手把手从零开始搭建k8s集群超详细教程
本教程根據(jù)B站課程云原生Java架構(gòu)師的第一課K8s+Docker+KubeSphere+DevOps同步所做筆記教程
k8s集群搭建超詳細(xì)教程
- 1. 基本環(huán)境搭建
- 1. 創(chuàng)建私有網(wǎng)絡(luò)
- 2. 創(chuàng)建服務(wù)器資源
- 3. 遠(yuǎn)程連接到服務(wù)器
- 4. docker容器化環(huán)境安裝
- 5. kubeadm、kubectl、kubelet安裝
- 2. 使用kubeadm引導(dǎo)集群
- 1. 下載k8s所需的鏡像
- 2. 添加k8s中主節(jié)點(diǎn)的域名映射
- 3. 初始化k8s主節(jié)點(diǎn)
- 4. 添加k8s集群中的從節(jié)點(diǎn)
- 3. 驗(yàn)證集群自動(dòng)恢復(fù)功能
- 4. 部署k8s可視化管理界面——dashboard
- 1. 下載部署dashboard
- 2. 設(shè)置dashboard訪問(wèn)端口
- 3. 創(chuàng)建訪問(wèn)賬號(hào)
- 4. 獲取訪問(wèn)令牌
搭建集群架構(gòu)如下圖所示:一共三臺(tái)機(jī)器,其中一個(gè)master節(jié)點(diǎn),兩個(gè)worker工作節(jié)點(diǎn),保證每臺(tái)機(jī)器間能使用內(nèi)網(wǎng)ip互通
每臺(tái)機(jī)器首先安裝docker保證容器運(yùn)行環(huán)境,然后安裝核心的三個(gè)部件
kubelet、kubectl(命令行工具)、kubeadm(初始化集群工具)
1. 基本環(huán)境搭建
以下實(shí)驗(yàn)基于第一家混合云上市公司 | 青云QingCloud完成,為什么要選用青云呢?首先是青云自研了KubeSphere,它是基于 Kubernetes 構(gòu)建的分布式、多租戶、多集群、企業(yè)級(jí)開(kāi)源容器平臺(tái),我們稍后會(huì)學(xué)習(xí)該平臺(tái)的使用。其次,在使用的過(guò)程中,體會(huì)到了青云對(duì)于各種資源操作的便捷,且附有各種便于理解的可視化界面,整個(gè)控制臺(tái)界面簡(jiǎn)單高效。
1. 創(chuàng)建私有網(wǎng)絡(luò)
VPC即
Virtual Private Cloud,私有網(wǎng)絡(luò),可以理解為一個(gè)網(wǎng)段,在這個(gè)網(wǎng)段內(nèi)還可以選擇創(chuàng)建子網(wǎng)段。不同的私有網(wǎng)絡(luò)內(nèi)實(shí)現(xiàn)完全的隔離,保證資源的封閉性,在公有云上構(gòu)建出一個(gè)專屬隔離的網(wǎng)絡(luò)環(huán)境。在 VPC 網(wǎng)絡(luò)內(nèi),您可以自定義 IP 地址范圍,創(chuàng)建子網(wǎng),并在子網(wǎng)內(nèi)創(chuàng)建云服務(wù)器、數(shù)據(jù)庫(kù)、大數(shù)據(jù)等各種云資源。
接下來(lái)我們新建一個(gè)VPC名為k8s-cluster專門用來(lái)存放k8s的集群,并在其中創(chuàng)建一個(gè)私有網(wǎng)絡(luò)k8s-cluster-01
創(chuàng)建完成后如圖所示:
2. 創(chuàng)建服務(wù)器資源
準(zhǔn)備三臺(tái)centos服務(wù)器,這里以青云QingCloud的云服務(wù)器為例,創(chuàng)建三個(gè)centos服務(wù)器
注意:kubenetes集群安裝要求每臺(tái)機(jī)器內(nèi)存 >= 2 GB、核心數(shù) >= 2 CPU
選擇按需付費(fèi),其中:網(wǎng)絡(luò)加入到我們自己創(chuàng)建的VPC私有網(wǎng)絡(luò)k8s-cluster-01中,且每臺(tái)服務(wù)器新建對(duì)應(yīng)的公網(wǎng)ip,選擇按流量付費(fèi)
創(chuàng)建完成后可以在VPC私有網(wǎng)絡(luò)中看到新建的3臺(tái)服務(wù)器:
注意打開(kāi)安全組的組內(nèi)互信,就是保證同一個(gè)局域網(wǎng)內(nèi)的所有機(jī)器不受防火墻的限制都可以互相訪問(wèn)
3. 遠(yuǎn)程連接到服務(wù)器
利用遠(yuǎn)程連接工具連接到3個(gè)服務(wù)器,其中k8s-01我們作為集群中的主節(jié)點(diǎn)
用ip a命令可以查看每個(gè)服務(wù)器的內(nèi)網(wǎng)IP,保證3臺(tái)服務(wù)器間能使用內(nèi)網(wǎng)ip相互ping通
4. docker容器化環(huán)境安裝
首先給每臺(tái)服務(wù)器安裝docker
# 1.移除以前docker相關(guān)包
sudo yum remove docker \docker-client \docker-client-latest \docker-common \docker-latest \docker-latest-logrotate \docker-logrotate \docker-engine# 2. 配置yum源
