바이너리 배포 (4 개) 웹 UI 인터페이스 배치는 Kubernetes

이것은 네 번째는 Kubernetes 바이너리 배포입니다
다음 번 봐 걸릴 수 있습니다 친구들 앞에서의 첫 번째 기사를 읽지 않는 경우
의는 Kubernetes 바이너리 배포를의 (a) 단일 노드 배포
(II) 다중 노드 배포 바이너리 배포는 Kubernetes
바이너리 배포 (C) 부하는 Kubernetes을 균형 배치

master01에 작동

작업 디렉토리 dashborad 만들기 (1)

[root@localhost k8s]# mkdir dashboard

공식 문서의 2, 사본

[root@localhost k8s]# cd dashboard/
[root@localhost dashboard]# ls            
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml  k8s-admin.yaml
##相关文件用途：
dashboard-configmap.yaml：配置应用
dashboard-rbac.yaml：授权访问api，web界面
dashboard-service.yaml：访问应用
dashboard-controller.yaml：控制器
dashboard-secret.yaml：安全、加密
k8s-admin.yaml：生成令牌

3 성분 작성

[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created

(4)도 종료 지정된 KUBE 시스템 공간에 생성 한 후

[root@localhost dashboard]# kubectl get pods -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-65f974f565-8b88b   1/1     Running   0          2m56s

5, 액세스하는 방법을 참조하십시오

[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-8b88b   1/1     Running   0          4m4s

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.26    <none>        443:30001/TCP   3m50s

6, 당신은 nodeIP 액세스에 액세스 할 수 있습니다

브라우저 액세스 https://192.168.35.101:30001/

7 문제를 액세스 할 수 없습니다 브라우저를 구글이 솔루션은 다음이다

(1) 자체 서명 된 인증서

[root@localhost dashboard]# vim dashboard-cert.sh

cat > dashboard-csr.json <<EOF

{

   "CN": "Dashboard",

   "hosts": [],

   "key": {

       "algo": "rsa",

       "size": 2048

   },

   "names": [

       {

           "C": "CN",

           "L": "BeiJing",

           "ST": "BeiJing"

       }

   ]

}

EOF

 

K8S_CA=$1

cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard

kubectl delete secret kubernetes-dashboard-certs -n kube-system

kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

(2) 인증서를 생성

[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/02/08 19:55:08 [INFO] generate received request
2020/02/08 19:55:08 [INFO] received CSR
2020/02/08 19:55:08 [INFO] generating key: rsa-2048
2020/02/08 19:55:09 [INFO] encoded CSR
2020/02/08 19:55:09 [INFO] signed certificate with serial number 702272605681507929850954926507995861695177925647
2020/02/08 19:55:09 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created

[root@localhost dashboard]# ls
dashboard-cert.sh          dashboard-csr.json   dashboard-secret.yaml
dashboard-configmap.yaml   dashboard-key.pem    dashboard-service.yaml
dashboard-controller.yaml  dashboard.pem        k8s-admin.yaml
dashboard.csr              dashboard-rbac.yaml

(3) 계기판 controller.yaml 인증서 두 줄의 증가는 다음 적용

[root@localhost dashboard]# vim dashboard-controller.yaml

        args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem
          - --tls-cert-file=dashboard.pem

(4) 재배치

[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured

다시 (5) 액세스 : https://192.168.35.101:30001/

도 8을 참조하면, 토큰을 생성

[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

9 저장

[root@localhost dashboard]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-ls8r7        kubernetes.io/service-account-token   3      73s
default-token-685rn                kubernetes.io/service-account-token   3      6h26m
kubernetes-dashboard-certs         Opaque                                11     16m
kubernetes-dashboard-key-holder    Opaque                                2      41m
kubernetes-dashboard-token-drpwb   kubernetes.io/service-account-token   3      40m

(10)는 토큰을 참조

[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-ls8r7 -n kube-system
Name:         dashboard-admin-token-ls8r7
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: f283296f-4a6b-11ea-b063-000c29148af8

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1359 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHM4cjciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjI4MzI5NmYtNGE2Yi0xMWVhLWIwNjMtMDAwYzI5MTQ4YWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.dBbCRc4aRFrqAGxW55Zdu0JZz47Yh2DvtLUXZcK0-eV_3sdKz8fCS2K4x6Ey-USKRlIFc2VTH1AEIeWDzFvON5NrVLiyxEF5uQu9Ezo7f74lTwFnOYnASspF-8pi7_HzVQu9CtWcp1WEJAqQg_Ng2E7Ibo-gZmoy2DFgQ-60qcLfFm2ylxoM9yNrMEmSVcMDi8aC9JLsZxQlSRKb7gZn7Sns31Yot8NLxS8oXOmx8m7NysYWoOjZE3q645v96y4tqr3cuG9cCe1_tB5io3c1jiYxKfMLJetxcvNcyH4pbx6YwLu0PKI3o9tescu1uhRtxUN33dY5o4ple-ENPsan_w

11에 로그인 할 때 토큰을 복사

주요 인터페이스 :

컨테이너 속으로 : 컨테이너 그룹을 클릭 - "명령을 실행 클릭 -"컨테이너를 입력

노드에 IP 액세스 노드 :

[root@localhost cfg]# curl 172.17.45.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

웹 인터페이스는 로그를 볼 수 있습니다 :