kubernetes搭建dashboard-v1.10.1
一键部署脚本(或者可使用helm安装):
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
若连接不到镜像仓库,可提前下载好镜像,再执行脚本。
生成私钥和证书签名请求
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
...
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
#编写RSA密钥
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr
生成SSL证书
自签名SSL证书是从dashboard.key私钥和dashboard.csr文件生成的。
openssl x509 -req -sha256 -days 365-in dashboard.csr -signkey dashboard.key -out dashboard.crt
挂载证书到Dashboard
--- 删除已经部署的dashboard ---
kubectl delete -f kubernetes-dashboard.yml
secret "kubernetes-dashboard-certs" deleted
serviceaccount "kubernetes-dashboard" deleted
role "kubernetes-dashboard-minimal" deleted
rolebinding "kubernetes-dashboard-minimal" deleted
deployment "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted
--- 创建 secret "kubernetes-dashboard-certs" ---
kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system
secret "kubernetes-dashboard-certs" created
--- 查看secret内容 ---
kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml
apiVersion: v1
data:
dashboard.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwVENDQXJtZ0F3SUJBZ0lKQUo3QzdhRjVjdG1mTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTh4Q3pBSkJnTlYKQkFZVEFrTk9NUXN3Q1FZRFZRUUlEQUpJUWpFTE1Ba0dBMVVFQnd3Q1YwZ3hDekFKQmdOVkJBb01Ba1JOTVF3dwpDZ1lEVlFRTERBTlpVRlF4Q3pBSkJnTlZCQU1NQWtOQk1CNFhEVEU0TURnd056QTVNVGN5TTFvWERUSTRNRGd3Ck5EQTVNVGN5TTFvd1hERUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtoQ01Rc3dDUVlEVlFRSERBSlgKU0RFTE1Ba0dBMVVFQ2d3Q1JFMHhEREFLQmdOVkJBc01BMWxRVkRFWU1CWUdBMVVFQXd3UE1Ua3lMakUyT0M0eApNVGt1TVRZd01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTJNUWpFVFVtS2RrCmZ5SjNPVXdyZGhrTnZTRk1CVGNhSTF3T3piTXI3SFJwSWFVQjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUYKYmpDVWVwM3pQaVlWYkkyeUlROXJ2OXRjakRjc1dFT2NONzNFN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUgpSejI3R01rdjltckJHUUU1c2NnTVQyMUJ2bjRkdDBJNjJIQWNVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Cks3emJrNW1wK1pmZllXa3FKZkE1V3hRWWlUZ0xIZ05wLy9uRzhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUkKTEl1VExNbzdxcGw4YW5wb3dzbzhpU3JZYUk5bFRGUkN3ZXJjRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeQp3OS9qeDNwYjh3SURBUUFCbzRHaU1JR2ZNQXNHQTFVZER3UUVBd0lIZ0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGCkJRY0RBZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkZOeGpWbUNqcG5ZK2Y3K3ZIZlJUSzU2L2FEak1COEcKQTFVZEl3UVlNQmFBRkpsVUVkcmZBcDEvdGcxRFE4TVVEbmtESnljTU1ERUdBMVVkRVFRcU1DaUhCTUNvZDZDSApCSDhBQUFHQ0R6RTVNaTR4TmpndU1URTVMakUyTUlJSmJHOWpZV3hvYjNOME1BMEdDU3FHU0liM0RRRUJDd1VBCkE0SUJBUUJ4T2U2UkhISG5ZL2IweFVKWjZDUDMramZxcjNXaFZYdlhoNkZEQzEvM2RlYmVkK1UvN0JudWpMdjkKOXlzODRreWo5Z1VCMzNxMHNCbzYwMExXZ1ZUZnZTSHlqbE5TMXhWRGhOWjlUTm5IaENqcEs1Q1RsSXgyV0RnawpMaGVXZjMyU1dLUkFXVnhpeEdtMHVDMks0MWk1SWFXOW1za0pNaFpEcnh1Y2ZTNDNnRWJ3M1dlZkpla3ZGZHhxCk9wKysvREoyMURVaTVqdG1oSjBrWEZuRXVXUjd4UTJIWmM5aFNPbmVWRDJNSVFQcE1RaUhVd2ttTm5saGxNNC8KY3pXeldXY1NKODR4MCtRSy80b3A1UGNCL21LcGZCaC9YbkZlYmlRa2ExaVBzUm11QkJKUUJSRzZPTjI4OThVYwpyaWRISG5ZT29TWGlUN2Q4MXJRMUFTbWxaNGJLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
