[5.kubernetes的GUI资源管理插件-仪表盘]
1.准备dashboard镜像
[root@k8s-60 harbor]# docker pull k8scn/kubernetes-dashboard-amd64:v1.8.3[root@k8s-60 harbor]# docker images|grep dashboard[root@k8s-60 harbor]# docker tag fcac9aa03fd6 harbor.od.com/public/dashboard:v1.8.3[root@k8s-60 harbor]# docker push harbor.od.com/public/dashboard:v1.8.3
2.创建资源配置清单
官方配置清单模板
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
在k8s-60.host.com上
[root@k8s-60 harbor]# mkdir -p /data/k8s-yaml/dashboard && cd /data/k8s-yaml/dashboard
rbac.yaml
[root@k8s-60 dashboard]# vi rbac.yamlapiVersion: v1kind: ServiceAccountmetadata:labels:k8s-app: kubernetes-dashboardaddonmanager.kubernetes.io/mode: Reconcilename: kubernetes-dashboard-adminnamespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:name: kubernetes-dashboard-adminnamespace: kube-systemlabels:k8s-app: kubernetes-dashboardaddonmanager.kubernetes.io/mode: ReconcileroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-adminsubjects:- kind: ServiceAccountname: kubernetes-dashboard-adminnamespace: kube-system
dp.yaml
[root@k8s-60 dashboard]# vi dp.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: kubernetes-dashboardnamespace: kube-systemlabels:k8s-app: kubernetes-dashboardkubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilespec:selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardannotations:scheduler.alpha.kubernetes.io/critical-pod: ''spec:priorityClassName: system-cluster-criticalcontainers:- name: kubernetes-dashboardimage: harbor.od.com/public/dashboard:v1.8.3resources:limits:cpu: 100mmemory: 300Mirequests:cpu: 50mmemory: 100Miports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificatesvolumeMounts:- name: tmp-volumemountPath: /tmplivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30volumes:- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboard-admintolerations:- key: "CriticalAddonsOnly"operator: "Exists"
svc.yaml
[root@k8s-60 dashboard]# vi svc.yamlapiVersion: v1kind: Servicemetadata:name: kubernetes-dashboardnamespace: kube-systemlabels:k8s-app: kubernetes-dashboardkubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilespec:selector:k8s-app: kubernetes-dashboardports:- port: 443targetPort: 8443
ingress.yaml
[root@k8s-60 dashboard]# vi ingress.yamlapiVersion: extensions/v1beta1kind: Ingressmetadata:name: kubernetes-dashboardnamespace: kube-systemannotations:kubernetes.io/ingress.class: traefikspec:rules:- host: dashboard.od.comhttp:paths:- backend:serviceName: kubernetes-dashboardservicePort: 443
3.应用资源配置清单
[root@k8s-40 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/rbac.yaml[root@k8s-40 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/dp.yaml[root@k8s-40 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/svc.yaml[root@k8s-40 ~]# kubectl apply -f http://k8s-yaml.od.com/dashboard/ingress.yaml
4.查看创建的资源
[root@k8s-40 ~]# kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcoredns-6b6c4f9648-8fzsf 1/1 Running 0 18mkubernetes-dashboard-76dcdb4677-67bwn 1/1 Running 0 21straefik-ingress-96th7 1/1 Running 0 10mtraefik-ingress-b6rkv 1/1 Running 0 10m[root@k8s-40 ~]# kubectl get svc -n kube-systemNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEcoredns ClusterIP 10.96.0.2 <none> 53/UDP,53/TCP,9153/TCP 18mkubernetes-dashboard ClusterIP 10.96.3.196 <none> 443/TCP 30straefik-ingress-service ClusterIP 10.96.1.198 <none> 80/TCP,8080/TCP 10m[root@k8s-40 ~]# kubectl get ingress -n kube-systemNAME HOSTS ADDRESS PORTS AGEkubernetes-dashboard dashboard.od.com 80 31straefik-web-ui traefik.od.com 80 10m
5.解析域名
[root@k8s-20 conf.d]# vi /var/named/od.com.zone$ORIGIN od.com.$TTL 600 ; 10 minutes@ IN SOA dns.od.com. dnsadmin.od.com. (2020042602 ; serial //前滚一个序列号10800 ; refresh (3 hours)900 ; retry (15 minutes)604800 ; expire (1 week)86400 ; minimum (1 day))NS dns.od.com.$TTL 60 ; 1 minutedns A 192.168.10.20harbor A 192.168.10.60k8s-yaml A 192.168.10.60traefik A 192.168.10.10dashboard A 192.168.10.10[root@hdss7-11 conf.d]# systemctl restart named
6.浏览器访问
http://dashboard.od.com/
7.令牌命令行获取方式
kubectl get secret -n kube-systemkubectl describe secret kubernetes-dashboard-admin-token-xxxxx -n kube-system
8.签发dashboard的证书
到运维主机上操作
使用哦openssl签发
[root@k8s-60 certs]# (umask 077; openssl genrsa -out dashboard.od.com.key 2048)[root@k8s-60 certs]# openssl req -new -key dashboard.od.com.key -out dashboar.od.com.csr -subj "/CN=dashboard.od.com/C=CN/ST=BJ/L=Beijing/O=daliuyuan/OU=ops"[root@k8s-60 certs]# openssl x509 -req -in dashboar.od.com.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out dashboard.od.com.crt -days 3650[root@k8s-60 certs]# cfssl-certinfo -cert dashboard.od.com.crt
[root@k8s-20 ~]# cd /etc/nginx/[root@k8s-20 nginx]# mkdir certs[root@k8s-20 nginx]# cd certs/[root@k8s-20 certs]# scp k8s-60:/opt/certs/dashboard.od.com.crt .[root@k8s-20 certs]# scp k8s-60:/opt/certs/dashboard.od.com.key .加入nginx配置[root@k8s-20 certs]# cd ../conf.d/[root@k8s-20 conf.d]# vi dashboard.od.com.confserver {listen 80;server_name dashboard.od.com;rewrite ^(.*)$ https://${server_name}$1 permanent;}server {listen 443 ssl;server_name dashboard.od.com;ssl_certificate "certs/dashboard.od.com.crt";ssl_certificate_key "certs/dashboard.od.com.key";ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;location / {proxy_pass http://default_backend_traefik;proxy_set_header Host $http_host;proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;}}[root@k8s-20 conf.d]# nginx -t[root@k8s-20 conf.d]# nginx -s reload
配置认证
- 下载新版dashboard
[root@k8s-60 ~]# docker pull hexun/kubernetes-dashboard-amd64:v1.10.1[root@k8s-60 ~]# docker tag f9aed6605b81 harbor.od.com/public/dashboard:v1.10.1[root@k8s-60 ~]# docker push harbor.od.com/public/dashboard:v1.10.1
若有收获,就点个赞吧
0 人点赞
