dashboard

可以从微软中国提供的 gcr.io :http://mirror.azure.cn/help/gcr-proxy-cache.html免费代理下载被墙的镜像

docker pull gcr.azk8s.cn/google_containers/<imagename>:<version>

1. 下载文件

下载三个文件:https://github.com/gjmzj/kubeasz/tree/master/manifests/dashboard

[root@hs-k8s-master01 dashboard]# pwd

/data/k8s/dashboard

[root@hs-k8s-master01 dashboard]# ll

总用量 32

-rw-r--r-- 1 root root  843 2月   5 15:31 admin-user-sa-rbac.yaml

-rw-r--r-- 1 root root 8026 2月   5 15:38 kubernetes-dashboard.yaml

-rw-r--r-- 1 root root 3084 2月   5 15:33 read-user-sa-rbac.yaml

2. 部署dashboard主yaml配置文件

#修改镜像下载地址

[root@hs-k8s-master01 dashboard]# cat kubernetes-dashboard.yaml |grep image

          image: registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0-rc3

          image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.3

[root@hs-k8s-master01 dashboard]# kubectl apply -f kubernetes-dashboard.yaml

secret/kubernetes-dashboard-certs created

serviceaccount/kubernetes-dashboard created

role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

deployment.apps/kubernetes-dashboard created

service/kubernetes-dashboard created

3. 创建可读可写admin Service Account

[root@hs-k8s-master01 dashboard]# kubectl apply -f admin-user-sa-rbac.yaml

serviceaccount/admin-user created

clusterrolebinding.rbac.authorization.k8s.io/admin-user created

4. 创建只读 read Service Account

[root@hs-k8s-master01 dashboard]# kubectl apply -f read-user-sa-rbac.yaml

serviceaccount/dashboard-read-user created

clusterrolebinding.rbac.authorization.k8s.io/dashboard-read-binding created

clusterrole.rbac.authorization.k8s.io/dashboard-read-clusterrole created

5. 查看

#查看pod运行状态

[root@hs-k8s-master01 dashboard]# kubectl get pod -n kube-system | grep dashboard

dashboard-metrics-scraper-6b66849c9-8lvqd   1/1     Running   0          23m

kubernetes-dashboard-6dc6c4f59-84526        1/1     Running   0          23m

#查看dashboard service

[root@hs-k8s-master01 dashboard]#  kubectl get svc -n kube-system|grep dashboard

dashboard-metrics-scraper   ClusterIP   10.107.131.160   <none>        8000/TCP                 23m

kubernetes-dashboard        NodePort    10.99.144.160    <none>        443:31110/TCP            23m

#查看集群服务

[root@hs-k8s-master01 dashboard]# kubectl cluster-info

Kubernetes master is running at https://20.0.0.250:8443

KubeDNS is running at https://20.0.0.250:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

kubernetes-dashboard is running at https://20.0.0.250:8443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

#查看pod运行日志

[root@hs-k8s-master01 dashboard]# kubectl logs kubernetes-dashboard-6dc6c4f59-84526 -n kube-system

6. 生成证书

供本地google浏览器使用

#生成client-certificate-data

[root@k8s-master01 dashboard]# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt

#生成client-key-data

[root@k8s-master01 dashboard]# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

#生成p12

[root@k8s-master01 dashboard]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

Enter Export Password:   1

Verifying - Enter Export Password:     1

[root@hs-k8s-master01 dashboard]# ll

总用量 28

-rw-r--r-- 1 root root  843 2月   5 15:31 admin-user-sa-rbac.yaml

-rw-r--r-- 1 root root 1082 2月   5 15:41 kubecfg.crt

-rw-r--r-- 1 root root 1679 2月   5 15:41 kubecfg.key

-rw-r--r-- 1 root root 2464 2月   5 15:43 kubecfg.p12

-rw-r--r-- 1 root root 8026 2月   5 15:38 kubernetes-dashboard.yaml

-rw-r--r-- 1 root root 3084 2月   5 15:33 read-user-sa-rbac.yaml

[root@k8s-master01 dashboard]# sz kubecfg.p12

谷歌浏览器导入证书:

备注把上一步骤的kubecfg.p12 文件导入证书后需要重启浏览器:

7. 导出令牌

[root@hs-k8s-master01 dashboard]#  kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name:         admin-user-token-4d2r4

Namespace:    kube-system

Labels:       <none>

Annotations:  kubernetes.io/service-account.name: admin-user

              kubernetes.io/service-account.uid: cf8638e0-1434-4f61-aded-262f213dd803

Type:  kubernetes.io/service-account-token

Data

====

ca.crt:     1025 bytes

namespace:  11 bytes

token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjZaOTZ5MmR5MEs3eUVnclJ4R0MtOTNmVDlTTGlteGdzQ1RJc1ZZT2xvT00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRkMnI0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjg2MzhlMC0xNDM0LTRmNjEtYWRlZC0yNjJmMjEzZGQ4MDMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.HXlI_vXP4b9VVP6_jptMFjp99u1NLlmgC26ITfA7cHRPIyjxW6vKv97GjAOxF3Ne691cTZLcOAh_b1dNXExLkmUqKoWY8Cg_ys5hvQ2rcC_CEpS7S4shKWEb_DeLUUgr4UjjIDQKCH_tczX3nNpfsqiooMsMYkac-MlwgCHVvxgkqKmfrkub6ifP02yuaWBLhvuYvJc6DX_NvHQzy9w8FFbB2d4gpthzt_sinSR4x84MzgKHdOsj9CHXqwHMdCMwu0A-FM-bg7yr1fHZLKORrSrHz9OZ1pJeU-82VYRSOEntW7o6X3b0zOi2nB6yIpDmVDzzk5g30sI32vivmrNEJg