dashboard.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdTJNUWpFVFVtS2RrZnlKM09Vd3JkaGtOdlNGTUJUY2FJMXdPemJNcjdIUnBJYVVCCjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUZiakNVZXAzelBpWVZiSTJ5SVE5cnY5dGNqRGNzV0VPY043M0UKN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUlJ6MjdHTWt2OW1yQkdRRTVzY2dNVDIxQnZuNGR0MEk2MkhBYwpVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Szd6Yms1bXArWmZmWVdrcUpmQTVXeFFZaVRnTEhnTnAvL25HCjhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUlMSXVUTE1vN3FwbDhhbnBvd3NvOGlTcllhSTlsVEZSQ3dlcmMKRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeXc5L2p4M3BiOHdJREFRQUJBb0lCQUVnZHVoS2hzc2dGTkJJUgpxNXlyaWRacmtmUUZ5b0gvVU5ubTVmT1lUd0V6VS9xVXpJQW1TRUR1U1VYUnNkMGREUGZxOU9CL2FRSmhET0Q1ClpVdERXb2ZDbEdBd3NDczFDaHpPU1hIVkVnWHVEME1NajZ3VlRhNlBxYUdKNnhhNlVhdWF1bTVjZ0tteWpLMUUKUHFzdFVuNGRXNjlKMzNCaU13cW1XN1Q2U0dsc00vNmlVTElWdGpXclJkOUZrRU40SVkyUHBsRmhZckRvNEQveQpVQlBUK0laQjJ5b0Z6VDRDQ0JZZkVDOC9WT3lzSVN2ajhWbW5lbStaZy96aVdkQzBmZzY5U3JQRzBUYStQZmdJCjJHUzNBcGQxdGJ3YUhzL01UV0UvR1dQRzZtVm92dkVwTUorek9wR2lMZDBVVVdRaEpZeUpIT3hZRkVKWHNrYTYKQ2RZL09wRUNnWUVBOXFnNDFWNTBWNGxUNWViMExxbWUzeGJFTVA3MHp3SkhJOFpKQ0pwSi9HR2lNYlB2dm5FYwpKMlVIMkdFOEgrQ1JCakZyRzRIcCttSlNzdFlDTUpGclU1bmpTZ3BRdXJCY3pTdXFqSkFUcWV1UUhVZkpkUXdwCjFydXR2YnBSZGtmTVJPK0NDbGkxSDdPNW1YWGo0NkoxNjF4aHhFWUtLYWdHU3BCUkJQUFNPdmNDZ1lFQXdud2QKRG9VZkpBTlBJcnV4ZUJ0VzFTTnQ0T1hzdHd6STJpWUNrbGFNSmI3VWJ1NndBNkdzUGJuT2puMWVvb0dLc0xPNgo0K05VckxVSGZBNzdwaW1LK2kwa2xPZDJVdFhweUdObjJqTm5kK0V0ZmpkZ3pLTWdvN09BQ28zQ1hnM1JJTDBJClVRYjRiUVV1bWRDM2NPYXUvbzNBNk1zKzJRT1ZXTDV5R1pkMUMrVUNnWUFJbW9tUTk4QjdKVEVsL2M1YXFsUCsKV0I3enpwRGZmNmJYbXAwRmpjd3kzM3oyMnQzcitLb1F2YmR1VnNYd0hyY3dUaHo4VXFYRXRCVktZNmlqNVE2bgpWZURWdmxKZWtMUkwrOC94SXoxc1dla20vRkFNb3lYNmRZVno3c0hVckdCMXJ4ME1HMWdHQ1JEYVI0Qnhla00rCnVIUTRrbkRjVHg0WkQ3dWp2cFdBdFFLQmdCc3hGVEx4ZytBYUlsZGQzTHRKUDBPL2wxNUpaMlpVZ0VTWDZlWWgKK2FoUlhReEJqUlNFNXpzZUhuWW5xektYWUJmQ21VL0JlaFpIblV0SUlRRWpiODM0djlPZDVScEIxRlR6S1JNRgordUowOWxKZVZjZG15MnAzNzJBS1gvR2NodS9IM2tETjg2L3llSWlDK1JMcy9leVRUelI5TGtWVFRlOUJlVnlBCm81bk5Bb0dBTCsxYk4rTDVmRG5YS2RzdlYrSkdUM3pBT3BPdCsySndGc0huWTdacVFmV3NFcVFITE53c0VzNk4Kb3kxU3g1T0I1K0owaWlhampPS0dlQzl3Z1Y3dFNxNkJieUoxQnZSc1Ewb20yZGg2RGVIQ0pDN0VZQnhWb2oxQwpVMSszTXVBZHJvOE45R1BtRHZYdlhvTkhRVnBQTTlEQTJ4UDZZTkZuVEZKN1NVRTRRcDA9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
kind: Secret
metadata:
......
--- 重新部署dashboard ---
kubectl apply -f kubernetes-dashboard.yml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
secret "kubernetes-dashboard-certs" configured
serviceaccount "kubernetes-dashboard" created
role "kubernetes-dashboard-minimal" created
rolebinding "kubernetes-dashboard-minimal" created
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
创建登陆账号
vi admin-user-role-binding.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl create -f admin-user-role-binding.yaml
获取登陆token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
输出类似:
Name: admin-user-token-qrj82
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=admin-user
kubernetes.io/service-account.uid=6cd60673-4d13-11e8-a548-00155d000529 Type: kubernetes.io/service-account-token Data
====
token: ......
