kubernetes——网站页面
一、创建dashboard的目录
#在master1上操作
[root@master1 k8s]# mkdir dashboard/
#在dashboard拷贝官方文件
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
[root@master1 dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
#各yaml文件作用
dashboard-configmap.yaml(负责业务配置文件的管理)
dashboard-rbac.yaml(安全框架,能够在k8s使用哪些资源、分配权限)
dashboard-service.yaml(暴露网站,能够在外网登录网站,调用kube-proxy)
dashboard-controller.yaml(网站的配置、配置证书、控制资源配额、挂载在pod的卷、探侦)
dashboard-secret.yaml (用户登录凭证)
k8s-admin.yaml(管理员用户)
二、执行yaml文件
[root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml
[root@master1 dashboard]# kubectl create -f dashboard-secret.yaml
[root@master1 dashboard]# kubectl create -f dashboard-configmap.yaml
[root@master1 dashboard]# kubectl create -f dashboard-controller.yaml
[root@master1 dashboard]# kubectl create -f dashboard-service.yaml
三、查看创建的空间和访问
[root@master1 dashboard]# kubectl get service -n kube-system
[root@master1 dashboard]# kubectl get pods,svc -n kube-system
四、网页访问
#访问node的节点IP
#30001是k8s的端口
https://192.168.195.150:30001/
#如果用谷歌无法访问
#解决方法
[root@master1 dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
“CN”: “Dashboard”,
“hosts”: [],
“key”: {
“algo”: “rsa”,
“size”: 2048
},
“names”: [
{
“C”: “CN”,
“L”: “BeiJing”,
“ST”: “BeiJing”
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
#执行脚本,创建证书
[root@master1 dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
#修改配置
[root@master1 dashboard]# vim dashboard-controller.yaml
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
#重新部署
[root@master1 dashboard]# kubectl delete -f dashboard-controller.yaml #先删除
[root@master1 dashboard]# kubectl apply -f dashboard-controller.yaml #然后就可以登录了
五、创建令牌
#登录k8s是需要令牌的
[root@master1 dashboard]# kubectl create -f k8s-admin.yaml
#查看
[root@master1 dashboard]# kubectl get secret -n kube-system
dashboard-admin-token-5rrf2 kubernetes.io/service-account-token 3 16h
default-token-6vmfz kubernetes.io/service-account-token 3 43h
kubernetes-dashboard-certs Opaque 11 15h
kubernetes-dashboard-key-holder Opaque 2 16h
kubernetes-dashboard-token-mlcg8 kubernetes.io/service-account-token 3 16h#创建令牌
#需要用到dashboard-admin-token-5rrf2
[root@master1 dashboard]# kubectl describe secret dashboard-admin-token-5rrf2 -n kube-system