精华内容
下载资源
问答
  • RQ dashboard使用

    千次阅读 2019-11-18 16:45:20
    RQ dashboard使用安装rq-dashboard连接rq-dashboard查看dashboard 安装rq-dashboard pip install rq-dashboard 连接rq-dashboard rq-dashboard --redis-password "xxxxx" --redis-host "xxx.xxx.xxx.xxx" --redis-...

    安装rq-dashboard

    pip install rq-dashboard
    

    连接rq-dashboard

    rq-dashboard  --redis-password "xxxxx" --redis-host "xxx.xxx.xxx.xxx" --redis-port 6379 --redis-database n
    

    在这里插入图片描述

    查看dashboard

    http://xxx.xxx.xxx.xxx:9181/
    

    在这里插入图片描述

    展开全文
  • Dashboard使用自定义证书

    千次阅读 2018-08-07 20:31:28
    Dashboard使用自定义证书 Kubernetes Dashboard的默认配置中,挂载的是一个空证书,浏览器访问时会一直提示非安全连接,访问时需要添加例外,部分情况下特别麻烦: 为解决此问题,我们需要为Dashboard提供完整的...

    Dashboard使用自定义证书

    Kubernetes Dashboard的默认配置中,挂载的是一个空证书,浏览器访问时会一直提示非安全连接,访问时需要添加例外,部分情况下特别麻烦:

    这里写图片描述

    为解决此问题,我们需要为Dashboard提供完整的TLS证书。这里使用自签名证书来演示:

    1、创建自签名CA

    [root@k8s-master tls]# pwd
    /root/kubernetes/yml/tls
    
    --- 生成私钥 ---
    [root@k8s-master tls]# openssl genrsa -out ca.key 2048
    Generating RSA private key, 2048 bit long modulus
    ..............+++
    ............................................+++
    e is 65537 (0x10001)
    
    --- 生成自签名证书 ---
    [root@k8s-master tls]# openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA"
    
    --- 查看CA内容 ---
    [root@k8s-master tls]# openssl x509 -in ca.crt -noout -text
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 10690141216836748417 (0x945b02cc44510481)
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=CN, ST=HB, L=WH, O=DM, OU=YPT, CN=CA
            Validity
                Not Before: Aug  7 09:03:50 2018 GMT
                Not After : Aug  4 09:03:50 2028 GMT
            Subject: C=CN, ST=HB, L=WH, O=DM, OU=YPT, CN=CA
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:b4:b9:a0:5d:a2:e6:17:0a:19:4b:5a:ac:2d:65:
                        32:ac:cc:ee:df:fb:37:ff:c7:83:a3:b3:ab:5a:9f:
                        73:24:de:e8:09:e3:eb:f3:cf:72:f8:9e:c4:39:3e:
                        78:6b:09:b8:49:8a:11:2b:b8:75:98:68:db:84:7d:
                        90:bd:f2:ad:52:35:89:73:e6:d9:9c:90:49:ba:c6:
                        06:ea:1f:ca:13:aa:2e:bb:1e:92:7d:5d:c4:d9:ea:
                        da:1c:e1:3a:43:f2:77:87:e9:5d:5c:b0:93:02:f3:
                        26:78:ac:41:c3:90:66:9f:89:38:5a:4e:f7:34:00:
                        16:db:b8:63:c2:c2:12:23:ab:27:da:97:b3:13:1d:
                        66:2d:4b:2e:2e:25:b6:6a:49:60:df:12:3c:95:1b:
                        2f:37:df:8f:7d:7a:83:53:a3:cf:a1:52:d6:bd:9b:
                        5f:25:bd:a6:cf:70:f2:27:f0:ed:00:90:cd:dc:16:
                        21:6d:a3:f7:ad:88:30:4d:66:f9:32:8c:d2:da:53:
                        77:65:88:2b:8a:ef:8b:8d:e5:a1:27:c2:d6:d6:2a:
                        ea:40:30:90:ea:b1:f5:35:66:e0:d9:9d:42:b0:51:
                        74:01:60:3c:b9:28:f3:4c:e1:17:aa:cc:40:0a:e3:
                        7e:06:9d:1c:57:99:0c:03:9e:d8:67:bc:6a:db:71:
                        1d:6d
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Subject Key Identifier: 
                    99:54:11:DA:DF:02:9D:7F:B6:0D:43:43:C3:14:0E:79:03:27:27:0C
                X509v3 Authority Key Identifier: 
                    keyid:99:54:11:DA:DF:02:9D:7F:B6:0D:43:43:C3:14:0E:79:03:27:27:0C
    
