godwot 2019-09-08
上篇文章介绍了k8s1.14.2的安装,本文介绍k8s Dashboard的配置。由于heapster镜像pull的限制,Dashboard的配置也需要复杂的操作。
一、安装heapster
配置k8s yaml文件
创建目录~/heapster,复制以下四个文件的内容到heapster目录下 https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/influxdb/grafana.yaml https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/influxdb/heapster.yaml https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/influxdb/influxdb.yaml https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/rbac/heapster-rbac.yaml
替换文件中的镜像地址
sed -i 's/k8s.gcr.io/ist0ne/g' grafana.yaml sed -i 's/k8s.gcr.io/ist0ne/g' heapster.yaml sed -i 's/k8s.gcr.io/ist0ne/g' influxdb.yaml 如果镜像pull失败服务状态为ImagePullBackOff, 可以尝试其他镜像(docker search heapster)
安装heapster
kubectl create -f heapster/
二、安装dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml kubectl create -f kubernetes-dashboard.yaml
三、检查安装
kubectl get deployment kubernetes-dashboard -n kube-system kubectl get pods -n kube-system -o wide kubectl get services -n kube-system
四、浏览器访问Dashboard
https://192.168.33.10:30001 默认配置中,服务端挂载的是一个空证书,浏览器无法正常访问
五、 为Dashboard提供完成的TLS证书
mkdir -p ~/kubernetes/yml/tls cd ~/kubernetes/yml/tls
创建自签名CA
openssl genrsa -out ca.key 2048 openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA" openssl x509 -in ca.crt -noout -text
签发Dashboard证书
openssl genrsa -out dashboard.key 2048 openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=192.168.33.10" cat dashboard.cnf openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf openssl x509 -in dashboard.crt -noout -text
挂载证书到Dashboard
kubectl delete -f kubernetes-dashboard.yml kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml kubectl apply -f kubernetes-dashboard.yml
六、创建令牌使用令牌访问
kubectl create serviceaccount dashboard-admin -n kube-system kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
输入令牌进行访问:
查看工作负载:
Created by 苏亚强([email protected]) on 2019/8/12.