第四課:部署Dashboard服務
阿新 • • 發佈:2020-08-24
13 部署dashboard(master01)
13.1 建立dashboard證書
13.1.1 建立目錄
mkdir /root/certs && cd /root/certs
13.1.2 建立名稱空間
[root@master01 certs]# kubectl create namespace kubernetes-dashboard namespace/kubernetes-dashboard created [root@master01 certs]# kubectl get ns NAME STATUS AGE default Active 28h kube-node-lease Active 28h kube-public Active 28h kube-system Active 28h kubernetes-dashboard Active 5s
13.1.3 建立key檔案
[root@master01 certs]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
................................................+++
...........+++
e is 65537 (0x10001)
13.1.4 建立證書請求
[root@master01 certs]# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert' [root@master01 certs]# ll total 8 -rw-r--r-- 1 root root 899 Aug 11 13:42 dashboard.csr -rw-r--r-- 1 root root 1679 Aug 11 13:41 dashboard.key
13.1.5自簽證書
[root@master01 certs]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt Signature ok subject=/CN=dashboard-cert Getting Private key [root@master01 certs]# ll total 12 -rw-r--r-- 1 root root 989 Aug 11 13:42 dashboard.crt -rw-r--r-- 1 root root 899 Aug 11 13:42 dashboard.csr -rw-r--r-- 1 root root 1679 Aug 11 13:41 dashboard.key
13.1.6 建立kubernetes-dashboard-certs物件
[root@master01 certs]# kubectl delete secrets kubernetes-dashboard-certs -n kubernetes-dashboard
Error from server (NotFound): secrets "kubernetes-dashboard-certs" not found
[root@master01 certs]# kubectl create secret generic kubernetes-dashboard-certs --from-file=/root/certs -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created
13.1.7 檢視系統是否存在證書
[root@master01 certs]# kubectl get secret
NAME TYPE DATA AGE
default-token-kjfkg kubernetes.io/service-account-token 3 27h
13.2 安裝dashboard
13.2.1 建立目錄
mkdir /root/dashboard/ && cd /root/dashboard
13.2.2 下載yaml檔案
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
13.2.3 修改yaml檔案
由於證書問題,只能firefox瀏覽器才能開啟,通過修改證書的方式,使所有瀏覽器都能開啟
以下行全部註釋掉,使用我們上面建立的證書
48 #apiVersion: v1
49 #kind: Secret
50 #metadata:
51 # labels:
52 # k8s-app: kubernetes-dashboard
53 # name: kubernetes-dashboard-certs
54 # namespace: kubernetes-dashboard
55 #type: Opaque
13.2.4 修改nodeport模式
39 spec:
40 type: NodePort
41 ports:
42 - port: 443
43 targetPort: 8443
44 selector:
45 k8s-app: kubernetes-dashboard
13.2.5 應用yaml啟動dashboard
kubectl create -f recommand.yaml
13.2.6 檢視服務資訊
[root@master01 dashboard]# kubectl get pods -A -o wide
kubernetes-dashboard dashboard-metrics-scraper-76679bc5b9-krkrc 1/1 Running 0 47s 172.17.15.4 192.168.68.149 <none> <none>
[root@master01 dashboard]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard kubernetes-dashboard NodePort 10.0.0.115 <none> 443:30916/TCP 14m
13.3 建立dashboard訪問賬戶
13.3.1 建立SA
[root@master01 dashboard]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
serviceaccount/dashboard-admin created
13.3.2 繫結叢集管理員
[root@master01 dashboard]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
13.5 獲取token
kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOG05ZzQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2UyMmQzZGQtMDE3OS00MzA3LWFhZjEtMGJkNjAzMjRjOTE4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.NPbtxU24mq7u8z3d2DJpbW7SFjxhCivr8s0_phodY9e9F8Vp_GcfCIDRmxooygu5hNHLgFb-zNGJI2LpyKRP7EniCsdBaQYX2igVzcjZnOldoXwLp6kM9H8BNIQYTTj14UnAIZ3bOPdm7lW2xDvlyI9njDQ6WkrGu5sX1O7c7tAdXzTKXkQH6Vv3ELpxugx9ozXhgakFTJQS85_ZfAAvP9kZ9eXjBWcoG4FlAoKmp4JEYFqE1KYfvH4Bar0_XTxA7nRY-60jMt6iE-nBT9gb3dTO-yEh-oexBKbwYjMI_MnL0Kwj1Vui-aCNY3qHS9IM_hBzra664Uhilok6RfhNbw
13.4 頁面訪問
https://192.168.68.149:30916
輸入上面命令獲取到的token後,可以正常訪問頁面。