内容简介:4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 复制代码
2.准备镜像
3.分析yaml文件
3.1Dashboard Secret
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: OpaqueapiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
复制代码
3.2 Dashboard Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
复制代码
3.3 Dashboard Role & Role Binding
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system 复制代码
3.4 Dashboard Deployment
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
复制代码
3.5 Dashboard Service
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
复制代码
四.修改配置文件
4.1默认访问方式是集群ip,并适合实际使用,所以先修改访问方式
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
复制代码
4.2默认证书问题只能使用火狐浏览器才能访问到,如果要修改chrome浏览器能使用必须重新更新生成证书,如果只使用火狐浏览器,则可以跳过该步骤
4.2.1删除 Dashboard Secret 部分
4.2.2重新生成证书,注意换成自己的ip
[root@dev-api ca]# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.246.200'
[root@dev-api ca]# ls
dashboard.csr dashboard.key
[root@dev-api ca]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=192.168.246.200
Getting Private key
You have new mail in /var/spool/mail/root
[root@dev-api ca]# ls
dashboard.crt dashboard.csr dashboard.key
[root@dev-api ca]# openssl x509 -in dashboard.crt -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
b9:07:50:1a:19:79:36:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=192.168.246.200
Validity
Not Before: Jun 27 09:00:51 2019 GMT
Not After : Jul 27 09:00:51 2019 GMT
Subject: CN=192.168.246.200
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:a4:ad:9f:80:82:9f:ff:b0:04:8d:3f:99:3b:
65:93:76:a9:c3:89:87:da:21:41:45:a6:ab:da:01:
f8:b4:08:cc:6a:2a:b4:94:05:9e:8d:38:9d:f7:a5:
d7:f9:40:11:d8:85:18:04:9e:90:60:36:32:57:8f:
f4:f8:59:5b:4b:74:f9:da:ec:30:a1:5e:86:45:83:
d7:90:12:c7:ee:b6:b9:63:9b:1c:3b:fe:b2:79:95:
f2:90:80:c8:be:2d:48:2f:fe:7d:ba:9a:3c:93:8f:
7d:82:04:4b:65:ef:70:7c:5b:92:5c:45:96:54:7e:
77:e9:a4:1b:ee:8a:44:14:c9:67:1e:f8:46:f1:a1:
ef:78:e1:ed:21:01:6e:5b:b6:85:de:40:93:54:d2:
5c:a1:6f:9b:45:0c:d8:5f:77:a0:d1:e3:d8:0c:07:
28:cc:38:ed:a3:cb:ab:2e:33:3a:83:e3:18:3f:06:
ac:21:2e:c0:e2:3e:af:f8:33:a7:06:2f:4e:6f:6d:
8d:c4:5d:56:52:b9:83:d9:d6:7d:f2:f5:9e:58:77:
47:47:f0:f8:da:09:a1:47:cf:16:f2:72:3a:c1:99:
b2:eb:61:5a:a2:3c:49:7e:e4:b4:bd:76:05:d0:fe:
13:d1:8e:e4:9c:7b:fc:fb:97:16:41:40:2f:87:8c:
8f:fd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
70:d9:a1:3a:19:d6:76:9e:91:fc:39:92:4f:bc:3b:3e:70:f3:
72:d6:c2:f3:13:be:f8:0e:75:d3:3e:68:c1:43:95:a0:9a:3f:
96:f8:9c:de:23:a0:49:da:ce:fb:a8:cc:e6:34:9b:a9:aa:9f:
9d:86:bb:a9:6d:d2:80:8c:b2:3d:89:c9:ff:44:e6:b1:90:e2:
99:2e:c1:9a:83:d0:7a:f4:cd:2a:02:4f:51:2c:c5:f2:c4:cd:
34:79:36:e1:8a:ee:10:a0:e7:6d:31:14:02:57:27:53:9d:40:
02:4b:ee:e0:7d:17:ee:80:fa:b0:10:66:03:98:26:b3:16:a0:
62:5a:ac:7b:f8:5b:98:15:c8:68:26:bd:f4:c3:df:35:34:ab:
c1:dc:fc:8f:5e:85:5d:cf:70:2f:83:72:68:4c:69:49:42:da:
28:06:a9:71:86:85:db:79:28:8e:5a:f2:cc:24:e1:71:b2:dc:
3f:6f:94:cf:19:8d:cd:18:3a:c8:be:e8:dc:8c:05:30:21:09:
54:ac:22:6d:e0:47:14:9f:16:07:4e:ed:6b:c5:d0:3e:73:37:
3b:12:85:83:34:1c:18:74:e4:96:af:6e:b5:b7:3f:60:58:e5:
09:8c:07:b2:19:77:bd:61:d0:a5:0a:56:6b:c3:4b:f7:c5:bc:
3d:d0:74:9e
[root@dev-api ca]# ls
dashboard.crt dashboard.csr dashboard.key
复制代码
4.2.3 生成自己的secret
kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt kubectl -n kube-system get secret |grep kubernetes-dashboard-certs kubernetes-dashboard-certs Opaque 2 88m 复制代码
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Ordering Disorder
Khoi Vinh / New Riders Press / 2010-12-03 / USD 29.99
The grid has long been an invaluable tool for creating order out of chaos for designers of all kinds—from city planners to architects to typesetters and graphic artists. In recent years, web designers......一起来看看 《Ordering Disorder》 这本书的介绍吧!
JSON 在线解析
在线 JSON 格式化工具
UNIX 时间戳转换
UNIX 时间戳转换