                X509v3 Basic Constraints: 
                    CA:TRUE
        Signature Algorithm: sha256WithRSAEncryption
             8f:71:81:1b:91:08:a7:3a:45:5f:f0:22:a5:b9:43:67:1a:78:
             9c:3e:ea:a3:3e:fc:6b:49:e4:90:61:41:b9:ce:f5:ca:17:49:
             ca:2b:ba:94:70:83:4f:d1:12:1e:ae:0d:f2:c8:b0:73:8e:c2:
             05:5f:5c:d9:fa:be:30:e3:6e:f0:3e:f9:8c:b5:65:ff:7d:8e:
             55:71:9b:d0:7d:71:63:79:aa:69:fe:9f:7c:6f:b5:ca:a2:55:
             e1:9c:47:f0:35:00:73:89:58:3c:09:f4:53:ab:68:83:7d:b3:
             d5:50:81:9b:7d:67:3f:ba:dd:e9:eb:87:e0:cd:2c:9c:00:49:
             b9:06:81:32:7b:93:04:cd:8b:4e:4b:82:a0:26:8a:bb:7f:5c:
             19:bc:f9:b4:c0:cc:66:a5:1f:17:00:aa:8c:b5:7d:db:5d:0b:
             e7:b6:0f:07:de:b0:36:b6:7c:a0:15:8e:58:1d:5b:d4:94:f2:
             6c:1d:80:fa:1a:96:02:f2:8a:5d:cf:3d:0e:46:5e:8c:88:a5:
             ed:eb:50:ac:3c:d8:ac:7d:b8:77:52:55:e7:c1:dd:fd:d0:81:
             4c:56:8e:8b:2d:69:2c:41:a9:a1:c5:4c:0d:e2:e0:e0:cd:e5:
             d5:83:7c:5e:40:45:81:a7:ae:54:56:c8:15:8b:f3:98:60:f9:
             27:be:9c:fc

    2、签发Dashboard证书

    --- 生成私钥 ---
    [root@k8s-master tls]# openssl genrsa -out dashboard.key 2048
    Generating RSA private key, 2048 bit long modulus
    .....+++
    .....+++
    e is 65537 (0x10001)
    
    --- 申请签名请求 ---
    [root@k8s-master tls]# openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=192.168.119.160"
    
    --- 配置文件 ---
    [root@k8s-master tls]# cat dashboard.cnf 
    extensions = san
    [san]
    keyUsage = digitalSignature
    extendedKeyUsage = clientAuth,serverAuth
    subjectKeyIdentifier = hash
    authorityKeyIdentifier = keyid,issuer
    subjectAltName = IP:192.168.119.160,IP:127.0.0.1,DNS:192.168.119.160,DNS:localhost
    
    --- 签发证书 ---
    [root@k8s-master tls]# openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf
    Signature ok
    subject=/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=192.168.119.160
    Getting CA Private Key
    
