- 求最长非降(递增)子序列LIS的长度,及注意事项
非降序列(Increasing Sequence)例如: (1) 完全递增型序列:S={1,3,6,7,9} (2) 部分存在等于的序列:S={1,3,3,6,9} S的非降子序列:由原序列S的元素组 ...
- 关于同一密码使用generate_password_hash生成不同的密码散列值
在python的 werkzeug.security 库中有两个函数generate_password_hash与check_password_hash用于对密码明文生成散列值以及检查密码是否与提供的 ...
- 跨域解决方案 - webpack devServer
1. 定义 如果一个项目中配置了webpack, 那么我们使用 webpack devServer 来配置代理转发请求来达到解决跨域问题的目的 webpack devServer 能够解决跨域问题的根 ...
- (Java实现) 洛谷 P1605 迷宫
题目背景 迷宫 [问题描述] 给定一个N*M方格的迷宫,迷宫里有T处障碍,障碍处不可通过.给定起点坐标和 终点坐标,问: 每个方格最多经过1次,有多少种从起点坐标到终点坐标的方案.在迷宫 中移动有上下 ...
- Java实现 洛谷 P2118 比例简化
import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.i ...