開始部署
Gitlab 項目地址:https://github.com/kubernetes/dashboard
1) 創(chuàng)建證書:
mkdir dashboard-certs
cd dashboard-certs/
#創(chuàng)建命名空間
kubectl create namespace kubernetes-dashboard
# 創(chuàng)建key文件
openssl genrsa -out dashboard.key 2048
#證書請求
openssl req -new -key dashboard.key -out dashboard.csr -subj /CN=dashboard-cert
#自簽證書,指定證書的有效期天數(shù)。
openssl x509 -req -days 3650 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
# 查看證書有效期
openssl x509 -noout -text -in dashboard.crt
#創(chuàng)建kubernetes-dashboard-certs對象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
ubuntu18.04時生成CSR時報錯
Cant load /root/.rnd into RNG
140496635077056:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
解決辦法:
cd /root
openssl rand -writerand .rnd
2) 下載并修改??recommended.yaml?
?文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml
#增加直接訪問端口
kind Service
apiVersion v1
metadata
labels
k8s-app kubernetes-dashboard
name kubernetes-dashboard
namespace kubernetes-dashboard
spec
type NodePort #增加
ports
port443
targetPort8443
nodePort 30008 #增加
selector
k8s-app kubernetes-dashboard
---
#因為自動生成的證書很多瀏覽器無法使用,所以我們在上面自己創(chuàng)建了,注釋掉kubernetes-dashboard-certs對象聲明
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
3) 安裝??Dashboard?
?
#安裝
kubectl apply -f ~/recommended.yaml
#檢查結(jié)果
kubectl get pods -A -o wide
kubectl get service -n kubernetes-dashboard -o wide
4) 創(chuàng)建??Dashboard?
??管理員賬號??dashboard-admin.yaml?
??,并??apply?
?
自帶的 serviceaccount 賬號的權(quán)限有限,所以咱重新創(chuàng)建一個serviceaccount 賬號,來登錄dashboard。
apiVersion v1
kind ServiceAccount
metadata
labels
k8s-app kubernetes-dashboard
name dashboard-admin
namespace kubernetes-dashboard
5) 賦權(quán)??dashboard-admin-bind-cluster-role.yaml?
?,并??apply?
?
apiVersion rbac.authorization.k8s.io/v1
kind ClusterRoleBinding
metadata
name dashboard-admin-bind-cluster-role
labels
k8s-app kubernetes-dashboard
roleRef
apiGroup rbac.authorization.k8s.io
kind ClusterRole
name cluster-admin
subjects
kind ServiceAccount
name dashboard-admin
namespace kubernetes-dashboard
6) 復制??token?
?,并登錄??https://192.168.0.104:30008?
?(換成你環(huán)境的ip即可)
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk {print $1})