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo# 3. 安裝docker
sudo yum install -y docker-ce docker-ce-cli containerd.io# 4. 啟動(dòng)docker
systemctl enable docker --now# 5. 配置阿里云加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2"
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
5. kubeadm、kubectl、kubelet安裝
kubernetes集群安裝環(huán)境要求:
一臺(tái)兼容的 Linux 主機(jī),Kubernetes 項(xiàng)目為基于 Debian 和 Red Hat 的 Linux 發(fā)行版以及一些不提供包管理器的發(fā)行版提供通用的指令
每臺(tái)機(jī)器內(nèi)存 >= 2 GB、核心數(shù) >= 2 CPU
設(shè)置防火墻放行規(guī)則,保證集群中的所有機(jī)器的網(wǎng)絡(luò)彼此均能相互連接(公網(wǎng)和內(nèi)網(wǎng)都可以)
給每臺(tái)機(jī)器設(shè)置不同hostname,要求節(jié)點(diǎn)之間不可以有重復(fù)的主機(jī)名、MAC 地址或 product_uuid(點(diǎn)擊這里了解更多詳細(xì)信息)
開(kāi)啟機(jī)器上的某些端口(詳細(xì)端口信息點(diǎn)擊這里)
禁用交換分區(qū),為了保證 kubelet 正常工作,你 必須 禁用交換分區(qū)
1?? 基本要求完善
在三臺(tái)云主機(jī)上分別執(zhí)行以下命令,來(lái)保證安裝kubernetes集群的基本要求
# 設(shè)置每個(gè)機(jī)器自己的hostname(這里分別為k8s-master、k8s-node1、k8s-node2)
hostnamectl set-hostname 主機(jī)名# 禁用SELinux安全子系統(tǒng)(將SELinux設(shè)置為permissive模式)
sudo setenforce 0 # 臨時(shí)
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config # 永久# 禁用虛擬內(nèi)存(關(guān)閉swap)
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab# 允許iptables檢查橋接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOFcat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF# 使配置生效
sudo sysctl --system
2?? 安裝kubelet、kubeadm、kubectl
在三臺(tái)云主機(jī)上分別執(zhí)行以下命令安裝 kubelet、kubeadm、kubectl
# 配置k8s的yum源地址
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF# 安裝 kubelet,kubeadm,kubectl
sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9# 啟動(dòng)kubelet
sudo systemctl enable --now kubelet# 所有機(jī)器配置master域名
echo "172.31.0.4 k8s-master" >> /etc/hosts
2. 使用kubeadm引導(dǎo)集群
1. 下載k8s所需的鏡像
在三臺(tái)云服務(wù)器上執(zhí)行以下命令,命令中編寫了一個(gè)shell腳本然后執(zhí)行來(lái)幫我們下載安裝k8s集群所需的相關(guān)鏡像
# 編寫shell文件
sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.20.9
kube-proxy:v1.20.9
kube-controller-manager:v1.20.9
kube-scheduler:v1.20.9
coredns:1.7.0
etcd:3.4.13-0
pause:3.2
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
done
EOF# 給shell文件權(quán)限并執(zhí)行
chmod +x ./images.sh && ./images.sh
2. 添加k8s中主節(jié)點(diǎn)的域名映射