    --- 查看证书 ---
    [root@k8s-master tls]# openssl x509 -in dashboard.crt -noout -text
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 11439967281257568671 (0x9ec2eda17972d99f)
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=CN, ST=HB, L=WH, O=DM, OU=YPT, CN=CA
            Validity
                Not Before: Aug  7 09:17:23 2018 GMT
                Not After : Aug  4 09:17:23 2028 GMT
            Subject: C=CN, ST=HB, L=WH, O=DM, OU=YPT, CN=192.168.119.160
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:bb:63:10:8c:44:d4:98:a7:64:7f:22:77:39:4c:
                        2b:76:19:0d:bd:21:4c:05:37:1a:23:5c:0e:cd:b3:
                        2b:ec:74:69:21:a5:01:db:5d:ee:54:cc:28:12:9f:
                        eb:09:df:fc:f7:01:a7:00:1a:ba:d0:fc:85:6e:30:
                        94:7a:9d:f3:3e:26:15:6c:8d:b2:21:0f:6b:bf:db:
                        5c:8c:37:2c:58:43:9c:37:bd:c4:ef:2e:71:83:c7:
                        7c:cb:70:7c:ba:68:0f:7c:e8:88:ab:3c:de:77:84:
                        51:47:3d:bb:18:c9:2f:f6:6a:c1:19:01:39:b1:c8:
                        0c:4f:6d:41:be:7e:1d:b7:42:3a:d8:70:1c:53:88:
                        86:14:21:e1:d3:e8:a7:fa:40:27:4d:ac:dc:9e:22:
                        23:72:19:ba:2b:bc:db:93:99:a9:f9:97:df:61:69:
                        2a:25:f0:39:5b:14:18:89:38:0b:1e:03:69:ff:f9:
                        c6:f0:15:43:2f:d5:51:34:82:52:6d:66:62:ec:07:
                        d3:19:a9:62:79:76:08:2c:8b:93:2c:ca:3b:aa:99:
                        7c:6a:7a:68:c2:ca:3c:89:2a:d8:68:8f:65:4c:54:
                        42:c1:ea:dc:15:47:23:e7:37:e4:57:c8:3c:ee:81:
                        99:5c:ac:5d:19:f1:6c:55:b2:f2:c3:df:e3:c7:7a:
                        5b:f3
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Key Usage: 
                    Digital Signature
                X509v3 Extended Key Usage: 
                    TLS Web Client Authentication, TLS Web Server Authentication
                X509v3 Subject Key Identifier: 
                    53:71:8D:59:82:8E:99:D8:F9:FE:FE:BC:77:D1:4C:AE:7A:FD:A0:E3
                X509v3 Authority Key Identifier: 
                    keyid:99:54:11:DA:DF:02:9D:7F:B6:0D:43:43:C3:14:0E:79:03:27:27:0C
    
                X509v3 Subject Alternative Name: 
                    IP Address:192.168.119.160, IP Address:127.0.0.1, DNS:192.168.119.160, DNS:localhost
        Signature Algorithm: sha256WithRSAEncryption
             71:39:ee:91:1c:71:e7:63:f6:f4:c5:42:59:e8:23:f7:fa:37:
             ea:af:75:a1:55:7b:d7:87:a1:43:0b:5f:f7:75:e6:de:77:e5:
             3f:ec:19:ee:8c:bb:fd:f7:2b:3c:e2:4c:a3:f6:05:01:df:7a:
             b4:b0:1a:3a:d3:42:d6:81:54:df:bd:21:f2:8e:53:52:d7:15:
             43:84:d6:7d:4c:d9:c7:84:28:e9:2b:90:93:94:8c:76:58:38:
             24:2e:17:96:7f:7d:92:58:a4:40:59:5c:62:c4:69:b4:b8:2d:
             8a:e3:58:b9:21:a5:bd:9a:c9:09:32:16:43:af:1b:9c:7d:2e:
             37:80:46:f0:dd:67:9f:25:e9:2f:15:dc:6a:3a:9f:be:fc:32:
             76:d4:35:22:e6:3b:66:84:9d:24:5c:59:c4:b9:64:7b:c5:0d:
             87:65:cf:61:48:e9:de:54:3d:8c:21:03:e9:31:08:87:53:09:
             26:36:79:61:94:ce:3f:73:35:b3:59:67:12:27:ce:31:d3:e4:
             0a:ff:8a:29:e4:f7:01:fe:62:a9:7c:18:7f:5e:71:5e:6e:24:
             24:6b:58:8f:b1:19:ae:04:12:50:05:11:ba:38:dd:bc:f7:c5:
             1c:ae:27:47:1e:76:0e:a1:25:e2:4f:b7:7c:d6:b4:35:01:29:
             a5:67:86:ca

