1.5 k8s 应用环境
1.5.1 dashboard
GitHub项目地址
https://github.com/kubernetes/dashboard部署 kubernetes 的 web 管理界面 dashboard,跟 kubeadm 部署方式一样,详见kubeadm中的1.5。kubeasz项目中也提供dashboard的安装,这里使用自己安装。在kubeasz项目中的manifests目录中创建应用的目录,部署完成后方便打包,以便后期重新部署使用。
# 准备目录及文件
[root@k8s-master1 /etc/kubeasz]# cd manifests/
[root@k8s-master1 /etc/kubeasz/manifests]# mkdir dashboard
[root@k8s-master1 /etc/kubeasz/manifests]# cd dashboard
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# ll
total 20
drwxr-xr-x 2 root root 4096 Nov 14 00:32 ./
drwxrwxr-x 11 root root 4096 Nov 14 00:32 ../
-rw-r--r-- 1 root root 374 Jun 8 2020 admin-user.yml
-rw-r--r-- 1 root root 7623 Oct 28 00:47 dashboard-v2.3.1.yaml
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]#
# 拉取镜像
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# docker pull kubernetesui/dashboard:v2.3.1
v2.3.1: Pulling from kubernetesui/dashboard
b82bd84ec244: Pull complete
21c9e94e8195: Pull complete
Digest: sha256:ec27f462cf1946220f5a9ace416a84a57c18f98c777876a8054405d1428cc92e
Status: Downloaded newer image for kubernetesui/dashboard:v2.3.1
docker.io/kubernetesui/dashboard:v2.3.1
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]#
# 打标签并上传至本地harbor
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# docker tag kubernetesui/dashboard:v2.3.1 harbor.waluna.top/baseimages/dashboard:v2.3.1
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# docker push harbor.waluna.top/baseimages/dashboard:v2.3.1
The push refers to repository [harbor.waluna.top/baseimages/dashboard]
c94f86b1c637: Pushed
8ca79a390046: Pushed
v2.3.1: digest: sha256:e5848489963be532ec39d454ce509f2300ed8d3470bdfb8419be5d3a982bb09a size: 736
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]#
# 另一个镜像也上传至harbor
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# docker pull kubernetesui/metrics-scraper:v1.0.6
v1.0.6: Pulling from kubernetesui/metrics-scraper
Digest: sha256:1f977343873ed0e2efd4916a6b2f3075f310ff6fe42ee098f54fc58aa7a28ab7
Status: Image is up to date for kubernetesui/metrics-scraper:v1.0.6
docker.io/kubernetesui/metrics-scraper:v1.0.6
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# docker tag kubernetesui/metrics-scraper:v1.0.6 harbor.waluna.top/baseimages/metrics-scraper:v1.0.6
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# docker push harbor.waluna.top/baseimages/metrics-scraper:v1.0.6
The push refers to repository [harbor.waluna.top/baseimages/metrics-scraper]
a652c34ae13a: Pushed
6de384dd3099: Pushed
v1.0.6: digest: sha256:c09adb7f46e1a9b5b0bde058713c5cb47e9e7f647d38a37027cd94ef558f0612 size: 736
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]#
# 创建dashboard
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl apply -f dashboard-v2.3.1.yaml -f admin-user.yml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]#
# 验证dashboard创建成功
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl get pod -A |grep dash
kubernetes-dashboard dashboard-metrics-scraper-5b8df6cd57-jmznl 1/1 Running 0 13s
kubernetes-dashboard kubernetes-dashboard-56dc757f5f-8sv8d 1/1 Running 0 13s
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl get svc -A |grep dash
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.20.164.123 <none> 8000/TCP 15s
kubernetes-dashboard kubernetes-dashboard NodePort 10.20.242.83 <none> 443:30002/TCP 15s
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# 1.5.2 查看 token 登录 dashboard
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl get secrets -A|grep admin
