--環境
centos7.5,已經有一個k8s集羣
主備節點均可訪問外網
--參考:
https://www.cnblogs.com/harlanzhang/p/10045975.html
https://www.wandouip.com/t5i365336/
##以下操作均是在master節點操作##
--下載kubernetes-dashboard.yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
--修改kubernetes-dashboard.yaml文件,
修改:
image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
新增:
type: NodePort
nodePort: 30001
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
--創建kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard.yaml
--查看kubernetes-dashboard容器是否已經運行
[root@k8s ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
etcd-k8s 1/1 Running 0 1h
kube-apiserver-k8s 1/1 Running 0 1h
kube-controller-manager-k8s 1/1 Running 0 1h
kube-dns-86f4d74b45-pbztb 3/3 Running 0 1h
kube-flannel-ds-amd64-8h9nk 1/1 Running 0 1h
kube-flannel-ds-amd64-96mpq 1/1 Running 0 1h
kube-proxy-pf7rx 1/1 Running 0 1h
kube-proxy-znt7d 1/1 Running 0 1h
kube-scheduler-k8s 1/1 Running 0 1h
kubernetes-dashboard-7c7fcf988d-r6j4n 0/1 ImagePullBackOff 0 19s
--創建kubernetes-dashboard管理員角色
[root@k8s ~]# vi k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
--加載管理員角色
kubectl create -f k8s-admin.yaml
--獲取dashboard管理員角色token
#獲取dashboard secret
[root@k8s ~]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-8bbqr kubernetes.io/service-account-token 3 1h
bootstrap-signer-token-m8xhw kubernetes.io/service-account-token 3 1h
bootstrap-token-5a1jym bootstrap.kubernetes.io/token 7 1h
certificate-controller-token-8qbw4 kubernetes.io/service-account-token 3 1h
clusterrole-aggregation-controller-token-qx9qw kubernetes.io/service-account-token 3 1h
cronjob-controller-token-jlvwt kubernetes.io/service-account-token 3 1h
daemon-set-controller-token-zhstr kubernetes.io/service-account-token 3 1h
dashboard-admin-token-2cf9h kubernetes.io/service-account-token 3 13s
default-token-bwqx8 kubernetes.io/service-account-token 3 1h
deployment-controller-token-8fbgl kubernetes.io/service-account-token 3 1h
disruption-controller-token-qsc4q kubernetes.io/service-account-token 3 1h
endpoint-controller-token-5mfwj kubernetes.io/service-account-token 3 1h
flannel-token-w64lx kubernetes.io/service-account-token 3 1h
generic-garbage-collector-token-2dsgd kubernetes.io/service-account-token 3 1h
horizontal-pod-autoscaler-token-tm9ph kubernetes.io/service-account-token 3 1h
job-controller-token-sscmg kubernetes.io/service-account-token 3 1h
kube-dns-token-xpst5 kubernetes.io/service-account-token 3 1h
kube-proxy-token-lgg9x kubernetes.io/service-account-token 3 1h
kubernetes-dashboard-certs Opaque 0 8m
kubernetes-dashboard-key-holder Opaque 2 6m
kubernetes-dashboard-token-f97rc kubernetes.io/service-account-token 3 8m
namespace-controller-token-ngppr kubernetes.io/service-account-token 3 1h
node-controller-token-rdxhv kubernetes.io/service-account-token 3 1h
persistent-volume-binder-token-rbtd8 kubernetes.io/service-account-token 3 1h
pod-garbage-collector-token-d2hlc kubernetes.io/service-account-token 3 1h
pv-protection-controller-token-668sz kubernetes.io/service-account-token 3 1h
pvc-protection-controller-token-zsr7b kubernetes.io/service-account-token 3 1h
replicaset-controller-token-dmvjt kubernetes.io/service-account-token 3 1h
replication-controller-token-7wmqf kubernetes.io/service-account-token 3 1h
resourcequota-controller-token-fqxrk kubernetes.io/service-account-token 3 1h
service-account-controller-token-6kct5 kubernetes.io/service-account-token 3 1h
service-controller-token-v5s8q kubernetes.io/service-account-token 3 1h
statefulset-controller-token-qgql8 kubernetes.io/service-account-token 3 1h
token-cleaner-token-rnhjq kubernetes.io/service-account-token 3 1h
ttl-controller-token-j2mg8 kubernetes.io/service-account-token 3 1h
--#獲取token
[root@k8s ~]# kubectl describe secret dashboard-admin-token-2cf9h -n kube-system
Name: dashboard-admin-token-2cf9h
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=dashboard-admin
kubernetes.io/service-account.uid=bed94acc-ddc5-11e9-8ea8-000c29816b4c
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tMmNmOWgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmVkOTRhY2MtZGRjNS0xMWU5LThlYTgtMDAwYzI5ODE2YjRjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.MWRRMfYoIlCTzDslSwxqq2_YZZhWgOi-L0Cia5NQK6fqQZVUkiDIyszInVtdvWL2IYbXN8Ji_PKX5gLgSgsTqRABCIiAUadz71eDivVsyy4JA6fe5n5Z-eynXrqmeF-tbpc0nIFM1-3ooh0CekbU0MhndPmk8yGEYF50DhLR0gTyD1jwHhLq70382ktmYze7CL7I7eWwtAJxUnWEXpBW_w4uOx5wwUr44I20iawYK920yVm8ocSZcobu7jede_g5uF-EkXqAA0-zTSQYaq9jekI8cFZLUAcajI7L6zsFsuobnRBkUv8Z6g1KDhPwYB3DXVMkvUzZZU7cajR7HIghyg
--使用管理員角色登陸kubernetes-dashboard web界面
客戶端瀏覽器輸入:https://nodeIP:nodeport ,也就是kubernetes-dashboard容器在哪臺node節點上跑,以及上面設置的nodeport端口(我這裏是https://192.168.3.6:30001)
彈出的窗口中選擇令牌,輸入上一步生成的token即可
(只有火狐瀏覽器可以直接訪問)
其他瀏覽器訪問需要操作(在主節點即可):
mkdir key && cd key
#生成證書
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.3.6'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#刪除原有的證書secret
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#創建新的證書secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
#查看pod
kubectl get pod -n kube-system
#重啓pod
kubectl delete pod kubernetes-dashboard-7c7fcf988d-r6j4n -n kube-system
--常用命令
#查看所有namespace
kubectl get namespaces
#查看所有pod
kubectl get pod --all-namespaces
#查看指定namespace 裏的service
kubectl get service --namespace=kube-system
#查看指定namspace裏的pod
kubectl get pods --namespace=kube-system