    3、挂载证书到Dashboard

    --- 删除已经部署的dashboard ---
    [root@k8s-master yml]# kubectl delete -f kubernetes-dashboard.yml 
    secret "kubernetes-dashboard-certs" deleted
    serviceaccount "kubernetes-dashboard" deleted
    role "kubernetes-dashboard-minimal" deleted
    rolebinding "kubernetes-dashboard-minimal" deleted
    deployment "kubernetes-dashboard" deleted
    service "kubernetes-dashboard" deleted
    
    --- 创建 secret "kubernetes-dashboard-certs" ---
    [root@k8s-master yml]# kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system 
    secret "kubernetes-dashboard-certs" created
    
    --- 查看secret内容 ---
    [root@k8s-master yml]# kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml
    apiVersion: v1
    data:
      dashboard.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwVENDQXJtZ0F3SUJBZ0lKQUo3QzdhRjVjdG1mTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTh4Q3pBSkJnTlYKQkFZVEFrTk9NUXN3Q1FZRFZRUUlEQUpJUWpFTE1Ba0dBMVVFQnd3Q1YwZ3hDekFKQmdOVkJBb01Ba1JOTVF3dwpDZ1lEVlFRTERBTlpVRlF4Q3pBSkJnTlZCQU1NQWtOQk1CNFhEVEU0TURnd056QTVNVGN5TTFvWERUSTRNRGd3Ck5EQTVNVGN5TTFvd1hERUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtoQ01Rc3dDUVlEVlFRSERBSlgKU0RFTE1Ba0dBMVVFQ2d3Q1JFMHhEREFLQmdOVkJBc01BMWxRVkRFWU1CWUdBMVVFQXd3UE1Ua3lMakUyT0M0eApNVGt1TVRZd01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTJNUWpFVFVtS2RrCmZ5SjNPVXdyZGhrTnZTRk1CVGNhSTF3T3piTXI3SFJwSWFVQjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUYKYmpDVWVwM3pQaVlWYkkyeUlROXJ2OXRjakRjc1dFT2NONzNFN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUgpSejI3R01rdjltckJHUUU1c2NnTVQyMUJ2bjRkdDBJNjJIQWNVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Cks3emJrNW1wK1pmZllXa3FKZkE1V3hRWWlUZ0xIZ05wLy9uRzhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUkKTEl1VExNbzdxcGw4YW5wb3dzbzhpU3JZYUk5bFRGUkN3ZXJjRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeQp3OS9qeDNwYjh3SURBUUFCbzRHaU1JR2ZNQXNHQTFVZER3UUVBd0lIZ0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGCkJRY0RBZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkZOeGpWbUNqcG5ZK2Y3K3ZIZlJUSzU2L2FEak1COEcKQTFVZEl3UVlNQmFBRkpsVUVkcmZBcDEvdGcxRFE4TVVEbmtESnljTU1ERUdBMVVkRVFRcU1DaUhCTUNvZDZDSApCSDhBQUFHQ0R6RTVNaTR4TmpndU1URTVMakUyTUlJSmJHOWpZV3hvYjNOME1BMEdDU3FHU0liM0RRRUJDd1VBCkE0SUJBUUJ4T2U2UkhISG5ZL2IweFVKWjZDUDMramZxcjNXaFZYdlhoNkZEQzEvM2RlYmVkK1UvN0JudWpMdjkKOXlzODRreWo5Z1VCMzNxMHNCbzYwMExXZ1ZUZnZTSHlqbE5TMXhWRGhOWjlUTm5IaENqcEs1Q1RsSXgyV0RnawpMaGVXZjMyU1dLUkFXVnhpeEdtMHVDMks0MWk1SWFXOW1za0pNaFpEcnh1Y2ZTNDNnRWJ3M1dlZkpla3ZGZHhxCk9wKysvREoyMURVaTVqdG1oSjBrWEZuRXVXUjd4UTJIWmM5aFNPbmVWRDJNSVFQcE1RaUhVd2ttTm5saGxNNC8KY3pXeldXY1NKODR4MCtRSy80b3A1UGNCL21LcGZCaC9YbkZlYmlRa2ExaVBzUm11QkJKUUJSRzZPTjI4OThVYwpyaWRISG5ZT29TWGlUN2Q4MXJRMUFTbWxaNGJLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
