部署dashboard
一、部署kubernates
使用kubephere安装的kubernates系统,安装完成的截图
创建集群
./kk create cluster -f config-sample.yaml
删除集群
./kk delete cluster -f config-sample.yaml
docker镜像打包或者解压
docker save zhxl1989/ingress-nginx-controller:v1.2.1 | gzip > ingress-nginx-controller.tar.gzgunzip -c ingress-nginx-controller.tar.gz | docker load
安装dashboard,参考文档
dashboard/installation.md at master · kubernetes/dashboard (github.com)
第一步、创建本地证书存储目录
mkdir -p /root/certs
第二步、创建dashboard的名称空间
kubectl create namespace kubernetes-dashboard
第三步、创建证书
kubectl create secret generic kubernetes-dashboard-certs --from-file=/certs -n kubernetes-dashboard kubectl get secret -n kubernetes-dashboard kubectl describe secret kubernetes-dashboard-certs -n kubernetes-dashboard
生成证书 kubectl get secret -A
自签名证书
如果您想自己生成证书,则需要像OpenSSL这样的库来帮助您做到这一点。生成私钥和证书签名请求
创建 SSL 证书需要私钥和证书签名请求。这些可以通过几个简单的命令生成。当 openssl req 命令要求输入“质询密码”时,只需按回车键,将密码留空即可。证书颁发机构使用此密码在证书所有者想要吊销其证书时对其进行身份验证。由于这是自签名证书,因此无法通过 CRL(证书吊销列表)将其吊销。openssl genrsa -des3 -passout pass:over4chars -out dashboard.pass.key 2048
...
openssl rsa -passin pass:over4chars -in dashboard.pass.key -out dashboard.key
# Writing RSA key
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr
...
Country Name (2 letter code) [AU]: US
...
A challenge password []:
...
生成 SSL 证书
自签名 SSL 证书是从私钥和文件生成的。dashboard.keydashboard.csropenssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
该文件是适合与仪表板一起使用的证书以及私钥。dashboard.crtdashboard.key
网络的原因,部分镜像需要从aliyun拉取,再本地进行tag改名
查看官网文档,kubernates与Dashboard对应的版本。
docker pull registry.aliyuncs.com/google_containers/dashboard:v2.5.1
docker tag registry.aliyuncs.com/google_containers/dashboard:v2.5.1 kubernetesui/dashboard:v2.5.1
docker pull registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
docker tag registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.8 kubernetesui/metrics-scraper:v1.0.7
第四步、kubectl create --edit -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
镜像拉取方式改为:imagePullPolicy: IfNotPresent 及证书路径,secrets的配置
改成dashboard.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:securityContext:seccompProfile:type: RuntimeDefaultcontainers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.5.1imagePullPolicy: IfNotPresent ports:- containerPort: 8443protocol: TCPcommand:- /dashboardargs:- --bind-address=0.0.0.0- --token-ttl=7200- --tls-cert-file=dashboard.crt- --tls-key-file=dashboard.key- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperspec:securityContext:seccompProfile:type: RuntimeDefaultcontainers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.7imagePullPolicy: IfNotPresentports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
第五步、运行修改后的dashboard配置文件
kubectl apply -f dashboard.yaml
第六步、查看所有运行的pod
kubectl get pods -A查看启动详情kubectl describe pod kubernetes-dashboard -n kubernetes-dashboard
第七步、创建create-admin.yaml 并 kubectl apply -f create-admin.yaml。
apiVersion: v1
kind: ServiceAccount
metadata:name: adminnamespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: adminnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: adminnamespace: kubernetes-dashboard
第八步、查看登录的Token,Ingress访问时候使用
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin | awk '{print $1}')
第九步、kubectl apply -f nginx-ingress-controller.yaml
可参考
Kubernetes部署kubernates Nginx Ingress Controller_青春不流名的博客-CSDN博客
Kubernetes:在没有主机且没有代理的情况下通过Ingress路由Kubernetes仪表板 - 编程之家 (jb51.cc)
第十步、配置访问Ingress,kubectl apply -f k8s-dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:annotations:nginx.ingress.kubernetes.io/rewrite-target: /nginx.ingress.kubernetes.io/add-base-url: "true"nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"nginx.ingress.kubernetes.io/secure-backends: "true"nginx.ingress.kubernetes.io/force-ssl-redirect: "true"ingress.kubernetes.io/configuration-snippet: |rewrite ^(/dashboard)$ $1/ permanent;name: nginx-ingressnamespace: kubernetes-dashboard
spec:ingressClassName: nginxrules:- host: xiaolu.liebe.com.cnhttp:paths:- backend:service:name: kubernetes-dashboardport:number: 443path: /pathType: Prefixtls:- secretName: k8s-dashboardhosts:- xiaolu.liebe.com.cn
查看Ingress信息
kubectl describe ingress/nginx-ingress -n kubernetes-dashboard
浏览器访问
https://xiaolu.liebe.com.cn/#/login
获取token
部署dashboard相关推荐
- 09-2.部署 dashboard 插件
09-2.部署 dashboard 插件 修改配置文件 将下载的 kubernetes-server-linux-amd64.tar.gz 解压后,再解压其中的 kubernetes-src.tar. ...
