이것은 네 번째는 Kubernetes 바이너리 배포입니다
다음 번 봐 걸릴 수 있습니다 친구들 앞에서의 첫 번째 기사를 읽지 않는 경우
의는 Kubernetes 바이너리 배포를의 (a) 단일 노드 배포
(II) 다중 노드 배포 바이너리 배포는 Kubernetes
바이너리 배포 (C) 부하는 Kubernetes을 균형 배치
master01에 작동
작업 디렉토리 dashborad 만들기 (1)
[root@localhost k8s]# mkdir dashboard
공식 문서의 2, 사본
[root@localhost k8s]# cd dashboard/
[root@localhost dashboard]# ls
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml
dashboard-controller.yaml dashboard-secret.yaml k8s-admin.yaml
##相关文件用途:
dashboard-configmap.yaml:配置应用
dashboard-rbac.yaml:授权访问api,web界面
dashboard-service.yaml:访问应用
dashboard-controller.yaml:控制器
dashboard-secret.yaml:安全、加密
k8s-admin.yaml:生成令牌
3 성분 작성
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
(4)도 종료 지정된 KUBE 시스템 공간에 생성 한 후
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-8b88b 1/1 Running 0 2m56s
5, 액세스하는 방법을 참조하십시오
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-8b88b 1/1 Running 0 4m4s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.26 <none> 443:30001/TCP 3m50s
6, 당신은 nodeIP 액세스에 액세스 할 수 있습니다
브라우저 액세스 https://192.168.35.101:30001/
7 문제를 액세스 할 수 없습니다 브라우저를 구글이 솔루션은 다음이다
(1) 자체 서명 된 인증서
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
(2) 인증서를 생성
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/02/08 19:55:08 [INFO] generate received request
2020/02/08 19:55:08 [INFO] received CSR
2020/02/08 19:55:08 [INFO] generating key: rsa-2048
2020/02/08 19:55:09 [INFO] encoded CSR
2020/02/08 19:55:09 [INFO] signed certificate with serial number 702272605681507929850954926507995861695177925647
2020/02/08 19:55:09 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
[root@localhost dashboard]# ls
dashboard-cert.sh dashboard-csr.json dashboard-secret.yaml
dashboard-configmap.yaml dashboard-key.pem dashboard-service.yaml
dashboard-controller.yaml dashboard.pem k8s-admin.yaml
dashboard.csr dashboard-rbac.yaml
(3) 계기판 controller.yaml 인증서 두 줄의 증가는 다음 적용
[root@localhost dashboard]# vim dashboard-controller.yaml
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
(4) 재배치
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
다시 (5) 액세스 : https://192.168.35.101:30001/
도 8을 참조하면, 토큰을 생성
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
9 저장
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-ls8r7 kubernetes.io/service-account-token 3 73s
default-token-685rn kubernetes.io/service-account-token 3 6h26m
kubernetes-dashboard-certs Opaque 11 16m
kubernetes-dashboard-key-holder Opaque 2 41m
kubernetes-dashboard-token-drpwb kubernetes.io/service-account-token 3 40m
(10)는 토큰을 참조
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-ls8r7 -n kube-system
Name: dashboard-admin-token-ls8r7
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: f283296f-4a6b-11ea-b063-000c29148af8
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbHM4cjciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjI4MzI5NmYtNGE2Yi0xMWVhLWIwNjMtMDAwYzI5MTQ4YWY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.dBbCRc4aRFrqAGxW55Zdu0JZz47Yh2DvtLUXZcK0-eV_3sdKz8fCS2K4x6Ey-USKRlIFc2VTH1AEIeWDzFvON5NrVLiyxEF5uQu9Ezo7f74lTwFnOYnASspF-8pi7_HzVQu9CtWcp1WEJAqQg_Ng2E7Ibo-gZmoy2DFgQ-60qcLfFm2ylxoM9yNrMEmSVcMDi8aC9JLsZxQlSRKb7gZn7Sns31Yot8NLxS8oXOmx8m7NysYWoOjZE3q645v96y4tqr3cuG9cCe1_tB5io3c1jiYxKfMLJetxcvNcyH4pbx6YwLu0PKI3o9tescu1uhRtxUN33dY5o4ple-ENPsan_w
11에 로그인 할 때 토큰을 복사
주요 인터페이스 :
컨테이너 속으로 : 컨테이너 그룹을 클릭 - "명령을 실행 클릭 -"컨테이너를 입력
노드에 IP 액세스 노드 :
[root@localhost cfg]# curl 172.17.45.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>