完整系列
- k8s系列(1)-腾讯云CVM手动部署K8S_Dashboard安装1
- k8s系列(1)-腾讯云CVM手动部署K8S_Dashboard安装2
- k8s系列(2)-Service
- k8s系列(3)-StatefulSet的MongoDB实战
- k8s系列(4)-MongoDB数据持久化
- k8s系列(5)-Configmap和Secret
- k8s系列(6)-Helm
- k8s系列(7)-命名空间
- k8s系列(8)-Ingress
- k8s系列(9)-容忍、污点、亲和
如果没有任何基础请先参考, 此文章紧接上一篇
腾讯云CVM手动部署K8S(1)-集群部署
五. Dashboard
1. 设置dashboard的yaml文件,提供nodePort
代码语言:txt复制kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
kubectl get pods --namespace=kubernetes-dashboard -o wide
#将里面的type: ClusterIP改为type: NodePort 后 wq 保存即可
kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard
kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
image.png这里我们设置的端口30001,所以要关闭腾讯云安全组
image.png2. 查看安装到的节点
代码语言:txt复制[root@master ~]# kubectl get pods -A
[root@master ~]# kubectl get pod kubernetes-dashboard-57c9bfc8c8-m4l6k -n kubernetes-dashboard -o wide此刻我们发现安装到的是node1节点
3. 生成https的服务器证书并重启dashboard
146.56.225.44对应node1节点的ip
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048
#我这里写的自己的node1节点,因为我是通过nodeport访问的;如果通过apiserver访问,可以写成自己的master节点ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=146.56.225.44'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
#查看pod
kubectl get pod -n kubernetes-dashboard
#重启pod
kubectl delete pod kubernetes-dashboard-57c9bfc8c8-m4l6k -n kubernetes-dashboard4. 输入node1的ip 端口
浏览器输入https://146.56.225.44:30001/, 鼠标点击页面输入thisunsafe,让chrome信任,从而进入页面
image.png5. 创建service account并绑定默认cluster-admin管理员集群角色:
1.创建用户:
代码语言:txt复制kubectl create serviceaccount dashboard-admin -n kube-system
1.2. 用户授权:
代码语言:txt复制kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin3. 获取用户Token:
代码语言:txt复制kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')其他. 完整步骤
代码语言:txt复制#删除pod
kubectl delete deployment kubernetes-dashboard --namespace=kubernetes-dashboard
kubectl delete deployment dashboard-metrics-scraper --namespace=kubernetes-dashboard
#删除service
kubectl delete service kubernetes-dashboard --namespace=kubernetes-dashboard
kubectl delete service dashboard-metrics-scraper --namespace=kubernetes-dashboard
#删除账户和密钥
kubectl delete sa kubernetes-dashboard --namespace=kubernetes-dashboard
kubectl delete secret kubernetes-dashboard-certs --namespace=kubernetes-dashboard
kubectl delete secret kubernetes-dashboard-key-holder --namespace=kubernetes-dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl get pods --namespace=kubernetes-dashboard -o wide
#将里面的type: ClusterIP改为type: NodePort 后 wq 保存即可
kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard
kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048
#我这里写的自己的node1节点,因为我是通过nodeport访问的;如果通过apiserver访问,可以写成自己的master节点ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=146.56.231.5'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
#查看pod
kubectl get pod -n kubernetes-dashboard
#重启pod
kubectl delete pod kubernetes-dashboard-576cb95f94-lv8ln -n kubernetes-dashboard参考文档
- 安装 Kubernetes 集群
- Kubernetes (K8S) 3 小时快速上手 实践,无废话纯干货
- kubeadm reset 重置
- thisisunsafe的神奇之chrome浏览器打不开不安全的https网页
- https://km.woa.com/group/31235/articles/show/445935?kmref=search&from_page=1&no=1
