kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
nodeName: master
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.1.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
下载配置文件指令
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.1.0/aio/deploy/recommended.yaml
修改配置文件,暴露IP
type = NodePort
由于谷歌浏览器无法打开页面,需自签证书
创建一个目录
mkdir key
cd key
生成证书
openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
.................+++
......+++
e is 65537 (0x10001)
172.16.64.229为master节点的IP地址
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.16.64.229'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=172.16.64.229
Getting Private key
查看自带证书
kubectl get secrets -n kubernetes-dashboard
1 删除默认的secret,用自签证书创建新的secret
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
kubectl create secret generic kubernetes-dashboard-certs --from-file=/etc/kubernetes/pki/apiserver.key --from-file=/etc/kubernetes/pki/apiserver.crt -n kubernetes-dashboard
2 修改 recommended.yaml 文件,在args下面增加证书两行
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=apiserver.key
- --tls-cert-file=apiserver.crt
kubectl apply -f recommended.yaml
获取 token
[root@master1 ~]# kubectl get secret -n kube-system |grep admin|awk '{print $1}'
dashboard-admin-token-bwgjv
# 复制下面的 token,后面登陆的时候要用到
[root@master1 ~]# kubectl describe secret dashboard-admin-token-bwgjv -n kube-system|grep '^token'|awk '{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6IkJOVUhyRElPQzJzU2t6VDNVdWpTdzhNZmZPZjV0U2s1UXBFTzctNE9uOFEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYndnanYiLCJrdWJlcm5
生成config以供网页登录管理页面使用
#复制token 为 变量TOKEN 赋值
kubectl config set-credentials ssy --token=$DASH_TOCKEN --kubeconfig=ssy-config
kubectl config set-context ssy@kubernetes --cluster=kubernetes --user=ssy --kubeconfig=ssy-config
kubectl config use-context ssy@kubernetes --kubeconfig=ssy-config