kubernetes-dashboard admin-user-token-5g2cx kubernetes.io/service-account-token 3 27s
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl describe secrets admin-user-token-5g2cx -n kubernetes-dashboard
Name: admin-user-token-5g2cx
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 727c9836-1e8d-459f-9731-b7ecdebae509
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1350 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik9YeXVJYy1ia0JTT1g4RHFsX3c5YVUzaXNQa1p5dW1BOXMwYkpSZllNWUEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTVnMmN4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3MjdjOTgzNi0xZThkLTQ1OWYtOTczMS1iN2VjZGViYWU1MDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.P6EdlJt0pHcdigzGAs9GxrIRrDcKJk_QOc3sNY65-CrfI7Q9dDlzuaWeNreuqWPnYXHx4AzrU-mrj3VhBASvEs_xFstR8pjwhnFLfmqg5ZqKV1K1_2tm0pe7x89IKnKC84xxF76366La8J8BBVym6EUzNkYgAUvWLOSpJRvG6I22btnsD_IdI4Z_CRLWPD0HIMSAuML6xXp9UJxP6CbRa7Xxt_Ykx6QBqFXmrEN4rCrF7u1qFmZDwMryb0Ttrdpu-miIiOyjR66b6NPxqwSz3nOaLUhqjawessAWW19UjPKXUsHP2CpCdS86CA8xipP6kAYSGVmhXWf0W9agGwDX7g
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# 
登陆后页面
1.6.3 设置token登录会话保持时间
默认为900s即15min,加--token-ttl参数设置时间,以s为单位,可以设置为43200,即12h。为安全考虑,可以设置为3600s。
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# vim dashboard-v2.3.1.yaml
......
containers:
- name: kubernetes-dashboard
image: harbor.waluna.top/baseimages/dashboard:v2.3.1
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
- --token-ttl=3600 # 添加此行
......
# 使其生效
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl apply -f .
serviceaccount/admin-user unchanged
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard unchanged
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
Warning: resource secrets/kubernetes-dashboard-key-holder is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
secret/kubernetes-dashboard-key-holder configured
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard configured
service/dashboard-metrics-scraper unchanged
deployment.apps/dashboard-metrics-scraper unchanged
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# kubectl apply -f .
serviceaccount/admin-user unchanged
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard unchanged
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard unchanged
service/dashboard-metrics-scraper unchanged
deployment.apps/dashboard-metrics-scraper unchanged
[root@k8s-master1 /etc/kubeasz/manifests/dashboard]# 1.6.4 制作 kubeconfig 文件
# 将 /root/.kube/config 文件拷贝出来,将token加入其中。注意:此文件为yaml格式,需要根据格式,在最下面空四个空格,然后填写token。
[root@k8s-master1 ~]# cp /root/.kube/config /data/kubeconfig
[root@k8s-master1 ~]# vim /data/kubeconfig
[root@k8s-master1 ~]# tail -1 /data/kubeconfig
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik9YeXVJYy1ia0JTT1g4RHFsX3c5YVUzaXNQa1p5dW1BOXMwYkpSZllNWUEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTVnMmN4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3MjdjOTgzNi0xZThkLTQ1OWYtOTczMS1iN2VjZGViYWU1MDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.P6EdlJt0pHcdigzGAs9GxrIRrDcKJk_QOc3sNY65-CrfI7Q9dDlzuaWeNreuqWPnYXHx4AzrU-mrj3VhBASvEs_xFstR8pjwhnFLfmqg5ZqKV1K1_2tm0pe7x89IKnKC84xxF76366La8J8BBVym6EUzNkYgAUvWLOSpJRvG6I22btnsD_IdI4Z_CRLWPD0HIMSAuML6xXp9UJxP6CbRa7Xxt_Ykx6QBqFXmrEN4rCrF7u1qFmZDwMryb0Ttrdpu-miIiOyjR66b6NPxqwSz3nOaLUhqjawessAWW19UjPKXUsHP2CpCdS86CA8xipP6kAYSGVmhXWf0W9agGwDX7g
[root@k8s-master1 ~]#
# 将文件拷贝出来
[root@k8s-master1 ~]# sz /data/kubeconfig登录的时候选择第二项 Kubeconfig 选择准备好的文件点击登录
登录成功
Comments | NOTHING