開始部署

Gitlab 項目地址:https://github.com/kubernetes/dashboard


1) 創建證書:

mkdir dashboard-certs
cd dashboard-certs/
#創建命名空間
kubectl create namespace kubernetes-dashboard

# 創建key文件
openssl genrsa -out dashboard.key 2048
#證書請求
openssl req -new -key dashboard.key -out dashboard.csr -subj /CN=dashboard-cert
#自簽證書,指定證書的有效期天數。
openssl x509 -req -days 3650 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

# 查看證書有效期
openssl x509 -noout -text -in dashboard.crt
#創建kubernetes-dashboard-certs對象

kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

ubuntu18.04時生成CSR時報錯

Cant load /root/.rnd into RNG
140496635077056:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd

解決辦法:

cd /root
openssl rand -writerand .rnd

2) 下載并修改??recommended.yaml??文件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml
#增加直接訪問端口

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30008 #增加
selector:
k8s-app: kubernetes-dashboard

---

#因為自動生成的證書很多瀏覽器無法使用,所以我們在上面自己創建了,注釋掉kubernetes-dashboard-certs對象聲明

#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque

3) 安裝??Dashboard??

#安裝

kubectl apply -f ~/recommended.yaml

#檢查結果

kubectl get pods -A -o wide
kubectl get service -n kubernetes-dashboard -o wide

4) 創建??Dashboard???管理員賬號??dashboard-admin.yaml???,并??apply??


自帶的 serviceaccount 賬號的權限有限,所以咱重新創建一個serviceaccount 賬號,來登錄dashboard。

apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard

5) 賦權??dashboard-admin-bind-cluster-role.yaml??,并??apply??

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard

6) 復制??token??,并登錄??https://192.168.0.104:30008??(換成你環境的ip即可)

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk {print $1})