10、为k8s集群配置dashboard服务

  1. $ cd /etc/kubernetes/ && wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
  3. #将名称空间修改为默认system
  4. $ sed -i '/namespace/ s/kubernetes-dashboard/kube-system/g' recommended.yaml
  6. $vi kubernetes-dashboard.yaml 
  8. #修改service类型为NodePort类型
  9. .......
  10. kind: Service
  11. apiVersion: v1
  12. metadata:
  13.   labels:
  14.     k8s-app: kubernetes-dashboard
  15.   name: kubernetes-dashboard
  16.   namespace: kube-system
  17. spec:
  18.   type: NodePort      #添加一行
  19.   ports:
  20.     - port: 443
  21.       targetPort: 8443
  22.       nodePort: 31260     #添加一行
  23.   selector:
  24.     k8s-app: kubernetes-dashboard
  25. ......

对于有些kubernetes-dashboard中使用官方镜像无法拉取的情况,可以更改为国内源。

  1. 比如:image: k8s.gcr.io/google_containers/kubernetes-dashboard-amd64:v1.10.1
  2. 可以将镜像仓库地址k8s.gcr.io改成registry.aliyuncs.com/google_containers
  3. 即:
  4. image: registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1

11、访问集群

image.png

11.1 通过令牌方式访问

  1. mkdir key && cd key
  2. #生成证书
  3. openssl genrsa -out dashboard.key 2048 
  4. openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.17.3.141'
  5. openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 
  6. #删除原有的证书secret
  7. kubectl delete secret kubernetes-dashboard-certs -n kube-system
  8. #创建新的证书secret
  9. kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
  11. #查看pod
  12. kubectl get pod -n kube-system
  14. #删除pod,启动新pod生效
  15. kubectl delete pod kubernetes-dashboard-5b9dd4f974-ztp89 -n kube-system 
  17. #编辑文件vim k8s-admin.yaml
  18. kind: ClusterRoleBinding
  19. apiVersion: rbac.authorization.k8s.io/v1beta1
  20. metadata:
  21.   name: admin
  22.   annotations:
  23.     rbac.authorization.kubernetes.io/autoupdate: "true"
  24. roleRef:
  25.   kind: ClusterRole
  26.   name: cluster-admin
  27.   apiGroup: rbac.authorization.k8s.io
  28. subjects:
  29. - kind: ServiceAccount
  30.   name: admin
  31.   namespace: kube-system
  33. ---
  34. apiVersion: v1
  35. kind: ServiceAccount
  36. metadata:
  37.   name: admin
  38.   namespace: kube-system
  39.   labels:
  40.     kubernetes.io/cluster-service: "true"
  41.     addonmanager.kubernetes.io/mode: Reconcile
  43. kubectl create -f k8s-admin.yaml
  44. kubectl get serviceaccount -n kube-system
  45. kubectl describe serviceaccount admin  -n kube-system
  46. kubectl describe secret  admin-token-2frfz  -n kube-system
  47. #保存最后一步命令查看到的token密钥,就是登录dashboard需要的令牌,完成登陆

11.2 通过kubeconfig 方式访问

  1. DASH_TOCKEN=$(kubectl get secret -n kube-system admin-token-mcqj5 -o jsonpath={.data.token}|base64 -d)
  3. kubectl config set-cluster kubernetes --server=10.0.0.11:6443 --kubeconfig=/root/dashbord-admin.conf
  5. kubectl config set-credentials admin --token=$DASH_TOCKEN --kubeconfig=/root/dashbord-admin.conf
  7. kubectl config set-context admin --cluster=kubernetes --user=admin --kubeconfig=/root/dashbord-admin.conf
  9. kubectl config use-context admin  --kubeconfig=/root/dashbord-admin.conf

image.png