      dashboard.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdTJNUWpFVFVtS2RrZnlKM09Vd3JkaGtOdlNGTUJUY2FJMXdPemJNcjdIUnBJYVVCCjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUZiakNVZXAzelBpWVZiSTJ5SVE5cnY5dGNqRGNzV0VPY043M0UKN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUlJ6MjdHTWt2OW1yQkdRRTVzY2dNVDIxQnZuNGR0MEk2MkhBYwpVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Szd6Yms1bXArWmZmWVdrcUpmQTVXeFFZaVRnTEhnTnAvL25HCjhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUlMSXVUTE1vN3FwbDhhbnBvd3NvOGlTcllhSTlsVEZSQ3dlcmMKRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeXc5L2p4M3BiOHdJREFRQUJBb0lCQUVnZHVoS2hzc2dGTkJJUgpxNXlyaWRacmtmUUZ5b0gvVU5ubTVmT1lUd0V6VS9xVXpJQW1TRUR1U1VYUnNkMGREUGZxOU9CL2FRSmhET0Q1ClpVdERXb2ZDbEdBd3NDczFDaHpPU1hIVkVnWHVEME1NajZ3VlRhNlBxYUdKNnhhNlVhdWF1bTVjZ0tteWpLMUUKUHFzdFVuNGRXNjlKMzNCaU13cW1XN1Q2U0dsc00vNmlVTElWdGpXclJkOUZrRU40SVkyUHBsRmhZckRvNEQveQpVQlBUK0laQjJ5b0Z6VDRDQ0JZZkVDOC9WT3lzSVN2ajhWbW5lbStaZy96aVdkQzBmZzY5U3JQRzBUYStQZmdJCjJHUzNBcGQxdGJ3YUhzL01UV0UvR1dQRzZtVm92dkVwTUorek9wR2lMZDBVVVdRaEpZeUpIT3hZRkVKWHNrYTYKQ2RZL09wRUNnWUVBOXFnNDFWNTBWNGxUNWViMExxbWUzeGJFTVA3MHp3SkhJOFpKQ0pwSi9HR2lNYlB2dm5FYwpKMlVIMkdFOEgrQ1JCakZyRzRIcCttSlNzdFlDTUpGclU1bmpTZ3BRdXJCY3pTdXFqSkFUcWV1UUhVZkpkUXdwCjFydXR2YnBSZGtmTVJPK0NDbGkxSDdPNW1YWGo0NkoxNjF4aHhFWUtLYWdHU3BCUkJQUFNPdmNDZ1lFQXdud2QKRG9VZkpBTlBJcnV4ZUJ0VzFTTnQ0T1hzdHd6STJpWUNrbGFNSmI3VWJ1NndBNkdzUGJuT2puMWVvb0dLc0xPNgo0K05VckxVSGZBNzdwaW1LK2kwa2xPZDJVdFhweUdObjJqTm5kK0V0ZmpkZ3pLTWdvN09BQ28zQ1hnM1JJTDBJClVRYjRiUVV1bWRDM2NPYXUvbzNBNk1zKzJRT1ZXTDV5R1pkMUMrVUNnWUFJbW9tUTk4QjdKVEVsL2M1YXFsUCsKV0I3enpwRGZmNmJYbXAwRmpjd3kzM3oyMnQzcitLb1F2YmR1VnNYd0hyY3dUaHo4VXFYRXRCVktZNmlqNVE2bgpWZURWdmxKZWtMUkwrOC94SXoxc1dla20vRkFNb3lYNmRZVno3c0hVckdCMXJ4ME1HMWdHQ1JEYVI0Qnhla00rCnVIUTRrbkRjVHg0WkQ3dWp2cFdBdFFLQmdCc3hGVEx4ZytBYUlsZGQzTHRKUDBPL2wxNUpaMlpVZ0VTWDZlWWgKK2FoUlhReEJqUlNFNXpzZUhuWW5xektYWUJmQ21VL0JlaFpIblV0SUlRRWpiODM0djlPZDVScEIxRlR6S1JNRgordUowOWxKZVZjZG15MnAzNzJBS1gvR2NodS9IM2tETjg2L3llSWlDK1JMcy9leVRUelI5TGtWVFRlOUJlVnlBCm81bk5Bb0dBTCsxYk4rTDVmRG5YS2RzdlYrSkdUM3pBT3BPdCsySndGc0huWTdacVFmV3NFcVFITE53c0VzNk4Kb3kxU3g1T0I1K0owaWlhampPS0dlQzl3Z1Y3dFNxNkJieUoxQnZSc1Ewb20yZGg2RGVIQ0pDN0VZQnhWb2oxQwpVMSszTXVBZHJvOE45R1BtRHZYdlhvTkhRVnBQTTlEQTJ4UDZZTkZuVEZKN1NVRTRRcDA9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
    kind: Secret
    metadata:
      creationTimestamp: 2018-08-07T09:22:53Z
      name: kubernetes-dashboard-certs
      namespace: kube-system
      resourceVersion: "22645"
      selfLink: /api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs
      uid: 7649dc00-9a23-11e8-81c9-005056322159
    type: Opaque
    
