kubeadm dashboard安装

１．因访问dashboard界面时需要使用https

[root@k8s-master ~]# openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048

２．将生成的秘钥传给node节点

[root@k8s-master ~]# mkdir /opt/certs
[root@k8s-master ~]# ls
dashboard.crt  dashboard.csr  dashboard.key  dashboard.pass.key
[root@k8s-master ~]# mv dashboard.crt dashboard.key /opt/certs/
[root@k8s-master ~]# scp -r /opt/certs  k8s-node-1:/opt/
dashboard.crt                                                                           100% 1273   919.4KB/s   00:00    
dashboard.key                                                                           100% 1675     1.5MB/s   00:00    
[root@k8s-master ~]# scp -r /opt/certs  k8s-node-2:/opt/
dashboard.crt                                                                           100% 1273   966.4KB/s   00:00    
dashboard.key    

3、下载yaml文件

https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

修改相应位置
kind: Service
spec:
    type: NodePort
    ports:
    - port: 443
    targetPort: 8443
    nodePort: 30001
selector:
    k8s-app: kubernetes-dashboard

[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard.yaml

如果已经有了的话，通过下面命令删除
[root@k8s-master ~]# kubectl delete -f kubernetes-dashboard.yaml

[root@k8s-master dashboard]# kubectl describe secret dashboard-admin  -n kubernetes-dashboard

4、检查pods发现dashboard正常运行

[root@k8s-00001 ~]# kubectl  get pods --namespace=kubernetes-dashboard
NAME                                        READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-c45b7869d-9qd58   1/1     Running   0          14m
kubernetes-dashboard-576cb95f94-8nh2f       1/1     Running   0          14m

5、验证

https://8.130.14.51:30001

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-GqEKfdrv-1643335750020)(…/…/img/dashboard.png)]

6、增加账号密码

# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system

# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

7、配置用户名密码登录

参考地址
https://www.cnblogs.com/wenyang321/p/14149099.html

1、备份kube-apiserver.yaml（重要）
[root@ptestk8sm ~]# cp /etc/kubernetes/manifests/kube-apiserver.yaml .

2、新增密码文件
账户admin密码admin，唯一id是1
[root@ptestk8sm ~]# echo "admin,admin,1" > /etc/kubernetes/pki/basic_auth_file
每行写一个账号，id不能重复（资料写的账号密码要一样，未测试）
注意密码文件路径，通过查看kube-apiserver.yaml可看到其可访问范围

3、修改apiserver.yaml
[root@ptestk8sm ~]# vim /etc/kubernetes/manifests/kube-apiserver.yaml
加入这一行
- --basic-auth-file=/etc/kubernetes/pki/basic_auth_file

4、查看状态
apiserver.yaml被修改后会自动重启（十秒左右），查看状态有报错

5、排错
如果报错，可能没有问题
是添加的这一条出现了问题，原因是- --basic-auth-file已经在1.16版本被弃用，改为了- --token-auth-file

6、修改配置，再次查看状态
- --token-auth-file=/etc/kubernetes/pki/basic_auth_file

7、为admin用户绑定权限
[root@ptestk8sm ~]# kubectl create clusterrolebinding login-on-dashboard-with-cluster-admin --clusterrole=cluster-admin --user=admin

查看绑定结果
[root@ptestk8sm ~]# kubectl get clusterrolebinding login-on-dashboard-with-cluster-admin
NAME                                    ROLE                        AGE
login-on-dashboard-with-cluster-admin   ClusterRole/cluster-admin   10s

8、修改recommended.yaml
kubectl edit deploy kubernetes-dashboard -n kubernetes-dashboard
添加如下两行，保存
- --token-ttl=21600 #新增行 单位秒
- --authentication-mode=basic #新增行

9、新问题，登录后不显示组件，因为匿名用户禁止访问，添加权限
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous

8、dashboard操作手册

https://blog.51cto.com/u_15098527/3592147

微信公众号，需要的话就关注下我~