#导出令牌

[root@k8s-master01 dashboard]# vim /root/.kube/config   加

token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjZaOTZ5MmR5MEs3eUVnclJ4R0MtOTNmVDlTTGlteGdzQ1RJc1ZZT2xvT00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRkMnI0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjg2MzhlMC0xNDM0LTRmNjEtYWRlZC0yNjJmMjEzZGQ4MDMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.HXlI_vXP4b9VVP6_jptMFjp99u1NLlmgC26ITfA7cHRPIyjxW6vKv97GjAOxF3Ne691cTZLcOAh_b1dNXExLkmUqKoWY8Cg_ys5hvQ2rcC_CEpS7S4shKWEb_DeLUUgr4UjjIDQKCH_tczX3nNpfsqiooMsMYkac-MlwgCHVvxgkqKmfrkub6ifP02yuaWBLhvuYvJc6DX_NvHQzy9w8FFbB2d4gpthzt_sinSR4x84MzgKHdOsj9CHXqwHMdCMwu0A-FM-bg7yr1fHZLKORrSrHz9OZ1pJeU-82VYRSOEntW7o6X3b0zOi2nB6yIpDmVDzzk5g30sI32vivmrNEJg

 [root@k8s-master01 dashboard]#  cp /root/.kube/config /data/k8s/tmp/k8s-dashboard.kubeconfig

[root@k8s-master01 dashboard]#  sz /data/k8s/tmp/k8s-dashboard.kubeconfig

kubernetes dashboard 2.0 部署的更多相关文章

  1. Kubernetes V1.16.2部署Dashboard V2.0(beta5)

    Kubernetes V1.16.2部署Dashboard V2.0(beta5) 在Master上部署Dashboard 集群安装部署请看安装Kubernetes V1.16.2 kubectl g ...

  2. kubernetes学习之二进制部署1.16

    服务器规划和系统初始化 一.服务器规划 10.255.20.205 Master01 kube-apiserver.kube-controller-manager.kube-scheduler.ETC ...

  3. centos7下kubernetes(5。部署kubernetes dashboard)

    基于WEB的dashboard,用户可以用kubernetes dashboard部署容器话的应用,监控应用的状态,执行故障排查任务以及管理kubernetes各种资源. 在kubernetes da ...

  4. [原]部署kubernetes dashboard(二)

    #######################    以下为声明  ##################### 此文档是之前做笔记在两台机上进行的实践,kubernetes处于不断开发阶段 不能保证每 ...

  5. 微服务探索之路02篇liunx ubuntu服务器部署k8s(kubernetes)-kubernetes/dashboard

    本章介绍所需环境:ubuntu18.04,建立在上一篇微服务探索之路01篇已经安装了docker的基础上. 1 替换k8s镜像源为国内镜像 进入目录 cd /etc/apt/sources.list. ...

  6. kubernetes 1.14安装部署dashboard

    简单介绍: Dashboard是一个基于web的Kubernetes用户界面.您可以使用Dashboard将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障诊断,并管理集群资源. ...

  7. 二进制方式部署Kubernetes 1.6.0集群(开启TLS)

    本节内容: Kubernetes简介 环境信息 创建TLS加密通信的证书和密钥 下载和配置 kubectl(kubecontrol) 命令行工具 创建 kubeconfig 文件 创建高可用 etcd ...

  8. Ubuntu下搭建Kubernetes集群(4)--部署K8S Dashboard

    K8S Dashboard是官方的一个基于WEB的用户界面,专门用来管理K8S集群,并可展示集群的状态.K8S集群安装好后默认没有包含Dashboard,我们需要额外创建它. 首先我们执行命令: wg ...

  9. Kubernetes 1.5.1 部署

    > kubernetes 1.5.0 , 配置文档 # 1 初始化环境 ## 1.1 环境: | 节 点  |      I P      ||--------|-------------||n ...

随机推荐

  1. UML online tools

    UML online tools UML https://www.diagrams.net/assets/svg/home-dia1.svg refs https://www.diagrams.net ...

  2. deep copy & deep merge

    deep copy & deep merge JSON.parse(JSON.stringify(obj)); lodash https://lodash.com/docs/ https:// ...

  3. 抓手 & 技术管理

    抓手 & 技术管理 https://zhuanlan.zhihu.com/p/28891618 技术管理的目的 管理就是通过别人拿到结果.而管理的两个着眼点就是:成事.育人. 把事情搞定,把人 ...

  4. macOS open url from terminal

    macOS open url from terminal open URL && start terminal bash open url in chrome open chrome ...

  5. 口罩 & 防毒面具 N95 & P100

    口罩 & 防毒面具 N95 & P100 N95 口罩 < 防毒面具 P100 https://www.techritual.com/2020/01/30/210599/

  6. 2020 新型肺炎病毒疫情 & 远程办公

    2020 新型肺炎病毒疫情 & 远程办公 2020 新型肺炎病毒疫情 https://zhuanlan.zhihu.com/p/104406687 钉钉 微信 code gitlab PRD ...

  7. regex read once bug

    regex read once bug read once bug StackOverflow Question https://stackoverflow.com/questions/5916796 ...

  8. c++ 动态解析PE导出表

    测试环境是x86 main #include <iostream> #include <Windows.h> #include <TlHelp32.h> #incl ...

  9. CAD颜色对照表

    cad颜色代码与RGB参数对应表 1 255 0 02 255 255 03 0 255 04 0 255 2555 0 0 2556 255 0 2557 0 0 08 128 128 1289 1 ...

  10. Vue学习笔记-Vue.js-2.X 学习(三)===>组件化高级

    (四) 组件化高级 1.插槽(slot)的基本使用 A:基本使用: <slot></slot> B:默认置:<slot><h1>中间可以放默认值< ...