    --- 重新部署dashboard ---
    [root@k8s-master yml]# kubectl apply -f kubernetes-dashboard.yml 
    Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
    secret "kubernetes-dashboard-certs" configured
    serviceaccount "kubernetes-dashboard" created
    role "kubernetes-dashboard-minimal" created
    rolebinding "kubernetes-dashboard-minimal" created
    deployment "kubernetes-dashboard" created
    service "kubernetes-dashboard" created

    此时可以通过浏览器检查Dashboard证书是否生效:

    这里写图片描述

    4、导入CA到客户端操作系统

    --- 从服务器上下载CA ---
    LiondeMacBook-Pro:Desktop lion$ scp root@192.168.119.160:/root/kubernetes/yml/tls/ca.crt .
    ca.crt                                                                      100% 1253     1.8MB/s   00:00  

    不同的操作系统导入步骤大同小异,Firefox需要通过浏览器本身进行导入;Mac导入之后需要设置信任选项

    这里写图片描述

    如果你的证书是有效的 Public trusted CA ,你大可不必导入到任何操作系统!

    5、访问测试

    这里写图片描述

    6、参考资料

    展开全文
  • 使用Gateway网关配合sentinel-dashboard使用nacos同步数据-打docker镜像 克隆sentinel-dashboard到本地:https://github.com/alibaba/Sentinel/ 开始修改代码: 修改pom.xml中的sentinel-datasource-nacos的...

