kubernetes搭建dashboard-v1.10.1
一键部署脚本(或者可使用helm安装):
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
若连接不到镜像仓库,可提前下载好镜像,再执行脚本。
生成私钥和证书签名请求
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
...
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
#编写RSA密钥
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr
生成SSL证书
自签名SSL证书是从dashboard.key私钥和dashboard.csr文件生成的。
openssl x509 -req -sha256 -days 365-in dashboard.csr -signkey dashboard.key -out dashboard.crt
挂载证书到Dashboard
--- 删除已经部署的dashboard ---
kubectl delete -f kubernetes-dashboard.yml
secret "kubernetes-dashboard-certs" deleted
serviceaccount "kubernetes-dashboard" deleted
role "kubernetes-dashboard-minimal" deleted
rolebinding "kubernetes-dashboard-minimal" deleted
deployment "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted
--- 创建 secret "kubernetes-dashboard-certs" ---
kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system
secret "kubernetes-dashboard-certs" created
--- 查看secret内容 ---
kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml
apiVersion: v1
data:
dashboard.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwVENDQXJtZ0F3SUJBZ0lKQUo3QzdhRjVjdG1mTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTh4Q3pBSkJnTlYKQkFZVEFrTk9NUXN3Q1FZRFZRUUlEQUpJUWpFTE1Ba0dBMVVFQnd3Q1YwZ3hDekFKQmdOVkJBb01Ba1JOTVF3dwpDZ1lEVlFRTERBTlpVRlF4Q3pBSkJnTlZCQU1NQWtOQk1CNFhEVEU0TURnd056QTVNVGN5TTFvWERUSTRNRGd3Ck5EQTVNVGN5TTFvd1hERUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtoQ01Rc3dDUVlEVlFRSERBSlgKU0RFTE1Ba0dBMVVFQ2d3Q1JFMHhEREFLQmdOVkJBc01BMWxRVkRFWU1CWUdBMVVFQXd3UE1Ua3lMakUyT0M0eApNVGt1TVRZd01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTJNUWpFVFVtS2RrCmZ5SjNPVXdyZGhrTnZTRk1CVGNhSTF3T3piTXI3SFJwSWFVQjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUYKYmpDVWVwM3pQaVlWYkkyeUlROXJ2OXRjakRjc1dFT2NONzNFN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUgpSejI3R01rdjltckJHUUU1c2NnTVQyMUJ2bjRkdDBJNjJIQWNVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Cks3emJrNW1wK1pmZllXa3FKZkE1V3hRWWlUZ0xIZ05wLy9uRzhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUkKTEl1VExNbzdxcGw4YW5wb3dzbzhpU3JZYUk5bFRGUkN3ZXJjRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeQp3OS9qeDNwYjh3SURBUUFCbzRHaU1JR2ZNQXNHQTFVZER3UUVBd0lIZ0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGCkJRY0RBZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkZOeGpWbUNqcG5ZK2Y3K3ZIZlJUSzU2L2FEak1COEcKQTFVZEl3UVlNQmFBRkpsVUVkcmZBcDEvdGcxRFE4TVVEbmtESnljTU1ERUdBMVVkRVFRcU1DaUhCTUNvZDZDSApCSDhBQUFHQ0R6RTVNaTR4TmpndU1URTVMakUyTUlJSmJHOWpZV3hvYjNOME1BMEdDU3FHU0liM0RRRUJDd1VBCkE0SUJBUUJ4T2U2UkhISG5ZL2IweFVKWjZDUDMramZxcjNXaFZYdlhoNkZEQzEvM2RlYmVkK1UvN0JudWpMdjkKOXlzODRreWo5Z1VCMzNxMHNCbzYwMExXZ1ZUZnZTSHlqbE5TMXhWRGhOWjlUTm5IaENqcEs1Q1RsSXgyV0RnawpMaGVXZjMyU1dLUkFXVnhpeEdtMHVDMks0MWk1SWFXOW1za0pNaFpEcnh1Y2ZTNDNnRWJ3M1dlZkpla3ZGZHhxCk9wKysvREoyMURVaTVqdG1oSjBrWEZuRXVXUjd4UTJIWmM5aFNPbmVWRDJNSVFQcE1RaUhVd2ttTm5saGxNNC8KY3pXeldXY1NKODR4MCtRSy80b3A1UGNCL21LcGZCaC9YbkZlYmlRa2ExaVBzUm11QkJKUUJSRzZPTjI4OThVYwpyaWRISG5ZT29TWGlUN2Q4MXJRMUFTbWxaNGJLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
