一、版本
k8s版本:v1.17.0
root@k8s-1:~# kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:12:17Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
root@k8s-1:~#
dashboard版本:
部署GitHub上目前最新版本的dashboard v2.0.0-beta8
https://github.com/kubernetes/dashboard/releases
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
二、简介
Dashboard 是基于网页的 Kubernetes 用户界面。您可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。您可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源(如 Deployment,Job,DaemonSet 等等)。例如,您可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
在部署完kubernetes v1.17后,让我们来部署一下dashboard,然后通过图形化界面来对资源进行查看与管理。
三、安装dashboard
部署GitHub上目前最新版本的dashboard v2.0.0-beta8
https://github.com/kubernetes/dashboard/releases
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
修改service通过NodePort方式访问k8s dashboard:
由于默认的service类型是ClusterIP,我们是自建的kubernetes,无法自动分配ip给service,所以这里我们需要修改一下dashboard的service类型,指定为NodePort以方便我们访问。
编辑我们下载的yaml文件 recommended.yaml
。。。
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新加此行
ports:
- port: 443
nodePort: 30001 #新加此行
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
。。。
应用配置文件
root@k8s-1:~/dashboard# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
root@k8s-1:~/dashboard#
之后指定namespace查看pod和service
通过节点ip以及service的端口30001访问dashboard页面
注意:在没有设置证书的情况下,通过Chrome和ie内核是无法访问这个页面的,我们这里就先使用火狐来继续实验,后面补充通过更新证书来解决此问题。
火狐浏览器:
我们还需要创建一个dashboard用户来登录
创建一个create-admin.yaml文件,内容如下
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
应用配置文件创建用户
root@k8s-1:~/dashboard# kubectl apply -f create-admin.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
获取到用户的token以用作登录
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
登录dashboard
成功登录后的界面
四、解决Chrome、ie无法正常访问dashboard问题
问题:通过Chrome和ie无法正常访问dashboard
原因是默认证书是0001年1月签发的已经过期
解决思路:生成有效证书替换之前的证书
先生成证书
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.1.171'
openssl x509 -req -days 3650 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
删除原有证书
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
通过新生成的证书创建secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
查看dashboard的pod NAME
kubectl get pod -n kubernetes-dashboard | grep dashboard
root@k8s-1:~/certs# kubectl get pod -n kubernetes-dashboard | grep dashboard
dashboard-metrics-scraper-76585494d8-zh7zc 1/1 Running 0 8m27s
kubernetes-dashboard-5996555fd8-zd7zp 1/1 Running 0 8m28s
删除原有pod即可(会自动创建新的pod)
kubectl delete pod <pod name> -n kubernetes-dashboard
root@k8s-1:~/certs# kubectl delete pod -n kubernetes-dashboard kubernetes-dashboard-5996555fd8-zd7zp
pod "kubernetes-dashboard-5996555fd8-zd7zp" deleted
root@k8s-1:~/certs#
再次访问dashboard服务,点击查看详情
现在就可以通过chrome正常访问dashboard了。
参考:
https://www.cnblogs.com/tianleblog/p/12157499.html#commentform
https://www.jianshu.com/p/c6d560d12d50
https://www.maxbon.cn/2019/09/27/138.html