k8s 之dashboard部署

2020-06-23 | 0浏览

基于上篇文档安装主节点：安装kubenet-dashboard发现会报错kubectl apply -f http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yamled/kubernetes-dashboard.yaml可以先下载这个 dashboard.yamlwget http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

修改一下：讲Deployment的apiversion改成 apps/v1 #不支持以前的版本[root@k8s-master ~]# cat kubernetes-dashboard.yaml

# Copyright 2017 The Kubernetes Authors.## Licensed under the Apache License, Version 2.0 (the 'License');# you may not use this file except in compliance with the License.# You may obtain a copy of the License at##     http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an 'AS IS' BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.# Configuration to deploy release version of the Dashboard UI compatible with# Kubernetes 1.8.## Example usage: kubectl create -f <this_file># ------------------- Dashboard Secret ------------------- #apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-certs  namespace: kube-systemtype: Opaque---# ------------------- Dashboard Service Account ------------------- #apiVersion: v1kind: ServiceAccountmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-system---# ------------------- Dashboard Role & Role Binding ------------------- #kind: RoleapiVersion: rbac.authorization.k8s.io/v1metadata:  name: kubernetes-dashboard-minimal  namespace: kube-systemrules:  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.- apiGroups: ['']  resources: ['secrets']  verbs: ['create']  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.- apiGroups: ['']  resources: ['configmaps']  verbs: ['create']  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: ['']  resources: ['secrets']  resourceNames: ['kubernetes-dashboard-key-holder', 'kubernetes-dashboard-certs']  verbs: ['get', 'update', 'delete']  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: ['']  resources: ['configmaps']  resourceNames: ['kubernetes-dashboard-settings']  verbs: ['get', 'update']  # Allow Dashboard to get metrics from heapster.- apiGroups: ['']  resources: ['services']  resourceNames: ['heapster']  verbs: ['proxy']- apiGroups: ['']  resources: ['services/proxy']  resourceNames: ['heapster', 'http:heapster:', 'https:heapster:']  verbs: ['get']---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  name: kubernetes-dashboard-minimal  namespace: kube-systemroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: kubernetes-dashboard-minimalsubjects:- kind: ServiceAccount  name: kubernetes-dashboard  namespace: kube-system---# ------------------- Dashboard Deployment ------------------- #kind: DeploymentapiVersion: apps/v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-systemspec:  replicas: 1  revisionHistoryLimit: 10  selector:    matchLabels:      k8s-app: kubernetes-dashboard  template:    metadata:      labels:        k8s-app: kubernetes-dashboard    spec:      containers:      - name: kubernetes-dashboard        image: reg.qiniu.com/k8s/kubernetes-dashboard-amd64:v1.8.3        ports:        - containerPort: 8443          protocol: TCP        args:          - --auto-generate-certificates          # Uncomment the following line to manually specify Kubernetes API server Host          # If not specified, Dashboard will attempt to auto discover the API server and connect          # to it. Uncomment only if the default does not work.          # - --apiserver-host=http://my-address:port        volumeMounts:        - name: kubernetes-dashboard-certs          mountPath: /certs          # Create on-disk volume to store exec logs        - mountPath: /tmp          name: tmp-volume        livenessProbe:          httpGet:            scheme: HTTPS            path: /            port: 8443          initialDelaySeconds: 30          timeoutSeconds: 30      volumes:      - name: kubernetes-dashboard-certs        secret:          secretName: kubernetes-dashboard-certs      - name: tmp-volume        emptyDir: {}      serviceAccountName: kubernetes-dashboard      # Comment the following tolerations if Dashboard must not be deployed on master      tolerations:      - key: node-role.kubernetes.io/master        effect: NoSchedule---# ------------------- Dashboard Service ------------------- #kind: ServiceapiVersion: v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-systemspec:  ports:    - port: 443      targetPort: 8443  selector:    k8s-app: kubernetes-dashboard

查看 service服务

[root@k8s-master ~]# kubectl get serviceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.96.0.1 <none> 443/TCP 8m20s

查看pods服务都是running

[root@k8s-master ~]# kubectl get pods -n kube-system

NAME                                    READY   STATUS    RESTARTS   AGEcoredns-7ff77c879f-5j9dj                1/1     Running   0          8m27scoredns-7ff77c879f-s6sdn                1/1     Running   0          8m27setcd-k8s-master                         1/1     Running   0          8m38skube-apiserver-k8s-master               1/1     Running   0          8m38skube-controller-manager-k8s-master      1/1     Running   0          8m38skube-flannel-ds-amd64-n2jx5             1/1     Running   0          7m43skube-proxy-776tr                        1/1     Running   0          8m27skube-scheduler-k8s-master               1/1     Running   0          8m38skubernetes-dashboard-85fd46c98c-qkxdq   1/1     Running   0          2m24s

修改service配置，找到type，将ClusterIP改成NodePort：让映射出去

[root@k8s-m ~]# kubectl edit service kubernetes-dashboard --namespace=kube-system[root@k8s-master ~]# kubectl get service -n kube-system

NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGEkube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP   16hkubernetes-dashboard   NodePort    10.107.147.67   <none>        443:32145/TCP            16h

443服务已经映射出去到32145端口浏览器访问： https://192.168.60.115:32145

1.创建服务账号

首先创建一个叫admin-user的服务账号，并放在kube-system名称空间下：

# admin-user.yamlapiVersion: v1kind: ServiceAccountmetadata:  name: admin-user  namespace: kube-system

执行kubectl create命令：

kubectl create -f admin-user.yaml

2.绑定角色

默认情况下，kubeadm创建集群时已经创建了admin角色，我们直接绑定即可：

#admin-user-role-binding.yamlapiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: admin-userroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: cluster-adminsubjects:- kind: ServiceAccount  name: admin-user  namespace: kube-system

执行kubectl create命令：

kubectl create -f admin-user-role-binding.yaml3.获取Token

现在我们需要找到新创建的用户的Token，以便用来登录dashboard：

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

复制token登陆系统

原文地址：https://blog.51cto.com/13810716/2506561