13. 安装DashBoard

[root@alice001 traefik]# docker pull k8scn/kubernetes-dashboard-amd64:v1.8.3
v1.8.3: Pulling from k8scn/kubernetes-dashboard-amd64
a4026007c47e: Pull complete 
Digest: sha256:ebc993303f8a42c301592639770bd1944d80c88be8036e2d4d0aa116148264ff
Status: Downloaded newer image for k8scn/kubernetes-dashboard-amd64:v1.8.3
[root@alice001 traefik]# docker tag k8scn/kubernetes-dashboard-amd64:v1.8.3 harbor.od.com/public/dashboard:v1.8.3
[root@alice001 traefik]# docker push !$ 
docker push harbor.od.com/public/dashboard:v1.8.3 
The push refers to repository [harbor.od.com/public/dashboard]
23ddb8cbb75a: Pushed 
v1.8.3: digest: sha256:ebc993303f8a42c301592639770bd1944d80c88be8036e2d4d0aa116148264ff size: 529
[root@alice001 traefik]# mkdir -p /data/k8s-yaml/dashboard && cd /data/k8s-yaml/dashboard
[root@alice001 dashboard]# ll
total 16
-rw-r--r-- 1 root root 1427 Feb 20 19:11 deployment.yaml
-rw-r--r-- 1 root root  347 Feb 20 16:23 ingress.yaml
-rw-r--r-- 1 root root  610 Feb 20 18:23 rbac.yaml
-rw-r--r-- 1 root root  322 Feb 20 16:22 svc.yaml
[root@alice001 dashboard]# vim /var/named/od.com.zone 
[root@alice001 dashboard]# cat /var/named/od.com.zone 
$ORIGIN od.com.
$TTL 600        ; 10 minutes
@       IN SOA    dns.od.com. dnsadmin.od.com. (
                2021012909 ; serial
                10800      ; refresh (3 hours)
                900        ; retry (15 minutes)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
                NS   dns.od.com.
$TTL 60    ; 1 minute
dns                A    47.243.20.250
harbor             A    172.23.187.175
k8s-yaml       A    47.243.20.250
traefik        A    47.243.20.250
dashboard        A    47.243.20.250
[root@alice001 dashboard]# systemctl restart named
[root@alice001 dashboard]# dig  -t A dashboard.od.com @172.23.187.175 +short
47.243.20.250
[root@alice001 dashboard]# cd /opt/certs/
[root@alice001 certs]# openssl req -new -key dashboard.od.com.key -out dashboard.od.com.csr -subj "/CN=dashboard.od.com/C=CN/ST=BJ/L=Beijing/O=Oldb
[root@alice001 certs]# openssl x509 -req -in dashboard.od.com.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out dashboard.od.com.crt -days 3650
Signature ok
subject=/CN=dashboard.od.com/C=CN/ST=BJ/L=Beijing/O=OldboyEdu/OU=ops
Getting CA Private Key
[root@alice001 certs]# ll dashboard.od.com.*
-rw-r--r-- 1 root root 1196 Feb 20 18:53 dashboard.od.com.crt
-rw-r--r-- 1 root root 1005 Feb 20 18:53 dashboard.od.com.csr
-rw------- 1 root root 1679 Feb 20 18:53 dashboard.od.com.key
[root@alice001 certs]# cd /etc/nginx/
[root@alice001 nginx]# mkdir certs
[root@alice001 nginx]# cd certs/
[root@alice001 certs]# ls
[root@alice001 certs]# cp /opt/certs/dashboard.od.com.key .
[root@alice001 certs]# cp /opt/certs/dashboard.od.com.crt .
[root@alice001 certs]# ll
total 8
-rw-r--r-- 1 root root 1196 Feb 20 18:57 dashboard.od.com.crt
-rw------- 1 root root 1679 Feb 20 18:57 dashboard.od.com.key
[root@alice001 certs]# vim /etc/nginx/conf.d/dashborad.conf
[root@alice001 dashboard]# cat /etc/nginx/conf.d/dashborad.conf
server {
    listen       80;
    server_name  dashboard.od.com dashboard.grep.pro;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    listen       443 ssl;
    server_name  dashboard.od.com dashboard.grep.pro;
    ssl_certificate "certs/dashboard.od.com.crt";
    ssl_certificate_key "certs/dashboard.od.com.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://default_backend_traefik;
        proxy_set_header Host       $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}
[root@alice001 dashboard]# 
[root@alice001 dashboard]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@alice001 dashboard]# systemctl restart nginx