kubeadm之dashboard
1.因訪問dashboard界面時需要使用https,所以在本次測試環境中使用openssl進行數據加密傳輸:
[root@k8s-master ~]# openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
Generating RSA private key, 2048 bit long modulus
....................+++
........+++
e is 65537 (0x10001)
[root@k8s-master ~]# openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
writing RSA key
[root@k8s-master ~]# openssl req -new -key dashboard.key -out dashboard.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:china
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:qf
Organizational Unit Name (eg, section) []:qf
Common Name (eg, your name or your server's hostname) []:xingdian
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@k8s-master ~]# openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/C=CN/ST=china/L=beijing/O=qf/OU=qf/CN=xingdian/emailAddress=[email protected]
Getting Private key
2.將生成的祕鑰傳給node節點
[root@k8s-master ~]# mkdir /opt/certs
[root@k8s-master ~]# ls
dashboard.crt dashboard.csr dashboard.key dashboard.pass.key
[root@k8s-master ~]# mv dashboard.crt dashboard.key /opt/certs/
[root@k8s-master ~]# scp -r /opt/certs k8s-node-1:/opt/
dashboard.crt 100% 1273 919.4KB/s 00:00
dashboard.key 100% 1675 1.5MB/s 00:00
[root@k8s-master ~]# scp -r /opt/certs k8s-node-2:/opt/
dashboard.crt 100% 1273 966.4KB/s 00:00
dashboard.key
3.先將yaml文件下載下來,修改裏面鏡像地址和Service NodePort類型
[root@k8s-master ~]# git clone https://github.com/blackmed/kubernetes-kubeadm.git
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
使用我的git下載的yaml文件是已經修改過得,以下是修改過程
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
執行yaml文件:
[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard.yaml
4.創建一個管理員角色:
[root@k8s-master ~]# vim kubernetes-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
執行yaml文件
[root@k8s-master ~]# kubectl apply -f kubernetes-admin.yaml
5.生成token的令牌登錄使用
[root@k8s-master dashboard]# kubectl describe secret dashboard-admin -n kube-system
Name: dashboard-admin-token-fsdcn
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 6700f33f-8fc3-409c-b253-8796cf850014
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjE3OVpva3B2Z2drNGN3OGppcTVkc1hhbVVzY2NJclF5QlBEYWQwZ0tjUVEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZnNkY24iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjcwMGYzM2YtOGZjMy00MDljLWIyNTMtODc5NmNmODUwMDE0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.i4P9A96V9847mlzv1e4q4EtXU-2PwXebT1Ax85d_5GtNMetPr7tDadeciw09TlTK0Ju8MCicmN0UmPDTQ3gCD6B9zR7V1chIPh7GuiSKaYxHQFeRjcRqRBhNUREmtUd_F5CZR3nP5XwNoimVQuCLD2EdveXCr8WcZTG5E8fy7T2ip0PJ1emoD_V1CV49ldSu2AmN4h7LZ9X7o4CbSt_XVABQEIBHyMn3GkeC-Q-YOM6BWKviJM8kAynSFFNSyVzygzMqwzCfZqqNv9-FE0aAUq2jECvY-aFnFBqkLAIPX_vPIlailQu4mmUNctV-GlBw2yeY0y4Zd2OMXhFGxpzrQw
6.檢查pods發現dashboard正常運行
[root@k8s-master dashboard]# kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
coredns-6955765f44-4t2jd 1/1 Running 0 32h
coredns-6955765f44-ck62g 1/1 Running 0 32h
etcd-k8s-master 1/1 Running 2 32h
kube-apiserver-k8s-master 1/1 Running 2 32h
kube-controller-manager-k8s-master 1/1 Running 3 32h
kube-flannel-ds-amd64-4n72n 1/1 Running 0 3h31m
kube-flannel-ds-amd64-mpdsm 1/1 Running 0 99m
kube-flannel-ds-amd64-vblsd 1/1 Running 0 99m
kube-proxy-2f4jl 1/1 Running 0 99m
kube-proxy-8kmc4 1/1 Running 0 99m
kube-proxy-r4qsn 1/1 Running 2 32h
kube-scheduler-k8s-master 1/1 Running 3 32h
kubernetes-dashboard-6745f84c7b-rkg4d 1/1 Running 0 5m25s
7.瀏覽器訪問