3

上篇文章介绍了k8s1.14.2的安装,本文介绍k8s Dashboard的配置。由于heapster镜像pull的限制,Dashboard的配置也需要复杂的操作。

一、安装heapster

  1. 配置k8s yaml文件

     创建目录~/heapster,复制以下四个文件的内容到heapster目录下
         https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/influxdb/grafana.yaml
         https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/influxdb/heapster.yaml
         https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/influxdb/influxdb.yaml
         https://github.com/kubernetes-retired/heapster/tree/master/deploy/kube-config/rbac/heapster-rbac.yaml
    
  2. 替换文件中的镜像地址

     sed -i 's/k8s.gcr.io/ist0ne/g' grafana.yaml 
     sed -i 's/k8s.gcr.io/ist0ne/g'  heapster.yaml
     sed -i 's/k8s.gcr.io/ist0ne/g'  influxdb.yaml
     如果镜像pull失败服务状态为ImagePullBackOff, 可以尝试其他镜像(docker search heapster)
  3. 安装heapster

     kubectl create -f heapster/

二、安装dashboard

      wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
      sed -i 's/k8s.gcr.io/loveone/g' kubernetes-dashboard.yaml
      sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml
      kubectl create -f kubernetes-dashboard.yaml

三、检查安装

    kubectl get deployment kubernetes-dashboard -n kube-system
    kubectl get pods -n kube-system -o wide
    kubectl get services -n kube-system

四、浏览器访问Dashboard

    https://192.168.33.10:30001
    默认配置中,服务端挂载的是一个空证书,浏览器无法正常访问

clipboard.png

五、 为Dashboard提供完成的TLS证书

    mkdir  -p ~/kubernetes/yml/tls
    cd ~/kubernetes/yml/tls
  1. 创建自签名CA

      openssl genrsa -out ca.key 2048
      openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA"
      openssl x509 -in ca.crt -noout -text
  2. 签发Dashboard证书

     openssl genrsa -out dashboard.key 2048
     openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=192.168.33.10"
     cat dashboard.cnf 
     openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf
     openssl x509 -in dashboard.crt -noout -text
  3. 挂载证书到Dashboard

     kubectl delete -f kubernetes-dashboard.yml 
     kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system 
     kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml
     kubectl apply -f kubernetes-dashboard.yml 
    
    

六、创建令牌使用令牌访问

    kubectl create serviceaccount  dashboard-admin -n kube-system
    kubectl create clusterrolebinding  dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
    kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

clipboard.png

输入令牌进行访问:

clipboard.png

查看工作负载:

clipboard.png

Created by 苏亚强(sueeing@126.com) on 2019/8/12.


邓邓
142 声望5 粉丝