重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
这是kubernetes二进制部署的第四篇
如果没有看过前面第一篇的朋友可以看看下面的:
Kubernetes二进制部署(一)单节点部署
kubernetes二进制部署(二)多节点部署
kubernetes二进制部署(三)负载均衡部署成都创新互联公司网站建设公司,提供成都网站制作、成都做网站,网页设计,建网站,PHP网站建设等专业做网站服务;可快速的进行网站开发网页制作和功能扩展;专业做搜索引擎喜爱的网站,是专业的做网站团队,希望更多企业前来合作!
[root@localhost k8s]# mkdir dashboard
[root@localhost k8s]# cd dashboard/
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
##相关文件用途:
dashboard-configmap.yaml:配置应用
dashboard-rbac.yaml:授权访问api,web界面
dashboard-service.yaml:访问应用
dashboard-controller.yaml:控制器
dashboard-secret.yaml:安全、加密
k8s-admin.yaml:生成令牌
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-8b88b 1/1 Running 0 2m56s
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-8b88b 1/1 Running 0 4m4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.26 443:30001/TCP 3m50s
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/02/08 19:55:08 [INFO] generate received request
2020/02/08 19:55:08 [INFO] received CSR
2020/02/08 19:55:08 [INFO] generating key: rsa-2048
2020/02/08 19:55:09 [INFO] encoded CSR
2020/02/08 19:55:09 [INFO] signed certificate with serial number 702272605681507929850954926507995861695177925647
2020/02/08 19:55:09 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
[root@localhost dashboard]# ls
dashboard-cert.sh dashboard-csr.json dashboard-secret.yaml
dashboard-configmap.yaml dashboard-key.pem dashboard-service.yaml
dashboard-controller.yaml dashboard.pem k8s-admin.yaml
dashboard.csr dashboard-rbac.yaml
[root@localhost dashboard]# vim dashboard-controller.yaml
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-ls8r7 kubernetes.io/service-account-token 3 73s
default-token-685rn kubernetes.io/service-account-token 3 6h36m
kubernetes-dashboard-certs Opaque 11 16m
kubernetes-dashboard-key-holder Opaque 2 41m
kubernetes-dashboard-token-drpwb kubernetes.io/service-account-token 3 40m
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-ls8r7 -n kube-system
Name: dashboard-admin-token-ls8r7
Namespace: kube-system
Labels:
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: f283296f-4a6b-11ea-b063-000c29148af8
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHM4cjciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjI4MzI5NmYtNGE2Yi0xMWVhLWIwNjMtMDAwYzI5MTQ4YWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.dBbCRc4aRFrqAGxW55Zdu0JZz47Yh3DvtLUXZcK0-eV_3sdKz8fCS2K4x6Ey-USKRlIFc2VTH1AEIeWDzFvON5NrVLiyxEF5uQu9Ezo7f74lTwFnOYnASspF-8pi7_HzVQu9CtWcp1WEJAqQg_Ng2E7Ibo-gZmoy2DFgQ-60qcLfFm2ylxoM9yNrMEmSVcMDi8aC9JLsZxQlSRKb7gZn7Sns31Yot8NLxS8oXOmx8m7NysYWoOjZE3q645v96y4tqr3cuG9cCe1_tB5io3c1jiYxKfMLJetxcvNcyH4pbx6YwLu0PKI3o9tescu1uhRtxUN33dY5o4ple-ENPsan_w
[root@localhost cfg]# curl 172.17.45.2
Welcome to nginx!
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.