部署doshboard
-
下载配置文件
cd /opt/k8s/yml wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc4/aio/deploy/recommended.yaml mv recommended.yaml dashboard-recommended.yaml
从 1.7 开始,dashboard 只允许通过 https 访问,采用自动生成的证书有的浏览器不支持,所以需要生成自签名的证书
-
生成自签名证书
mkdir -p /opt/k8s/yml/dashbaord cd /opt/k8s/yml/dashbaord openssl genrsa -des3 -passout pass:over4chars -out dashboard.pass.key 2048 openssl rsa -passin pass:over4chars -in dashboard.pass.key -out dashboard.key rm dashboard.pass.key openssl req -new -key dashboard.key -out dashboard.csr openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
-
使用自签名证书生成secret
cd /opt/k8s/yml/dashbaord root@master:/opt/k8s/yml/dashbaord# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
-
修改配置文件
把dashboard-recommended.yaml中创建kubernetes-dashboard-certs的部分去掉
#--- #apiVersion: v1 #kind: Secret #metadata: # labels: # k8s-app: kubernetes-dashboard # name: kubernetes-dashboard-certs # namespace: kubernetes-dashboard #type: Opaque
-
启动dashboard
cd /opt/k8s/yml root@master:/opt/k8s/yml# kubectl create -f dashboard-recommended.yaml
-
通过 port forward 访问 dashboard
cd /opt/k8s/yml kubectl port-forward -n kubernetes-dashboard svc/kubernetes-dashboard 4443:443 --address 0.0.0.0
-
浏览器访问 URL:https://192.168.0.107:4443
-
创建登录 Dashboard 的 token
kubectl create sa dashboard-admin -n kube-system kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}') DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}') echo ${DASHBOARD_LOGIN_TOKEN}
-
使用token值登陆