    使用Gateway网关配合sentinel-dashboard使用nacos同步数据-打docker镜像

    1. 克隆sentinel-dashboard到本地:https://github.com/alibaba/Sentinel/

    2. 开始修改代码:

      1. 修改pom.xml中的sentinel-datasource-nacos的依赖,将<scope>test</scope>注释掉,这样才能在主程序中使用。

        <dependency>
            <groupId>com.alibaba.csp</groupId>
            <artifactId>sentinel-datasource-nacos</artifactId>
            <!--<scope>test</scope>-->
        </dependency>
        
      2. 展开test->java->com.alibaba.csp.sentinel.dashboard->rule->nacos

        复制NacosConfig到src->java->com.alibaba.csp.sentinel.dashboard->config

        复制其余3个文件到src->java->com.alibaba.csp.sentinel.dashboard->rule

      3. 修改NacosConfig 代码

          @Value("${spring.cloud.sentinel.datasource.ds.nacos.serverAddr}")
          private String serverAddr;
        
          @Bean
          public ConfigService nacosConfigService() throws Exception {
            return ConfigFactory.createConfigService(serverAddr);
          }
        
        spring.cloud.sentinel.datasource.ds.nacos.serverAddr=172.****:8850
        spring.cloud.sentinel.datasource.ds.nacos.dataId=nocov-cloud-gateway-sentinel-flow-rules.properties
        spring.cloud.sentinel.datasource.ds.nacos.groupId=SENTINEL_GROUP
        
      4. 修改FlowRuleNacosProvider代码

          @Value("${spring.cloud.sentinel.datasource.ds.nacos.dataId}")
          private String dataId;
        
          @Value("${spring.cloud.sentinel.datasource.ds.nacos.groupId}")
          private String groupId;
        
          @Override
          public List<FlowRuleEntity> getRules(String appName) throws Exception {
            String rules = configService.getConfig(dataId, groupId, 3000);
            if (StringUtil.isEmpty(rules)) {
              return new ArrayList<>();
            }
            return converter.convert(rules);
          }
        
      5. 修改FlowRuleNacosPublisher代码

          @Value("${spring.cloud.sentinel.datasource.ds.nacos.dataId}")
          private String dataId;
        
          @Value("${spring.cloud.sentinel.datasource.ds.nacos.groupId}")
          private String groupId;
        
          @Override
          public void publish(String app, List<FlowRuleEntity> rules) throws Exception {
            AssertUtil.notEmpty(app, "app name cannot be empty");
            if (rules == null) {
              return;
            }
            configService.publishConfig(dataId, groupId, converter.convert(rules));
          }
        
      6. 注意:

        1. 同时Nacos中应该有如下配置:

        在这里插入图片描述

        1. 网关配置:
              datasource:
                ds:
                  nacos:
                    server-addr: ${spring.cloud.nacos.discovery.server-addr}
                    data-id: nocov-cloud-gateway-sentinel-flow-rules.properties
                    namespace:
                    group-id: SENTINEL_GROUP
                    data-type: json
                    # 限流
                    rule-type: flow
        
      7. 打开src->java->com.alibaba.csp.sentinel.dashboard->controller->v2->FlowControllerV2

        @Qualifier(“flowRuleDefaultProvider”) 改为 @Qualifier(“flowRuleNacosProvider”)

        @Qualifier(“flowRuleDefaultPublisher”) 改为 @Qualifier(“flowRuleNacosPublisher”)

      8. 打开src->webapp->resources->app->scripts->directives->sidebar->sidebar.html

        <li ui-sref-active="active" ng-if="entry.isGateway">
          	<a ui-sref="dashboard.flow({app: entry.app})">
            <i class="glyphicon glyphicon-filter"></i>&nbsp;&nbsp;流控规则 V2</a>
        </li>
        

        注意:请仔细查看流控规则,只留一个即可。「因为我使用了Gateway 的sentinel 所以使用entry.isGateway」

      9. 通过sentinel-dashboard项目打开Terminal,输入

        mvn clean package
        

        成功打出Jar包,如果报错:缺少其他Jar,请先在缺少的Jar项目名称下install后在运行命令;

    3. 完成之后:
      在这里插入图片描述

    4. 发现问题:sentinel使用nacos保存数据时,无法设置数据格式,所以每次在sentinel上修改流控规则后,nacos中的“配置格式”为无,
      在这里插入图片描述

