2020-03-19
前提:已搭建好Kubernetes集群。
在Master上部署Dashboard。
下载并修改Dashboard安装脚本
下载官网安装说明的recommended.yaml脚本:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml
修改recommended.yaml文件内容:
---
#增加直接访问端口
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30008 #增加
selector:
k8s-app: kubernetes-dashboard
##因为自动生成的证书很多浏览器无法使用,
##所以我们自己创建,注释掉kubernetes-dashboard-certs对象声明
#---
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
...
创建证书
mkdir dashboard-certs
cd dashboard-certs/
#创建命名空间
kubectl create namespace kubernetes-dashboard
# 创建key文件
openssl genrsa -out dashboard.key 2048
#证书请求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#自签证书
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
安装Dashboard
#安装
kubectl create -f ~/recommended.yaml
#检查结果
[root@k8s-master ~]# kubectl get service -n kubernetes-dashboard -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.96.113.127 <none> 8000/TCP 16s k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.96.203.158 <none> 443:30008/TCP 16s k8s-app=kubernetes-dashboard
创建dashboard管理员
新建一个yaml文件:
vi dashboard-admin.yaml
内容:
#创建账号:
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
---
#为用户分配权限:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
保存退出后执行
kubectl create -f dashboard-admin.yaml
查看并复制用户Token
[root@k8s-master ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-qxh98
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 04d65d27-2696-4646-a153-4ad1c79922cb
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImxnSHVWam1TMG83emhKMlBQNUxteHI2YklDc2FCV1NUck4tXzVoS3N1dVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcXhoOTgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDRkNjVkMjctMjY5Ni00NjQ2LWExNTMtNGFkMWM3OTkyMmNiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.ScSVuBaLFxGqnLj5w_rS_1rNbi0bC2TqmJarcc4ygwxIfUMeC90qp6upyeYsB-r7MO6Qd5fPgeVwvJK2FyT43vaqHgb6EBoMqvvfn58_TI1aZBY-Td3pzyUjk0PG50b88Rs2guhuo4pl5vtLWH4LgpVIqpfAKkXuqTAavfnjhFlnkJ3YNAOlPOh1jbWSHSM_FSrpYJ6ZmN0YGCm1tWnPItFNjo1ZJMikhU7rsKnWK1yfYF-5ne5N2pTVOMWrExnN6N78kYctdAi0w00j2bR7F89CfRN1ssq69blh_Q9mZfC5dC0t_tuyAQ46qIVKkrzqmlx5HD23vNyJnyFvEuF8HQ
登录Dashboard
访问:https://192.168.174.137:30008,选择Token登录,复制刚才生成的密钥。
注意,IP为任意node节点的对外的IP.
完成!
参考:https://www.cnblogs.com/bluersw/p/11747161.html
附:k8s集群安装参考:https://kuboard.cn/install/install-k8s.html
网友评论