dashboard.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdTJNUWpFVFVtS2RrZnlKM09Vd3JkaGtOdlNGTUJUY2FJMXdPemJNcjdIUnBJYVVCCjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUZiakNVZXAzelBpWVZiSTJ5SVE5cnY5dGNqRGNzV0VPY043M0UKN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUlJ6MjdHTWt2OW1yQkdRRTVzY2dNVDIxQnZuNGR0MEk2MkhBYwpVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Szd6Yms1bXArWmZmWVdrcUpmQTVXeFFZaVRnTEhnTnAvL25HCjhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUlMSXVUTE1vN3FwbDhhbnBvd3NvOGlTcllhSTlsVEZSQ3dlcmMKRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeXc5L2p4M3BiOHdJREFRQUJBb0lCQUVnZHVoS2hzc2dGTkJJUgpxNXlyaWRacmtmUUZ5b0gvVU5ubTVmT1lUd0V6VS9xVXpJQW1TRUR1U1VYUnNkMGREUGZxOU9CL2FRSmhET0Q1ClpVdERXb2ZDbEdBd3NDczFDaHpPU1hIVkVnWHVEME1NajZ3VlRhNlBxYUdKNnhhNlVhdWF1bTVjZ0tteWpLMUUKUHFzdFVuNGRXNjlKMzNCaU13cW1XN1Q2U0dsc00vNmlVTElWdGpXclJkOUZrRU40SVkyUHBsRmhZckRvNEQveQpVQlBUK0laQjJ5b0Z6VDRDQ0JZZkVDOC9WT3lzSVN2ajhWbW5lbStaZy96aVdkQzBmZzY5U3JQRzBUYStQZmdJCjJHUzNBcGQxdGJ3YUhzL01UV0UvR1dQRzZtVm92dkVwTUorek9wR2lMZDBVVVdRaEpZeUpIT3hZRkVKWHNrYTYKQ2RZL09wRUNnWUVBOXFnNDFWNTBWNGxUNWViMExxbWUzeGJFTVA3MHp3SkhJOFpKQ0pwSi9HR2lNYlB2dm5FYwpKMlVIMkdFOEgrQ1JCakZyRzRIcCttSlNzdFlDTUpGclU1bmpTZ3BRdXJCY3pTdXFqSkFUcWV1UUhVZkpkUXdwCjFydXR2YnBSZGtmTVJPK0NDbGkxSDdPNW1YWGo0NkoxNjF4aHhFWUtLYWdHU3BCUkJQUFNPdmNDZ1lFQXdud2QKRG9VZkpBTlBJcnV4ZUJ0VzFTTnQ0T1hzdHd6STJpWUNrbGFNSmI3VWJ1NndBNkdzUGJuT2puMWVvb0dLc0xPNgo0K05VckxVSGZBNzdwaW1LK2kwa2xPZDJVdFhweUdObjJqTm5kK0V0ZmpkZ3pLTWdvN09BQ28zQ1hnM1JJTDBJClVRYjRiUVV1bWRDM2NPYXUvbzNBNk1zKzJRT1ZXTDV5R1pkMUMrVUNnWUFJbW9tUTk4QjdKVEVsL2M1YXFsUCsKV0I3enpwRGZmNmJYbXAwRmpjd3kzM3oyMnQzcitLb1F2YmR1VnNYd0hyY3dUaHo4VXFYRXRCVktZNmlqNVE2bgpWZURWdmxKZWtMUkwrOC94SXoxc1dla20vRkFNb3lYNmRZVno3c0hVckdCMXJ4ME1HMWdHQ1JEYVI0Qnhla00rCnVIUTRrbkRjVHg0WkQ3dWp2cFdBdFFLQmdCc3hGVEx4ZytBYUlsZGQzTHRKUDBPL2wxNUpaMlpVZ0VTWDZlWWgKK2FoUlhReEJqUlNFNXpzZUhuWW5xektYWUJmQ21VL0JlaFpIblV0SUlRRWpiODM0djlPZDVScEIxRlR6S1JNRgordUowOWxKZVZjZG15MnAzNzJBS1gvR2NodS9IM2tETjg2L3llSWlDK1JMcy9leVRUelI5TGtWVFRlOUJlVnlBCm81bk5Bb0dBTCsxYk4rTDVmRG5YS2RzdlYrSkdUM3pBT3BPdCsySndGc0huWTdacVFmV3NFcVFITE53c0VzNk4Kb3kxU3g1T0I1K0owaWlhampPS0dlQzl3Z1Y3dFNxNkJieUoxQnZSc1Ewb20yZGg2RGVIQ0pDN0VZQnhWb2oxQwpVMSszTXVBZHJvOE45R1BtRHZYdlhvTkhRVnBQTTlEQTJ4UDZZTkZuVEZKN1NVRTRRcDA9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
kind: Secret
metadata:
......
--- 重新部署dashboard ---
kubectl apply -f kubernetes-dashboard.yml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
secret "kubernetes-dashboard-certs" configured
serviceaccount "kubernetes-dashboard" created
role "kubernetes-dashboard-minimal" created
rolebinding "kubernetes-dashboard-minimal" created
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
创建登陆账号
vi admin-user-role-binding.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl create -f admin-user-role-binding.yaml
获取登陆token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
输出类似:
Name: admin-user-token-qrj82
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=admin-user
kubernetes.io/service-account.uid=6cd60673-4d13-11e8-a548-00155d000529 Type: kubernetes.io/service-account-token Data
====
token: ......
