kubernetes binary cluster deployment 4 -- deployment web interface

Key points:

1. Environment introduction

2. web interface deployment


1, Environment introduction:

1. As the last step of k8s cluster deployment, the previous blog address:

Deployment 1 of kubernetes binary cluster - deployment of etcd storage component and flannel network component:

https://blog.51cto.com/14475876/2470049

kubernetes binary cluster deployment II: single master cluster deployment + multiple master clusters and deployment:

https://blog.51cto.com/14475876/2470063

kubernetes binary cluster deployment 3 - load balancing scheduler deployment:

https://blog.51cto.com/14475876/2470086


2. Official document address of dashborad: https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard

2, web interface deployment:


 stay master01 Operation:
//Create dashborad working directory:
[root@localhost k8s]# mkdir dashboard
//Copy official documents (6 in total):
[root@localhost dashboard]# ls  
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml  k8s-admin.yaml
//Load and create all files:
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
//After the creation, check that the creation is under the specified Kube system namespace:
[root@localhost dashboard]# kubectl get pods -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-65f974f565-rs2h4   1/1     Running   0          4m23s
//See how to access:
[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-x9vrg   1/1     Running   0          8m32s

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.110   <none>        443:30001/TCP   8m18s

At this time, we use Google browser to visit: https://192.168.109.131:30001/

Reason: no self signed certificate


How to solve: write a certificate


stay master01 Upper:
[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   },
   "names": [
       {
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"
       }
   ]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
//Next, generate the certificate:
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
[root@localhost dashboard]# vim dashboard-controller.yaml
//In the args directory, add the path of the certificate:
...
(Ellipsis content)
...
args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem
          - --tls-cert-file=dashboard.pem
...
(Ellipsis content)
...


//Next, redeploy:
[root@localhost dashboard]#  kubectl apply -f dashboard-controller.yaml 
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured


Then, we visit the website again: https://192.168.220.136:30001/

Choose to accept the risk and continue, choose token:

Next, what we need to do is to generate a token and fill it in the browser:


//Generate token:
[root@localhost dashboard]# kubectl create -f k8s-admin.yaml
//Preservation:
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-829rp        kubernetes.io/service-account-token   3      9s
default-token-rsrxp                kubernetes.io/service-account-token   3      3h10m
kubernetes-dashboard-certs         Opaque                                11     12m
kubernetes-dashboard-key-holder    Opaque                                2      119m
kubernetes-dashboard-token-6rdlf   kubernetes.io/service-account-token   3      118m
//To view a token:
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-829rp -n kube-system


The following is a ciphertext for token generation:



We can copy this ciphertext and paste it into the blank space on the browser:



Then, we can manage our components, view all kinds of information and profiles on the control panel, which is very convenient


Tags: Kubernetes JSON vim network

Posted on Tue, 11 Feb 2020 09:33:49 -0800 by linus