在三臺(tái)機(jī)器上執(zhí)行以下命令來(lái)添加master域名映射,其中的ip需要修改自己要配置的主節(jié)點(diǎn)私網(wǎng)ip地址
# 所有機(jī)器添加master域名映射,以下ip需要修改自己要配置的主節(jié)點(diǎn)私網(wǎng)ip地址
echo "172.31.0.2 cluster-endpoint" >> /etc/hosts
配置完成后我們可以在任意機(jī)器ping cluster-endpoint進(jìn)行測(cè)試,ping通則代表配置成功
# 配置完成后直接ping域名測(cè)試
ping cluster-endpoint
3. 初始化k8s主節(jié)點(diǎn)
在需要作為直接點(diǎn)的主機(jī)中(這里為k8s-01)執(zhí)行以下命令,使用kubeadm初始化k8s集群中的主節(jié)點(diǎn)
注意:修改–apiserver-advertise-address為自己主機(jī)的私網(wǎng)ip地址
# 主節(jié)點(diǎn)初始化(只對(duì)主節(jié)點(diǎn)主機(jī)執(zhí)行)
kubeadm init \
--apiserver-advertise-address=172.31.0.2 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
主節(jié)點(diǎn)初始化成功如下圖所示:
Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:kubeadm join cluster-endpoint:6443 --token ut0k7e.j286ljqnnaz8v2dp \--discovery-token-ca-cert-hash sha256:71dd29dbcc8438caf523df03c6623bac89df35e958cb0adca0f9d400abe8ca7b \--control-plane Then you can join any number of worker nodes by running the following on each as root:kubeadm join cluster-endpoint:6443 --token ut0k7e.j286ljqnnaz8v2dp \--discovery-token-ca-cert-hash sha256:71dd29dbcc8438caf523df03c6623bac89df35e958cb0adca0f9d400abe8ca7b
其中有進(jìn)一步的操作提示:
1?? 設(shè)置.kube/config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
2?? 安裝網(wǎng)絡(luò)組件
calico官網(wǎng)
# 下載calico配置文件
curl https://docs.projectcalico.org/manifests/calico.yaml -O# 應(yīng)用calico組件
kubectl apply -f calico.yaml
4. 添加k8s集群中的從節(jié)點(diǎn)
在其他兩臺(tái)云主機(jī)k8s-02、k8s-03上分別執(zhí)行上述初始化主節(jié)點(diǎn)完后的提示命令加入到k8s-master的集群中
kubeadm join cluster-endpoint:6443 --token x5g4uy.wpjjdbgra92s25pp \--discovery-token-ca-cert-hash sha256:6255797916eaee52bf9dda9429db616fcd828436708345a308f4b917d3457a22# 注意:該命令24小時(shí)過(guò)期,過(guò)期后可以通過(guò)如下命令生成新的命令
kubeadm token create --print-join-com
然后我們?cè)趍aster上查看部署的所有應(yīng)用,可以發(fā)現(xiàn)兩個(gè)節(jié)點(diǎn)已經(jīng)加入
過(guò)一段時(shí)間待節(jié)點(diǎn)初始化完成后即可編程ready狀態(tài)
3. 驗(yàn)證集群自動(dòng)恢復(fù)功能
kubenetes集群有自動(dòng)恢復(fù)功能,如果我們?cè)谇嘣瓶刂婆_(tái)上將三臺(tái)云主機(jī)關(guān)機(jī)重啟,k8s應(yīng)用仍然會(huì)自動(dòng)恢復(fù),可通過(guò)以下命令來(lái)驗(yàn)證
# 查看集群所有節(jié)點(diǎn)
kubectl get nodes# 查看集群部署了哪些應(yīng)用?類似docker ps(運(yùn)行中的應(yīng)用在docker里面叫容器,在k8s里面叫Pod)
kubectl get pods -A
4. 部署k8s可視化管理界面——dashboard
dashboard 是kubernetes官方提供的k8s控制臺(tái)可視化界面
1. 下載部署dashboard
