120 lines
4.8 KiB
Markdown
120 lines
4.8 KiB
Markdown
<h1><center>Kubernetes集群Dashboard部署</center></h1>
|
||
|
||
著作:行癫 <盗版必究>
|
||
|
||
------
|
||
|
||
## 一:部署Dashboard
|
||
|
||
#### 1.kube-proxy 开启 ipvs
|
||
|
||
```shell
|
||
[root@k8s-master ~]# kubectl get configmap kube-proxy -n kube-system -o yaml > kube-proxy-configmap.yaml
|
||
[root@k8s-master ~]# sed -i 's/mode: ""/mode: "ipvs"/' kube-proxy-configmap.yaml
|
||
[root@k8s-master ~]# kubectl apply -f kube-proxy-configmap.yaml
|
||
[root@k8s-master ~]# rm -f kube-proxy-configmap.yaml
|
||
[root@k8s-master ~]# kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
|
||
```
|
||
|
||
#### 2.下载Dashboard安装脚本
|
||
|
||
```shell
|
||
[root@master ~]# wget http://www.xingdiancloud.cn:92/index.php/s/yer7cWtxesEit2R/download/recommended.yaml
|
||
```
|
||
|
||
#### 3.创建证书
|
||
|
||
```shell
|
||
[root@k8s-master ~]# mkdir dashboard-certs
|
||
[root@k8s-master ~]# cd dashboard-certs/
|
||
#创建命名空间
|
||
[root@k8s-master ~]# kubectl create namespace kubernetes-dashboard
|
||
# 创建私钥key文件
|
||
[root@k8s-master ~]# openssl genrsa -out dashboard.key 2048
|
||
#证书请求
|
||
[root@k8s-master ~]# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
|
||
#自签证书
|
||
[root@k8s-master ~]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
|
||
#创建kubernetes-dashboard-certs对象
|
||
[root@k8s-master ~]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
|
||
```
|
||
|
||
#### 4.创建管理员
|
||
|
||
```shell
|
||
创建账户
|
||
[root@k8s-master ~]# vim dashboard-admin.yaml
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
labels:
|
||
k8s-app: kubernetes-dashboard
|
||
name: dashboard-admin
|
||
namespace: kubernetes-dashboard
|
||
#保存退出后执行
|
||
[root@k8s-master ~]# kubectl create -f dashboard-admin.yaml
|
||
为用户分配权限
|
||
[root@k8s-master ~]# vim dashboard-admin-bind-cluster-role.yaml
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRoleBinding
|
||
metadata:
|
||
name: dashboard-admin-bind-cluster-role
|
||
labels:
|
||
k8s-app: kubernetes-dashboard
|
||
roleRef:
|
||
apiGroup: rbac.authorization.k8s.io
|
||
kind: ClusterRole
|
||
name: cluster-admin
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: dashboard-admin
|
||
namespace: kubernetes-dashboard
|
||
#保存退出后执行
|
||
[root@k8s-master ~]# kubectl create -f dashboard-admin-bind-cluster-role.yaml
|
||
```
|
||
|
||
#### 5.安装 Dashboard
|
||
|
||
```shell
|
||
#安装
|
||
[root@k8s-master ~]# kubectl create -f ~/recommended.yaml
|
||
|
||
#检查结果
|
||
[root@k8s-master ~]# kubectl get pods -A -o wide
|
||
|
||
[root@k8s-master ~]# kubectl get service -n kubernetes-dashboard -o wide
|
||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
|
||
dashboard-metrics-scraper ClusterIP 10.1.186.219 <none> 8000/TCP 19m k8s-app=dashboard-metrics-scraper
|
||
kubernetes-dashboard NodePort 10.1.60.1 <none> 443:30008/TCP 19m k8s-app=kubernetes-dashboard
|
||
```
|
||
|
||
#### 6.查看并复制token
|
||
|
||
```shell
|
||
[root@master ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
|
||
Name: dashboard-admin-token-xlhzr
|
||
Namespace: kubernetes-dashboard
|
||
Labels: <none>
|
||
Annotations: kubernetes.io/service-account.name: dashboard-admin
|
||
kubernetes.io/service-account.uid: a38e8ce3-848e-4d94-abcf-4d824deeb697
|
||
|
||
Type: kubernetes.io/service-account-token
|
||
|
||
Data
|
||
====
|
||
ca.crt: 1099 bytes
|
||
namespace: 20 bytes
|
||
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InFsRE1GQi1KQnZsZHpUOGZ4WGc1dlU1UHg3UGVrcC02TUNyYmZWcHhFZ3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4teGxoenIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTM4ZThjZTMtODQ4ZS00ZDk0LWFiY2YtNGQ4MjRkZWViNjk3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.anEX2MBlIo0lKQCGOsl3oZKBQkYujg6twLoO8hbWLAVp3xveAgpt6nW-_FrkG0yy9tIyXa6lpvu-c99ueB4KvKrIF0vJggWT3fU73u75iIwTbqDSghWy_BRFjt9NYuUFL4Mu-sPqra0ELgxYIGSEVuQwmZ8qOFjrQQQ2pKjxt8SsUHGLW-9FgmSgZTHPvZKFnU2V23BC2n_vowff63PF6kfnj1bNzV3Z1YCzgZOdy3jKM6sNKSI3dbcHiJpv5p7XF18qvuSZMJ9tMU4vSwzkQ_OLxsdNYwwD_YfRhua6f0kgWO23Z0lBTRLInejssdIQ31yewg9Eoqv4DhN1jZqhOw
|
||
```
|
||
|
||
#### 7.浏览器访问
|
||
|
||
```shell
|
||
https://10.0.0.220:30008
|
||
```
|
||
|
||
![image-20220426233444135](kubernetes%E9%9B%86%E7%BE%A4Dashboard%E9%83%A8%E7%BD%B2.assets/image-20220426233444135.png)
|
||
|
||
![image-20220426233537356](kubernetes%E9%9B%86%E7%BE%A4Dashboard%E9%83%A8%E7%BD%B2.assets/image-20220426233537356.png)
|
||
|