      查看了比较浅的源码:发现无法自定义配置格式。

      但总体不影响使用。

    展开全文
  • dashboard使用与访问

    千次阅读 2018-12-29 10:00:00
    #dashboard的github地址 https://github.com/kubernetes/dashboard #下载 wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml #导入 ku....
    #dashboard的github地址
    https://github.com/kubernetes/dashboard
    #下载
    wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
    #导入
    kubectl  apply -f kubernetes-dashboard.yaml 
    #给kubernetes-dashboard 打补丁(类型改成nodeport)(或者使用ingress配置dashboard,让外面访问)
    kubectl  patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
    #查看
    [root@k8s-m yaml]# kubectl  get svc -n kube-system
    NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
    kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP   26m
    kubernetes-dashboard   NodePort    10.98.155.174   <none>        443:32051/TCP   4m11s
    
    #访问
    在浏览器输入宿主机的公网ip+nodeport映射的端口
    https://IP:port

     

    #创建超级用户

     

    vi dashboard-admin-rbac.yaml
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard-admin
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: kubernetes-dashboard-admin
      labels:
        k8s-app: kubernetes-dashboard
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: kubernetes-dashboard-admin
      namespace: kube-system
    
    #导入
    kubectl apply -f  dashboard-admin-rbac.yaml
    
    #查看token名称
    [root@k8s-m yaml]# kubectl -n kube-system get secret | grep kubernetes-dashboard-admin
    kubernetes-dashboard-admin-token-mkpgh           kubernetes.io/service-account-token   3      23s
    #查看token
    #方法一、kubectl  get secret kubernetes-dashboard-admin-token-mkpgh -n kube-system -o jsonpath={".data.token"}|bash64 -d
    kubectl describe -n kube-system secret kubernetes-dashboard-admin-token-mkpgh |grep ^token
    

      

    #复制token到令牌框中

     

    转载于:https://www.cnblogs.com/zhangb8042/p/10193985.html

    展开全文
  • 针对生产环境, Netflix还给我们准备了一个非常好用的运维工具, 那就是Hystrix Dashboard,通过Hystrix ... 但是只使用Hystrix Dashboard的话, 能看到单个应用内的服务信息,大神必备神器,导入即用,无需更改和配置!
  • 配置OpenStack dashboard使用HTTPS

    千次阅读 2017-04-28 22:31:26
    OpenStack dashboard配置HTTPS访问
  • 使用Kubernetes Dashboard过程中发现,需要运行如下命令: kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml 但总是不能成功...
  • openstack 的dashboard 使用了google 字体, 导致网站访问速度慢解决方案有几种:去掉google字体,直接删除google字体使用local字体替代使用360字体替代字体使用代码在css中,以ubuntu为例:/usr/share/openstack-...
  • 在参考大神的教程安装...部署时使用到的dashboard-rbac.yaml文件如下: apiVersion: v1 kind: ServiceAccount metadata: name: dashboard namespace: kube-system --- kind: ClusterRoleBinding apiVersion:...
  • NULL 博文链接:https://sap.iteye.com/blog/1724542
  • kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml 删除yaml: kubectl delete -f https://raw.githubusercontent.co...
  • Hystrix Dashboard是Hystrix的仪表盘组件,主要用来实时监控Hystrix的各项指标信息,通过界面反馈的信息可以快速发现系统中存在的问题。使用方法如下:pom.xml&lt;dependencies&gt; &lt;!-- 自己定义...
  • @SpringBootApplication @EnableHystrixDashboard //开启hystrix 的dashboard public class DeptConsumerDashBoard { public static void main(String[] args) { SpringApplication.run(DeptConsumerDashBoard....
  • 除了隔离依赖服务的调用以外,Hystrix还提供了准实时的监控(Hystrix Dashboard)Hystrix会持续记录所有通过Hystrix发起的请求的执行信息并以统计报表和图形的形式展示给用户,包括每秒执行多少请求多少成功,多少...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 6,307
精华内容 2,522
关键字:

dashboard使用