k8s中下載創(chuàng)建應(yīng)用可以采用yaml配置文件的方式,使用以下命令即可創(chuàng)建資源
# 根據(jù)配置文件,給集群創(chuàng)建資源
kubectl apply -f xxxx.yaml
接下來(lái)我們以配置文件的方式安裝dashboard可視化界面
# 在主節(jié)點(diǎn)執(zhí)行以下命令安裝dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
如果下載不下來(lái),則可以創(chuàng)建復(fù)制以下配置文件并通過(guò)kubectl apply -f 配置文件名命令配置應(yīng)用
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.3.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.6ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
配置成功如下圖所示:
2. 設(shè)置dashboard訪問(wèn)端口
# 1.運(yùn)行以下命令將dashboard web界面的端口暴露到機(jī)器上
# 注意將文件中的 type: ClusterIP 改為 type: NodePort
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
注意將文件中的 type: ClusterIP 改為 type: NodePort,這里我們只需要知道NodePort表示暴露端口可以使用公網(wǎng)訪問(wèn),具體原因后續(xù)會(huì)介紹
# 2.找到端口,在安全組放行
kubectl get svc -A |grep kubernetes-dashboard
這里為31372端口,然后在青云安全組設(shè)置中開(kāi)放該端口
然后我們使用集群中任意一臺(tái)機(jī)器的公網(wǎng)IP加上該端口號(hào)即可訪問(wèn),注意帶上https前綴
注意:如果出現(xiàn)不安全不能繼續(xù)前往的情況,直接在頁(yè)面輸入thisisunsafe,直接在頁(yè)面輸入不需要在地址欄輸入即可自動(dòng)跳轉(zhuǎn)
3. 創(chuàng)建訪問(wèn)賬號(hào)
# 1. 創(chuàng)建訪問(wèn)賬號(hào),準(zhǔn)備一個(gè)yaml文件
vim dash-user.yaml# 文件內(nèi)容如下
apiVersion: v1
kind: ServiceAccount
metadata:name: admin-usernamespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: admin-user
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: admin-usernamespace: kubernetes-dashboard# 2. 然后應(yīng)用該配置
kubectl apply -f dash-user.yaml
4. 獲取訪問(wèn)令牌
# 獲取訪問(wèn)令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6IjNzY2VQeHZORGhjMENSeGd1dFBTVENQYjZLd0hxY1NwSDJ4cDkxUUFMM00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWR3c3RzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwYTVmYjFjNi1iNGE5LTQ1YjQtYWQyNy00YzcwMTMyZGMwY2EiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.t2Pp1BIr3kU1h7QBHlFOuQp7VhhZhF64V74DYfbp2tP4HR8nt4ph7PphnxBziNS4PCsCDDqh2l1LJftYBTLqtX52e_PNqO6m_uNUpO5WGm7v9SGDttIGimyDNwAKw-qIXzj3BzjEeORfCebgjP6Z9g9pBuVpyQiGNGQ_IoI4WF7B3LlktcZD9QKbhwiL8qOASU3gUP8PuVqz7GmmskFNCHMXQpDNSKumu_0KcVA6qZjEucFz5emkihtDU7fyj2wLZgPJvjbyrDfodD67EYnelkryw6BUqf0TBYfeti5tNgxqbeKgFdKtKB0HQFUn7jDHcG6rrh3mwgpMV7FkohUp8g
然后復(fù)制令牌進(jìn)行登錄,即可進(jìn)入到管理界面
總結(jié)
以上是生活随笔為你收集整理的手把手从零开始搭建k8s集群超详细教程的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Git最新版从零开始详细教程(迅速搞定~
- 下一篇: k8s核心组件详细介绍教程(配超详细实例