[Up]常用資訊

[重點文章] 重點文章 [重點文章] 重點文章

2021年5月12日 星期三

【K8S】 K8S 1.21.0 安裝dashboard(基於kubernetes-dashboard 2.2.0版本)

【K8S】 K8S 1.21.0 安裝dashboard(基於kubernetes-dashboard 2.2.0版本)

 
#Step 01 – 

安裝部署dashboard
1.查看pod運行情況

# kubectl get pods -A  -o wide

2.下載recommended.yaml文件

wget -O kubernetes-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

3.修改 kubernetes-dashboard.yaml 文件

# vi kubernetes-dashboard.yaml

修改內容如下:

---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort #增加
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000 #增加
  selector:
    k8s-app: kubernetes-dashboard
---
#因為自動生成的證書很多流覽器無法使用,所以我們自己創建,注釋掉kubernetes-dashboard-certs物件聲明
#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#  name: kubernetes-dashboard-certs
#  namespace: kubernetes-dashboard
#type: Opaque
---

4.創建 kubernetes-dashboard 使用證書

mkdir dashboard-certs

cd dashboard-certs/

#創建命名空間
kubectl create namespace kubernetes-dashboard

# 創建key文件
openssl genrsa -out dashboard.key 2048

#證書請求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'

#自簽證書
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

#創建kubernetes-dashboard-certs對象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

5.安裝dashboard 

kubectl create -f ~/kubernetes-dashboard.yaml

注意:這裡可能會報如下所示。

Error from server (AlreadyExists): error when creating "/root/kubernetes-dashboard.yaml": namespaces "kubernetes-dashboard" already exists
Error from server (AlreadyExists): error when creating "/root/kubernetes-dashboard.yaml": secrets "kubernetes-dashboard-certs" already exists

這是因為我們在創建證書時,已經創建了kubernetes-dashboard命名空間,所以,直接忽略此錯誤資訊即可。

6.查看安裝結果

# kubectl get pods -A  -o wide

# kubectl get service -n kubernetes-dashboard  -o wide

7.創建dashboard管理員

# vi dashboard-admin.yaml

新增內容如下:

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard


保存退出後執行如下命令創建管理員。

kubectl create -f ./dashboard-admin.yaml

8.為用戶分配許可權

創建dashboard-admin-bind-cluster-role.yaml文件。

vi dashboard-admin-bind-cluster-role.yaml

檔內容如下所示。

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

保存退出後執行如下命令為用戶分配許可權。

kubectl create -f ./dashboard-admin-bind-cluster-role.yaml


9.查看並複製用戶Token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')

# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name:         dashboard-admin-token-p8tng
Namespace:    kubernetes-dashboard
Labels:       
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: c3640b5f-cd92-468c-ba01-c886290c41ca

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:     .........



可以看到,此時的Token值為:


查看dashboard介面
在流覽器中打開連結 https://xxx.xxx.xxx.xxx:30000
標籤: , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)