Kubernetes dashboard 的安装使用说明

      Kubernetes dashboard 的安装使用说明无评论

K8s的dashboard 可以帮助用户查看各个应用,服务,部署以及节点的配置和使用情况。以下是我这边简单的使用和部署流程,供大家参考。

  1. 获取dashboard的YAML文件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml

  2. 修改kubernetes-dashboard.yaml, 添加nodeport: 30001, and type: NodePort

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard   

3. 安装dashboard服务

kubectl apply -f kubernetes-dashboard.yaml

4.  检查安装

kubectl get service kubernetes-dashboard -n kubernetes-dashboard

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.100.136.185 <none> 443:30001/TCP 3h22m

5. 访问服务页面  https://localhost:30001

出现服务无法服务,说明浏览器需要TLS的证书

6. 创建自签名的证书

mkdir  tls && cd tls

创建CA

openssl genrsa -out ca.key 2048

openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=LN/L=DL/O=CMIR/OU=CMIR/CN=CA"

openssl x509 -in ca.crt -noout -text

签发证书

openssl genrsa -out dashboard.key 2048

openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=LN/L=DL/O=CMIR/OU=CMIR/CN=192.168.31.118"

vim dashboard.cnf 添加下边的内容

extensions = san
[san]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth,serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName =IP:192.168.31.118,IP:127.0.0.1,DNS:192.168.31.1,DNS:localhost

openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf

openssl x509 -in dashboard.crt -noout -text

挂载证书到dashboard

  1. kubectl delete -f kubernetes-dashboard.yaml
  2. kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system
  3. kubectl apply -f kubernetes-dashboard.yaml

7.   再次访问 https://localhost:30001, 应该出现登录界面,可以提供配置或者令牌登录

8. 生成令牌

  1. kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
  2. kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
  3. kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')
  4. 获取dashard-admin的token, 复制粘贴到登录页面即可登录

9. 进入dashboard的界面,可以查看k8s部署的各种服务以及状态

对于Chrome浏览器,本地无法访问https的解决方式:chrome://flags/#allow-insecure-localhost,设置为enable即可本地访问

 

沟通交流合作请加微信!