kubernetes部署dashboard

一、版本

k8s版本：v1.17.0

root@k8s-1:~# kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:12:17Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
root@k8s-1:~#

dashboard版本：

部署GitHub上目前最新版本的dashboard v2.0.0-beta8

https://github.com/kubernetes/dashboard/releases

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

二、简介

　　Dashboard 是基于网页的 Kubernetes 用户界面。您可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中，也可以对容器应用排错，还能管理集群资源。您可以使用 Dashboard 获取运行在集群中的应用的概览信息，也可以创建或者修改 Kubernetes 资源（如 Deployment，Job，DaemonSet 等等）。例如，您可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。

在部署完kubernetes v1.17后，让我们来部署一下dashboard，然后通过图形化界面来对资源进行查看与管理。

三、安装dashboard

部署GitHub上目前最新版本的dashboard v2.0.0-beta8

https://github.com/kubernetes/dashboard/releases

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

修改service通过NodePort方式访问k8s dashboard：

　　由于默认的service类型是ClusterIP，我们是自建的kubernetes，无法自动分配ip给service，所以这里我们需要修改一下dashboard的service类型，指定为NodePort以方便我们访问。

编辑我们下载的yaml文件 recommended.yaml

。。。
---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort #新加此行
  ports:
    - port: 443
      nodePort： 30001 #新加此行
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
。。。

应用配置文件

root@k8s-1:~/dashboard# kubectl apply -f recommended.yaml 
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
root@k8s-1:~/dashboard# 

 

 之后指定namespace查看pod和service

 通过节点ip以及service的端口30001访问dashboard页面

　　注意：在没有设置证书的情况下，通过Chrome和ie内核是无法访问这个页面的，我们这里就先使用火狐来继续实验，后面补充通过更新证书来解决此问题。

火狐浏览器：

 我们还需要创建一个dashboard用户来登录

创建一个create-admin.yaml文件，内容如下

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

应用配置文件创建用户

root@k8s-1:~/dashboard# kubectl apply -f create-admin.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

获取到用户的token以用作登录

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

 

 

登录dashboard

  成功登录后的界面

 

四、解决Chrome、ie无法正常访问dashboard问题

问题：通过Chrome和ie无法正常访问dashboard

 

 原因是默认证书是0001年1月签发的已经过期

 解决思路：生成有效证书替换之前的证书

先生成证书

openssl genrsa -out dashboard.key 2048 
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.1.171'
openssl x509 -req -days 3650 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

删除原有证书

kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard

通过新生成的证书创建secret

kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

查看dashboard的pod NAME

kubectl get pod -n kubernetes-dashboard | grep dashboard
root@k8s-1:~/certs# kubectl get pod -n kubernetes-dashboard | grep dashboard
dashboard-metrics-scraper-76585494d8-zh7zc   1/1     Running   0          8m27s
kubernetes-dashboard-5996555fd8-zd7zp        1/1     Running   0          8m28s

删除原有pod即可（会自动创建新的pod）

kubectl delete pod  -n kubernetes-dashboard
root@k8s-1:~/certs# kubectl delete pod -n kubernetes-dashboard kubernetes-dashboard-5996555fd8-zd7zp 
pod "kubernetes-dashboard-5996555fd8-zd7zp" deleted
root@k8s-1:~/certs# 

再次访问dashboard服务，点击查看详情

现在就可以通过chrome正常访问dashboard了。

参考：

https://www.cnblogs.com/tianleblog/p/12157499.html#commentform

https://www.jianshu.com/p/c6d560d12d50

https://www.maxbon.cn/2019/09/27/138.html