Kubernetes1.13.1部署Kuberneted-dashboard v1.10.1
生活随笔
收集整理的這篇文章主要介紹了
Kubernetes1.13.1部署Kuberneted-dashboard v1.10.1
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
參考文檔
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/#deploying-the-dashboard-ui https://github.com/kubernetes/kubernetes/tree/7f23a743e8c23ac6489340bbb34fa6f1d392db9d/cluster/addons/dashboard https://github.com/kubernetes/dashboard https://blog.csdn.net/nklinsirui/article/details/80581286 https://github.com/kubernetes/dashboard/issues/3472文檔目錄
- kubernetes1.13.1+etcd3.3.10+flanneld0.10集群部署
- kubernetes1.13.1部署kuberneted-dashboard v1.10.1
- kubernetes1.13.1部署coredns
- kubernetes1.13.1部署ingress-nginx并配置https轉(zhuǎn)發(fā)dashboard
- kubernetes1.13.1部署metrics-server0.3.1
- kubernetes1.13.1集群使用ceph rbd存儲(chǔ)塊
- kubernetes1.13.1集群結(jié)合ceph rbd部署最新版本jenkins
- kubernetes1.13.1集群安裝包管理工具h(yuǎn)elm
- kubernetes1.13.1集群集成harbor-helm
一、填坑
按照官網(wǎng)文檔一條命令即可,但是國(guó)內(nèi)顯然不是這樣,首先要填許多坑才行
坑一:Docker鏡像
1、注冊(cè)阿里云賬戶構(gòu)建自己的鏡像
可以關(guān)聯(lián)github構(gòu)建,這樣就可以把國(guó)外鏡像生成為阿里云鏡像
https://github.com/minminmsn/k8s1.13/tree/master/kubernetes-dashboard-amd64/Dockerfile
2、下載docker鏡像
docker pull registry.cn-beijing.aliyuncs.com/minminmsn/kubernetes-dashboard:v1.10.1
坑二:SSL證書
證書不對(duì)或者用auto創(chuàng)建的證書會(huì)報(bào)錯(cuò),報(bào)錯(cuò)見(jiàn)https://github.com/kubernetes/dashboard/issues/3472
1、如果購(gòu)買有的證書的話,把證書文件放在certs/目錄下創(chuàng)建secret即可
[root@elasticsearch01 /]# ls certs/ minminmsn.crt minminmsn.csr minminmsn.key[root@elasticsearch01 /]# kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system secret/kubernetes-dashboard-certs created2、如果沒(méi)有購(gòu)買的話需要自定義生成證書,步驟如下
[root@elasticsearch01 /]# mkdir /certs [root@elasticsearch01 /]# openssl req -nodes -newkey rsa:2048 -keyout certs/dashboard.key -out certs/dashboard.csr -subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboard" Generating a 2048 bit RSA private key ................+++ ..............................................+++ writing new private key to 'certs/dashboard.key' ----- No value provided for Subject Attribute C, skipped No value provided for Subject Attribute ST, skipped No value provided for Subject Attribute L, skipped No value provided for Subject Attribute O, skipped No value provided for Subject Attribute OU, skipped [root@elasticsearch01 /]# ls /certs dashboard.csr dashboard.key[root@elasticsearch01 /]# openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt Signature ok subject=/CN=kubernetes-dashboard Getting Private key [root@elasticsearch01 /]# ls certs/ dashboard.crt dashboard.csr dashboard.key[root@elasticsearch01 /]# kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system secret/kubernetes-dashboard-certs created坑三:修改service配置,將type: ClusterIP改成NodePort,便于通過(guò)Node端口訪問(wèn)
[root@elasticsearch01 /]# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml [root@elasticsearch01 /]# vim /k8s/yaml/kubernetes-dashboard.yaml kind: Service apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kube-system spec:type: NodePortports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard二、部署Kubernetes-dashboard
修改鏡像地址為registry.cn-beijing.aliyuncs.com/minminmsn/kubernetes-dashboard:v1.10.1即可部署
