首頁>技術>

google瀏覽器使用k8s Dashboard UI

1、部署Dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

預設Dashboard只能叢集內部訪問,修改Service為NodePort型別,暴露到外部:

# vi recommended.yaml

kind: Service

apiVersion: v1

metadata:

labels:

k8s-app: kubernetes-dashboard

name: kubernetes-dashboard

namespace: kubernetes-dashboard

spec:

ports:

- port: 443

targetPort: 8443

nodePort: 30001

type: NodePort

selector:

k8s-app: kubernetes-dashboard

kubectl apply -f recommended.yaml

kubectl get pods,svc -n kubernetes-dashboard

kubectl get pods --all-namespaces -o wide

建立service account並繫結預設cluster-admin管理員叢集角色:

kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

下載火狐瀏覽器:http://www.firefox.com.cn/

訪問地址:https://NodeIP:30001

谷歌瀏覽器訪問的時候證書存在問題,需要重新自簽證書才能訪問:

# 使用cfssl生成證書,繼續在192.168.52.15 master節點操作

cd /root/TLS/k8s/

cat > dashboard-csr.json <<EOF

{

"CN":"system:kubernetes-dashboard",

"hosts":[

],

"key":{

"algo":"rsa",

"size":2048

},

"names":[

{

"C":"CN",

"L":"BeiJing",

"ST":"BeiJing",

"O":"k8s",

"OU":"System"

}

]

}

EOF

# 簽發證書

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare kubernetes-dashboard

# 生成證書如下

# ll kubernetes-dashboard*pem

kubernetes-dashboard-key.pem kubernetes-dashboard.pem

#複製證書到/opt/kubernetes/ssl

cp kubernetes-dashboard*pem /opt/kubernetes/ssl/

kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard

#自簽證書建立新的secret

kubectl create secret generic kubernetes-dashboard-certs --from-file=/opt/kubernetes/ssl/kubernetes-dashboard-key.pem --from-file=/opt/kubernetes/ssl/kubernetes-dashboard.pem -n kubernetes-dashboard

修改dasoboard.yml (recommanded.yml)

vi recommended.yaml

args:

- --auto-generate-certificates

- --tls-key-file=kubernetes-dashboard-key.pem

- --tls-cert-file=kubernetes-dashboard.pem

- --namespace=kubernetes-dashboard

# apply

kubectl apply -f recommended.yaml

# 檢視token,使用這個token,可以直接訪問https://NodeIP:30001 NodeIP也就是宿主機的IP

kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

17
最新評論
  • BSA-TRITC(10mg/ml) TRITC-BSA 牛血清白蛋白改性標記羅丹明
  • 微軟團隊添加了兩個新的應用程式來提高你的工作效率(雙語閱讀)