kubernetes部署dashboard2.4.0

1、镜像

docker pull kubernetesui/dashboard:v2.4.0

2、tag

docker images | grep dashboard
kubernetesui/dashboard    v2.4.0   72f07539ffb5   3 months ago    221M

docker tag 72f07539ffb5 registry.cn-shenzhen.aliyuncs.com/hqyinfra/dashboard:v2.4.0

3、推送

docker push registry.cn-shenzhen.aliyuncs.com/hqyinfra/dashboard:v2.4.0

4、ns.yaml

kubectl apply -f ns.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

5、secret.yaml

kubectl apply -f secret.yaml
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

6、rbac.yaml

kubectl apply -f rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

7、dp.yaml

kubectl apply -f dp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: registry.cn-shenzhen.aliyuncs.com/hqyinfra/dashboard:v2.4.0
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

8、svc.yaml

kubectl apply -f svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

9、ingress.yaml

kubectl apply -f ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: dashboard.candy.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

10、生成dashboard证书
ca-csr.json

{
	"CN": "CandyHome",
	"hosts": [
	],
	"key": {
	    "algo": "rsa",
	    "size": 2048
	},
	"names": [
	    {
	        "C": "CN",
	        "ST": "BJ",
	        "L": "Beijing",
	        "O": "CandyHome",
	        "OU": "ops"
	    }
	],
	"ca": {
	    "expiry": "175200h"
	}
}

ca-config.json

{
    "signing": {
        "default": {
            "expiry": "175200h"
        },
        "profiles": {
            "server": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth"
                ]
            },
            "client": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            },
            "peer": {
                "expiry": "175200h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth",
                    "client auth"
                ]
            }
        }
    }
}

dashboard-csr.json

{
	"CN": "dashboard.candy.com",
	"hosts": [
	],
	"key": {
	    "algo": "rsa",
	    "size": 2048
	},
	"names": [
	    {
	        "C": "CN",
	        "ST": "BJ",
	        "L": "Beijing",
	        "O": "candyHome",
	        "OU": "ops"
	    }
	]
}
cfssl gencert -initca ca-csr.json | cfssl-json -bare ca

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server dashboard-csr.json | cfssl-json -bare dashboard

11、配置nginx卸载证书

docker cp dashboard.pem nginx:/dashboard.pem
docker cp dashboard-key.pem nginx:/dashboard-key.pem
docker exec -it nginx sh
vi /etc/nginx/conf.d/dashboard.candy.com.conf

dashboard.candy.com.conf

server {
    listen 80;
    server_name dashboard.candy.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    listen 443 ssl;
    server_name dashboard.candy.com;
    ssl_certificate "/dashboard.pem";
    ssl_certificate_key "/dashboard-key.pem";
#    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://default_backend_traefik;
        proxy_set_header Host $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}
nginx -s reload
exit

12、获取Token

kubectl get secret -n kubernetes-dashboard
default-token-mw474                kubernetes.io/service-account-token   3      11d
kubernetes-dashboard-certs         Opaque                                0      11d
kubernetes-dashboard-csrf          Opaque                                1      11d
kubernetes-dashboard-key-holder    Opaque                                2      11d
kubernetes-dashboard-token-95lrt   kubernetes.io/service-account-token   3      11d

kubectl describe secret kubernetes-dashboard-token-95lrt -n kubernetes-dashboard

在这里插入图片描述
13、配置hosts

vi /etc/hosts
127.0.0.1 dashboard.candy.com

14、浏览器访问:dashboard.candy.com
在这里插入图片描述
在这里插入图片描述

  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值