访问dashboard
第一种:kubectl proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
第二种:kube -n kube-system port-forward pod名 8443:3000 &
http://loaclhost:3000
第二种:设置service nodeport
http://node_ip:nodeport
参考:
kubernetes dashboard部署流程:https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html
密钥挂载到dashboard:https://blog.csdn.net/chenleiking/article/details/81488028
证书创建参考:https://github.com/kubernetes/dashboard/wiki/Certificate-management
github地址:https://github.com/kubernetes/dashboard
kubernetes搭建dashboard-v1.10.1的更多相关文章
- kubernetes搭建dashboard报错
warningconfigmaps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard&qu ...
- 【Kubernetes】部署K8s-dashboard v1.10.1
一.官方kubernetes-dashboard.yaml简介 ①首先认识一下官方的kubernetes-dashboard.yaml,我们先下载: https://github.com/kubern ...
- k8s Kubernetes v1.10 最简易安装 shell
k8s Kubernetes v1.10 最简易安装 shell # Master 单节点快速安装 # 最简单的安装shell,只为快速部署k8s测试环境 #环境centos 7.4 #1 初始化环境 ...
- kubeadm安装Kubernetes V1.10集群详细文档
https://www.kubernetes.org.cn/3808.html?tdsourcetag=s_pcqq_aiomsg 1:服务器信息以及节点介绍 系统信息:centos1708 mini ...
- 使用kubeadm安装Kubernetes v1.10
关于K8S: Kubernetes是Google开源的容器集群管理系统.它构建于docker技术之上,为容器化的应用提供资源调度.部署运行.服务发现.扩 容缩容等整一套功能,本质上可看作是基于容器技术 ...
- Kubernetes v1.10.x HA 全手动安装教程(TL;DR)
转自 https://www.kubernetes.org.cn/3814.html 本篇延续过往手动安装方式来部署 Kubernetes v1.10.x 版本的 High Availability ...
- 从零到一,利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernetes v1.10.0
说明 初步接触kubernets,记录学习过程 本教程目的利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernets v1.10.0 环境信息 节点IP地址 角色 ...
- Kubernetes及Dashboard详细安装配置(Ubuntu14.04)
前些日子部门计划搞并行开发,需要对开发及测试环境进行隔离,所以打算用kubernetes对docker容器进行版本管理,搭建了下Kubernetes集群,过程如下: 本流程使用了阿里云加速器,配置流程 ...
- 使用kubeadm平滑地升级kubenetes集群(v1.10.2到v1.10.3)
写在前面 kubernetes是目前最炙手火热的容器管理.调度.编排平台,不仅拥有全面的生态系统,而且还开源.开放自治,谁贡献的多,谁的话语权就大,云提供商都有专门的工程师来从事kubernetes开 ...
随机推荐
- SpringMVC(二)高级应用
一.参数绑定-----集合类型 二.数据回显(例如提交表单失败了,数据没有丢失) 三.上传图片 四.json数据的交互 五.restful 支持 六.拦截器
- Python 2.x和3.x不同点
1.print和print() 2.yield 出现下面的错误Traceback (most recent call last): File “<pyshell#32>”, line 1, ...
- 《从0到1学习Flink》—— Flink 写入数据到 ElasticSearch
前言 前面 FLink 的文章中我们已经介绍了说 Flink 已经有很多自带的 Connector. 1.<从0到1学习Flink>-- Data Source 介绍 2.<从0到1 ...
- css中 repeat-x 的简单用法
问repeat-x 00 中: 0 0 是 什么意思,如果改为0 -50呢,不写话默认是什么(不写话和0 0 的效果不一样)- ------<html><head><s ...
- Unity C# Sting.Format的学习
String.Format (String, Object) 将指定的 String 中的格式项替换为指定的 Object 实例的值的文本等效项. String.Format (String, Obj ...
- Eclipse下git如何创建分支
1.项目–Team–Switch To –New Branch 2.Branch name 填写自己的版本号,然后Finish即可 3.将分支内容Push到远程服务器上
- LVS Direct Routing 直接路由
1. Direct Routing 直接路由 director分配请求到不同的real server, real server处理请求后直接回应给用户,这样director负载均衡器仅处理客户机与服务 ...
- css动画-模拟正余弦曲线
今天就写一个css3抛物线的动画吧= = 从左到右的抛物线动画,我们就暂且把动作分为匀速向右运动和变速的上下运动. 水平匀速运动我们可以利用 translateX(x):定义 2D 转换,沿着 X 轴 ...
- Mysql数据库操作语句总结(三)
最近一段时间重新学习一下mysql命令行的用法, 这里简单记录一下 参考文章: https://www.cnblogs.com/bluealine/p/7832219.html 个人使用的是mysql ...
- SqlServer查询文件组被占用情况
在SqlServer中,删除一个文件组 alter database [xxxxx] remove filegroup FGMonthTurnIntroduceByMonth13 有时候会遇到如下报错 ...