kuberneets 1.17 安装 dashboard nginx-ingress

CurrentJ 2020-01-09

一、首先安装dashboard 

https://github.com/kubernetes/dashboard

需要下载的yaml文件 https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml可以进行一些修改首先是HTTPS的修改部分
containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.0.0-beta8
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            - --metrics-provider=none
            - --api-log-level=DEBUG
            - --v=10

HTTP的修改部分

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 80
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.0.0-beta8
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            #- --auto-generate-certificates
            #- --namespace=kubernetes-dashboard
            - --enable-insecure-login=true
            - --insecure-port=8443
            - --metrics-provider=none
            - --namespace=kubernetes-dashboard
            - --enable-skip-login=true

用kubectl apply -f 提交修改后的文件

查看相关内容是否都已经启动成功

kubectl get all -n kubernetes-dashboard

二、下边开始安装ingress

首先参考 

https://kubernetes.github.io/ingress-nginx/deploy/#prerequisite-generic-deployment-command

主要使用的文件就是 

https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/mandatory.yaml由于不想使用 nodeport 的service暴露服务,选择在ingress-controller的机器上暴露端口
spec:
      # wait up to five minutes for the drain of connections
      terminationGracePeriodSeconds: 300
      serviceAccountName: nginx-ingress-serviceaccount
      nodeSelector:
        kubernetes.io/os: linux
        kubernetes.io/hostname: xxx.xxx.xxx.xxx #nginx启动所在的机器
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: nginx-ingress-controller

配置service文件 由于我是bare-metal的 所以参考地址 https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal

https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/provider/baremetal/service-nodeport.yaml 进行了一些修改
kind: Service
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  #type: NodePort
  ports:
    - name: http
      port: 80
      targetPort: 80
      protocol: TCP
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

上边说过不用Nodeport方式,所以改了一下

用kubectl apply -f 提交这两个文件 

查看启动情况

kubectl get all -n ingress-nginx

三、 开始为dashboard配置ingress的rule

首先是HTTPS的配置

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: k8s-dashboard
  namespace: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    #nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  #tls:
  #- secretName: kubernetes-dashboard-certs
  rules:
  - http:
      paths:
      #- path: /dashboard(/|$)(.*)
      - path: /dashboard/(.*)
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

注意上边的 annotations 

其次是 HTTP的

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: k8s-dashboard
  namespace: kubernetes-dashboard
spec:
  rules:
  - http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 80

HTTP的方式我直接使用 / 作为路径, HTTPS使用/dashboard/ 作为路径

访问时使用在 ingress那绑定的机器 使用80或者443端口来访问 记得后边一定要有 / , 比如 (HTTP的配置) http://xxx.xxx.xxx.xxx/  , 

 (HTTPS的配置) https://xxx.xxx.xxx.xxx/dashboard/

四、为dashboard创建用户

可以参考 https://github.com/kubernetes/dashboard#create-an-authentication-token-rbac 

可以参考 https://my.oschina.net/u/2306127/blog/1930169?from=timeline

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard
  namespace: kube-system

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: dashboard
subjects:
  - kind: ServiceAccount
    name: dashboard
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

然后执行安装(所建立的账号为dashboard):

kubectl create -f dashboard-rbac.yaml

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-token | awk ‘{print $1}‘)

参考地址

https://www.servicemesher.com/blog/general-kubernetes-dashboard/

相关推荐