CurrentJ 2020-01-09
一、首先安装dashboard
https://github.com/kubernetes/dashboard
需要下载的yaml文件 https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml可以进行一些修改首先是HTTPS的修改部分
containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard - --metrics-provider=none - --api-log-level=DEBUG - --v=10
HTTP的修改部分
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 80 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: #- --auto-generate-certificates #- --namespace=kubernetes-dashboard - --enable-insecure-login=true - --insecure-port=8443 - --metrics-provider=none - --namespace=kubernetes-dashboard - --enable-skip-login=true
用kubectl apply -f 提交修改后的文件
查看相关内容是否都已经启动成功
kubectl get all -n kubernetes-dashboard
二、下边开始安装ingress
首先参考
https://kubernetes.github.io/ingress-nginx/deploy/#prerequisite-generic-deployment-command
主要使用的文件就是
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/mandatory.yaml由于不想使用 nodeport 的service暴露服务,选择在ingress-controller的机器上暴露端口
spec: # wait up to five minutes for the drain of connections terminationGracePeriodSeconds: 300 serviceAccountName: nginx-ingress-serviceaccount nodeSelector: kubernetes.io/os: linux kubernetes.io/hostname: xxx.xxx.xxx.xxx #nginx启动所在的机器 hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: nginx-ingress-controller
配置service文件 由于我是bare-metal的 所以参考地址 https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/provider/baremetal/service-nodeport.yaml 进行了一些修改
kind: Service metadata: name: ingress-nginx namespace: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx spec: #type: NodePort ports: - name: http port: 80 targetPort: 80 protocol: TCP - name: https port: 443 targetPort: 443 protocol: TCP selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/part-of: ingress-nginx
上边说过不用Nodeport方式,所以改了一下
用kubectl apply -f 提交这两个文件
查看启动情况
kubectl get all -n ingress-nginx
三、 开始为dashboard配置ingress的rule
首先是HTTPS的配置
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: k8s-dashboard namespace: kubernetes-dashboard annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" #nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/rewrite-target: /$1 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: #tls: #- secretName: kubernetes-dashboard-certs rules: - http: paths: #- path: /dashboard(/|$)(.*) - path: /dashboard/(.*) backend: serviceName: kubernetes-dashboard servicePort: 443
注意上边的 annotations
其次是 HTTP的
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: k8s-dashboard namespace: kubernetes-dashboard spec: rules: - http: paths: - path: / backend: serviceName: kubernetes-dashboard servicePort: 80
HTTP的方式我直接使用 / 作为路径, HTTPS使用/dashboard/ 作为路径
访问时使用在 ingress那绑定的机器 使用80或者443端口来访问 记得后边一定要有 / , 比如 (HTTP的配置) http://xxx.xxx.xxx.xxx/ ,
(HTTPS的配置) https://xxx.xxx.xxx.xxx/dashboard/
四、为dashboard创建用户
可以参考 https://github.com/kubernetes/dashboard#create-an-authentication-token-rbac
可以参考 https://my.oschina.net/u/2306127/blog/1930169?from=timeline
apiVersion: v1 kind: ServiceAccount metadata: name: dashboard namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dashboard subjects: - kind: ServiceAccount name: dashboard namespace: kube-system roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io 然后执行安装(所建立的账号为dashboard): kubectl create -f dashboard-rbac.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-token | awk ‘{print $1}‘)
参考地址
https://www.servicemesher.com/blog/general-kubernetes-dashboard/