访问dashboard
第一种:kubectl proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
第二种:kube -n kube-system port-forward pod名 8443:3000 &
http://loaclhost:3000
第二种:设置service nodeport
http://node_ip:nodeport
参考:
kubernetes dashboard部署流程:https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html
密钥挂载到dashboard:https://blog.csdn.net/chenleiking/article/details/81488028
证书创建参考:https://github.com/kubernetes/dashboard/wiki/Certificate-management
github地址:https://github.com/kubernetes/dashboard
kubernetes搭建dashboard-v1.10.1的更多相关文章
- kubernetes搭建dashboard报错
warningconfigmaps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard&qu ...
- 【Kubernetes】部署K8s-dashboard v1.10.1
一.官方kubernetes-dashboard.yaml简介 ①首先认识一下官方的kubernetes-dashboard.yaml,我们先下载: https://github.com/kubern ...
- k8s Kubernetes v1.10 最简易安装 shell
k8s Kubernetes v1.10 最简易安装 shell # Master 单节点快速安装 # 最简单的安装shell,只为快速部署k8s测试环境 #环境centos 7.4 #1 初始化环境 ...
- kubeadm安装Kubernetes V1.10集群详细文档
https://www.kubernetes.org.cn/3808.html?tdsourcetag=s_pcqq_aiomsg 1:服务器信息以及节点介绍 系统信息:centos1708 mini ...
- 使用kubeadm安装Kubernetes v1.10
关于K8S: Kubernetes是Google开源的容器集群管理系统.它构建于docker技术之上,为容器化的应用提供资源调度.部署运行.服务发现.扩 容缩容等整一套功能,本质上可看作是基于容器技术 ...
- Kubernetes v1.10.x HA 全手动安装教程(TL;DR)
转自 https://www.kubernetes.org.cn/3814.html 本篇延续过往手动安装方式来部署 Kubernetes v1.10.x 版本的 High Availability ...
- 从零到一,利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernetes v1.10.0
说明 初步接触kubernets,记录学习过程 本教程目的利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernets v1.10.0 环境信息 节点IP地址 角色 ...
- Kubernetes及Dashboard详细安装配置(Ubuntu14.04)
前些日子部门计划搞并行开发,需要对开发及测试环境进行隔离,所以打算用kubernetes对docker容器进行版本管理,搭建了下Kubernetes集群,过程如下: 本流程使用了阿里云加速器,配置流程 ...
- 使用kubeadm平滑地升级kubenetes集群(v1.10.2到v1.10.3)
写在前面 kubernetes是目前最炙手火热的容器管理.调度.编排平台,不仅拥有全面的生态系统,而且还开源.开放自治,谁贡献的多,谁的话语权就大,云提供商都有专门的工程师来从事kubernetes开 ...
随机推荐
- mysql CPU占用高
https://blog.csdn.net/u011239989/article/details/72863333 QPS高,sql简单的场景下, 需要 1. 提高数据库的服务器性能CPU 内存等 2 ...
- 009 Palindrome Number 判断一个正整数是否是回文数
详见:https://leetcode.com/problems/palindrome-number/description/ 实现语言:Java 方法一: class Solution { publ ...
- 模拟虚拟的文件系统initrd/initramfs
请看initramfs文件的以下解析: [root@ant-colonies boot]# ls config--.el6.x86_64 lost+found efi symvers--.el6.x8 ...
- 【JavaEE】怎么设置tomcat管理员的用户名和密码
如果我们输入错误的Tomcat管理员密码,那么就有提示如下: 2 从它的提示信息中,我们就能找到解决方法,请留意上图中标出的位置! 我们首先打开Tomcat的配置文件,具体如下: 我们进入To ...
- sql server 分析
查询指令,查询数据库的版本 SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPE ...
- C#中接口的深入浅出【转】
C#中接口的深入浅出 假设我们公司有两种程序员:VB程序员,指的是用VB写程序的程序员,用clsVBProgramer这个类表示:Delphi程序员指的是用Delphi写程序的程序员,用clsDelp ...
- 使用 ViS2005 进行单元测试
1. 新建一个空白解决方案,命名为"单元测试- 01"吧. 2.在该解决方案下创建一个类库,作为此次单元测试的测试对象:我们就创建一个数学类(用于实现运算的简单类).命名为&quo ...
- Oracle使用jdbc调用带游标参数的存储过程
package com.jckb.procedure; import java.sql.CallableStatement; import java.sql.Connection; import ja ...
- mysql查询索引
mysql在使用like查询中,能不能用到索引?在什么地方使用索引呢? 在使用like的时候,如果使用‘%%’,会不会用到索引呢? EXPLAIN SELECT * FROM `user` WHERE ...
- LeetCode Number of 1 Bits 计算1的个数
题意: 提供一个无符号32位整型uint32_t变量n,返回其二进制形式的1的个数. 思路: 考察二进制的特性,设有k个1,则复杂度为O(k).考虑将当前的数n和n-1做按位与,就会将n的最后一个1去 ...