[root@elasticsearch01 /]# vim /k8s/yaml/kubernetes-dashboard.yaml spec:containers:- name: kubernetes-dashboardimage: registry.cn-beijing.aliyuncs.com/minminmsn/kubernetes-dashboard:v1.10.1[root@elasticsearch01 /]# kubectl create -f /k8s/yaml/kubernetes-dashboard.yaml serviceaccount/kubernetes-dashboard created role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created deployment.apps/kubernetes-dashboard created service/kubernetes-dashboard created Error from server (AlreadyExists): error when creating "/k8s/yaml/kubernetes-dashboard.yaml": secrets "kubernetes-dashboard-certs" already exists[root@elasticsearch01 /]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE kubernetes-dashboard-cb55bd5bd-4jsh7 1/1 Running 0 21s [root@elasticsearch01 /]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes-dashboard NodePort 10.254.140.115 <none> 443:41579/TCP 31s [root@elasticsearch01 /]# kubectl get pods -n kube-system -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kubernetes-dashboard-cb55bd5bd-4jsh7 1/1 Running 0 40s 10.254.73.2 10.2.8.34 <none> <none>三、訪問(wèn)dashboard
1、注意有證書需要域名訪問(wèn),如果有DNS可以配置域名解析,沒(méi)有Host綁定即可
2、選擇token訪問(wèn),token獲取方法如下
[root@elasticsearch01 ~]# cat /k8s/yaml/admin-token.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata:name: adminannotations:rbac.authorization.kubernetes.io/autoupdate: "true" roleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccountname: adminnamespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata:name: adminnamespace: kube-systemlabels:kubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcile [root@elasticsearch01 yaml]# kubectl create -f admin-token.yaml clusterrolebinding.rbac.authorization.k8s.io/admin created serviceaccount/admin created[root@elasticsearch01 yaml]# kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system Name: admin-token-5j2vf Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: adminkubernetes.io/service-account.uid: 6b0b0c00-0b45-11e9-85fe-52540089b2b6Type: kubernetes.io/service-account-tokenData ==== ca.crt: 1359 bytes namespace: 11 bytes token: 獲取的tocken值3、效果如下
https://k8s.minminmsn.com
輸入token訪問(wèn)
上面獲取的tocken值
補(bǔ)充
Apiserver hosts綁定ip錯(cuò)誤10.0.0.1應(yīng)該是10.254.0.1,默認(rèn)pods網(wǎng)端是10.254.0.0/16,其中10.254.0.1會(huì)用來(lái)kubenetes的clusterip
[root@elasticsearch01 ~]# kubectl get svc --all-namespaces=true
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 6d1h
解決方法
×××文件重啟apiserver服務(wù)即可(配置前多檢查,否則后面會(huì)增加很多排錯(cuò)過(guò)程)
修改Hosts里10.0.0.1為10.254.0.1
[root@elasticsearch01 ssl]# cat server-csr.json {"CN": "kubernetes","hosts": ["10.254.0.1","127.0.0.1","10.2.8.44","10.2.8.65","10.2.8.34","kubernetes","kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster","kubernetes.default.svc.cluster.local"],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "Beijing","ST": "Beijing","O": "k8s","OU": "System"}] }同步證書并重啟服務(wù)
[root@elasticsearch01 ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server 2018/12/29 15:57:02 [INFO] generate received request 2018/12/29 15:57:02 [INFO] received CSR 2018/12/29 15:57:02 [INFO] generating key: rsa-2048 2018/12/29 15:57:03 [INFO] encoded CSR 2018/12/29 15:57:03 [INFO] signed certificate with serial number 57756035754570455349189088480535470836534926573 2018/12/29 15:57:03 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements").[root@elasticsearch01 ssl]# scp server-csr.json server.csr server-key.pem server.pem 10.2.8.65:$PWD [root@elasticsearch01 ssl]# scp server-csr.json server.csr server-key.pem server.pem 10.2.8.34:$PWD [root@elasticsearch01 ssl]# systemctl restart kube-apiserver [root@elasticsearch01 ssl]# systemctl restart kube-scheduler [root@elasticsearch01 ssl]# systemctl restart kube-controller-manager轉(zhuǎn)載于:https://blog.51cto.com/jerrymin/2337940
總結(jié)
以上是生活随笔為你收集整理的Kubernetes1.13.1部署Kuberneted-dashboard v1.10.1的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: leetcode讲解--566. Res
- 下一篇: Go语言中使用MySql数据库