9.2 dashboard插件
1.进入/kubernetes/cluster/addons/dashboard目录a.修改dashboard-controller.yaml为国内镜像或者自己私服的镜像<image: siriuszg/kubernetes-dashboard-amd64:v1.8.3--->image: k8s.gcr.io/kubernetes-dash...
1.进入/kubernetes/cluster/addons/dashboard目录
a.修改dashboard-controller.yaml为国内镜像或者自己私服的镜像
< image: siriuszg/kubernetes-dashboard-amd64:v1.8.3
---
> image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
b.修改dashboard-service.yaml加入type: NodePort
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
2.执行定义的文件
kubectl create -f .
3.查看分配的NodePort
kubectl get deployment kubernetes-dashboard -n kube-system
输出
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1 1 1 1 37s
输出
kubectl --namespace kube-system get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
coredns-5f94b495b5-4m7gl 1/1 Running 0 19h 172.30.97.3 kube-node3 <none>
coredns-5f94b495b5-hjjvp 1/1 Running 0 19h 172.30.19.3 kube-node2 <none>
kubernetes-dashboard-55746544c9-tkqts 1/1 Running 0 53s 172.30.31.4 kube-node1 <none>
kubectl get services kubernetes-dashboard -n kube-system
输出
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.254.158.241 <none> 443:8601/TCP 1m
4.获取集群信息
kubectl cluster-info
输出
Kubernetes master is running at https://172.17.13.204:6443
CoreDNS is running at https://172.17.13.204:6443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
kubernetes-dashboard is running at https://172.17.13.204:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
5.访问
https://123.56.41.163:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
会出现没有证书及401 Forbiden,需根据以下步骤 并将ca.pen和生成的admin.pfx下载到本地导入并重启浏览器
https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/A.浏览器访问kube-apiserver安全端口.md
生成证书openssl pkcs12 -export -out admin.pfx -inkey admin-key.pem -in admin.pem -certfile ca.pem
记住生成证书时的密码,把admin.pfx及ca.pem导入到本地
重启浏览器后访问
https://123.56.41.163:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
根据提示确认admin证书并输入密码,还会提示输入本机用户名及密码
可以使用token或者Kubeconfig两种方式登录,建议使用后者
1.创建登录 token
kubectl create sa dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}')
echo ${DASHBOARD_LOGIN_TOKEN}
可以使用token登录
2.根据上述生成的 token 生成 KubeConfig 文件
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/cert/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=dashboard.kubeconfig
# 设置客户端认证参数,使用上面创建的 Token
kubectl config set-credentials dashboard_user \
--token=${DASHBOARD_LOGIN_TOKEN} \
--kubeconfig=dashboard.kubeconfig
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=dashboard_user \
--kubeconfig=dashboard.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=dashboard.kubeconfig
把生成的dashboard.kubeconfig拷贝到本地,登录仪表板时使用
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献2条内容
所有评论(0)