- ASP.NET Core on K8S深入学习(2)部署过程解析与部署Dashboard
上一篇<K8S集群部署>中搭建好了一个最小化的K8S集群,这一篇我们来部署一个ASP.NET Core WebAPI项目来介绍一下整个部署过程的运行机制,然后部署一下Dashboard,完 ...
- k8s dashboard_k8s集群部署Dashboard
部署Dashboard(Web UI) * dashboard-deployment.yaml // 部署Pod,提供Web服务 * dashboard-rbac.yaml // 授权访问apiser ...
- k8s dashboard_ASP.NET Core on K8S深入学习(2)部署过程解析与部署Dashboard
文章转载于公众号[恰同学骚年],作者Edison Zhou 上一篇<K8S集群部署>中搭建好了一个最小化的K8S集群,这一篇我们来部署一个ASP.NET Core WebAPI项目来介绍一 ...
- k8s 集群部署(dashboard+metrics-server)
Kubeadm 部署 Kubernetes1.18.6 集群 一.kubeadm 工作原理 kubeadm 是 Kubernetes 主推的部署工具之一,正在快速迭代开发中. 1.初始化系统 所有机器 ...
- kubernetes部署dashboard可视化插件
Dashboard简介 在 Kubernetes 社区中,有一个很受欢迎的 Dashboard 项目,它可以给用户提供一个可视化的 Web 界面来查看当前集群的各种信息.用户可以用 Kubernete ...
- kubernetes之部署dashboard 和heapster
部署dashboard之前,先确保traefik https方式部署成功,这样就可以通过 https 域名的方式访问dashboard,无需kube-proxy转发了.假设traefik-ingres ...
- 第五篇:kubernetes部署dashboard(图形化界面)
说明: 总的目标是在k8s集群部署gitlab.jenkins,并且在本地提交代码到gitlab后jenkin流水线可以自动编译打包成为docker镜像然后部署到k8s中并实现客户端外部域名访问,在文 ...
- K8S部署Dashboard和Heapster
K8S部署Dashboard和Heapster 0.前言 文章使用的k8s版本为1.10.0,dashboard版本为v1.8.3 系统为CentOS7 总共有三台机器: Name IP Role c ...
- k8s部署dashboard
1.dashboard概述 Dashboard是基于网页的Kubernetes用户界面.您可以使用Dashboard将容器应用部署到Kubernetes集群中,也可以对容器应用排错,还能管理集群资源. ...
最新文章
- Javascript 的addEventListener()及attachEvent()区别分析
- ce测试数据文章ce测试数据文章ce测试数据文章ce测试数据文章ce测试数据文章ce测试数据文章ce测试数据文章ce测试数据文章ce测试数据文章
- .network 中文文档_以太坊链下支付网络Raiden API中文文档
- 【SpringCloud】服务降级 Hystrix DashBoard
- Eclipse环境安装Python插件PyDev
- dynamic集合动态添加属性
- Oracle停止数据泵,如何停止重启数据泵任务
- bxp3.3与其他版本的区别(转)
- 爬虫-用xpath爬取豆瓣图书的短评
- 企业邮箱怎么注册流程?企业邮箱域名怎么注册?
- editplus5激活码 文件下载 汉化包
- 前端引用高德地图SDK
- AI实战:文本自动摘要简述
- CSS 标签诡异添加 injected stylesheet
- Base64 编码原理及代码实现
- 联合索引(复合索引)和单个索引
- [数论] 约数个数定理与约数和定理
- 红米4高配版_标注:2016060_官方线刷包_救砖包_解账户锁
- 安装moodle的方法及遇到的问题
- 小米6X计算机在后台程序无法关闭,小米6怎么关闭后台程序教程