k8s Dashboard部署

1.下載Dashboard所需要用到的yaml文件
wget https://www.cloudelf.cn/kubernetes/kubernetes-dashboard.yaml

修改此yaml文件為:
1).注釋掉Dashboard Secret ,不然后面訪問(wèn)顯示網(wǎng)頁(yè)不安全,證書(shū)過(guò)期,我們自己生成證書(shū)。
2).因?yàn)槲疫x擇nodeport訪問(wèn)dashboard,所以將service type字段設(shè)置為nodeport,并指定nodeport為40000,如下圖

image.png
# ------------------- Dashboard Secret ------------------- #
將這些都注釋掉
#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#  name: kubernetes-dashboard-certs
#  namespace: kube-system
#type: Opaque

#---
# ------------------- Dashboard Service Account ------------------- #
省略
---
# ------------------- Dashboard Role & Role Binding ------------------- #
省略
---
省略
---
# ------------------- Dashboard Deployment ------------------- #

不用修改,省略
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      nodePort: 40000
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard


生成pod
kubectl apply -f kubernetes-dashboard.yaml
2、搭建完kubernetes在通過(guò)谷歌瀏覽器訪問(wèn)dashboard的時(shí)候會(huì)有如下提示,這是我自己親自趟的坑,各大網(wǎng)站翻遍了,至少試了有十幾種方法,然而我現(xiàn)在也不敢確定我這種百分百正確,只是實(shí)現(xiàn)了,因?yàn)橹虚g試的方法太多了。

既然都趟完坑了,那我就一開(kāi)始告訴你們,從源頭解決它,
能夠順利通過(guò)谷歌瀏覽器打開(kāi)自己部署的kubernetes UI界面

mkdir key && cd key
#生成證書(shū)
openssl genrsa -out dashboard.key 2048 
#我這里寫的自己的node1節(jié)點(diǎn),因?yàn)槲沂峭ㄟ^(guò)nodeport訪問(wèn)的;如果通過(guò)apiserver訪問(wèn),可以寫成自己的master節(jié)點(diǎn)ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.135.129'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 
#刪除原有的證書(shū)secret
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#創(chuàng)建新的證書(shū)secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
#查看pod
kubectl get pod -n kube-system
#重啟pod
kubectl delete pod kubernetes-dashboard-78dc5f9d6b-zgvr6  -n kube-system

再一次創(chuàng)建dashboard pod
kubectl apply -f kubernetes-dashboard.yaml

3.創(chuàng)建綁定用戶
1.創(chuàng)建一個(gè)叫admin-user的服務(wù)賬號(hào):
[root@k8s01 ~]# cat admin-user.yaml 
# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
[root@k8s01 ~]# kubectl create -f admin-user.yaml

2.直接綁定admin角色:
[root@k8s01 ~]# cat admin-user-role-binding.yaml 
# admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
[root@k8s01 ~]# kubectl create -f  admin-user-role-binding.yaml

查看綁定信息
4.Heapster是容器集群監(jiān)控和性能分析工具(非必須)
wget https://www.cloudelf.cn/kubernetes/influxdb.yaml
wget https://www.cloudelf.cn/kubernetes/grafana.yaml
wget https://www.cloudelf.cn/kubernetes/heapster.yaml
wget https://www.cloudelf.cn/kubernetes/heapster-rbac.yaml
[root@k8s01 ~] # kubectl create -f influxdb.yaml
[root@k8s01 ~] # kubectl create -f grafana.yaml
[root@k8s01 ~] # kubectl create -f heapster.yaml
[root@k8s01 ~] # kubectl create -f heapster-rbac.yaml
[root@k8s01 ~] # kubectl get pods --namespace=kube-system
NAME                                READY       STATUS     RESTARTS    AGE
heapster-844d66dcb7-xzhjs           1/1           Running       0     1h
kubernetes-dashboard-78dc5f9d6b-qglnd 1/1         Running       0     2h
monitoring-grafana-555bb9c5c9-597j7 1/1           Running       0     1h
monitoring-influxdb-ddbcd4f99-8lp7z 1/1           Running       0     1h

[root@master yaml]# kubectl cluster-info
Kubernetes master is running at http://localhost:8080
Heapster is running at http://localhost:8080/api/v1/namespaces/kube-system/services/heapster/proxy
monitoring-grafana is running at http://localhost:8080/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
monitoring-influxdb is running at http://localhost:8080/api/v1/namespaces/kube-system/services/monitoring-influxdb/proxy

[root@master yaml]# kubectl -n kube-system get service 
NAME                   TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
heapster               ClusterIP   10.0.0.206   <none>        80/TCP          3h
kubernetes-dashboard   NodePort    10.0.0.30    <none>        443:40000/TCP   1h
monitoring-grafana     ClusterIP   10.0.0.152   <none>        80/TCP          3h
monitoring-influxdb    ClusterIP   10.0.0.32    <none>        8086/TCP        3h
5.谷歌瀏覽器訪問(wèn) https://192.168.135.129:40000

登陸所需要的token 獲取方法:

kubectl -n kube-system get secret

查詢?cè)撚脩魌oken認(rèn)證,復(fù)制此token

kubectl -n kube-system describe secret admin-user-token-wvlxs
image.png
成功

問(wèn)題匯總:若master 指定nodeport 在node 查看端口沒(méi)有起來(lái),查看kube-proxy是否正常running
若端口起來(lái),但是telnet 連不進(jìn)去端口,開(kāi)啟路由轉(zhuǎn)發(fā)

image.png
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。