kubernetes的雲中漫步(五)－－kubeadm之dashboard界面部署與使用

kubeadm之dashboard

１．因訪問dashboard界面時須要使用https，因此在本次測試環境中使用openssl進行數據加密傳輸：

[root@k8s-master ~]# openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
Generating RSA private key, 2048 bit long modulus
....................+++
........+++
e is 65537 (0x10001)
[root@k8s-master ~]# openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
writing RSA key
[root@k8s-master ~]# openssl req -new -key dashboard.key -out dashboard.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:china
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:qf
Organizational Unit Name (eg, section) []:qf
Common Name (eg, your name or your server's hostname) []:xingdian Email Address []:zhuangyaovip@163.com Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@k8s-master ~]# openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/C=CN/ST=china/L=beijing/O=qf/OU=qf/CN=xingdian/emailAddress=zhuangyaovip@163.com
Getting Private key

２．將生成的祕鑰傳給node節點

[root@k8s-master ~]# mkdir /opt/certs
[root@k8s-master ~]# ls
dashboard.crt  dashboard.csr  dashboard.key  dashboard.pass.key 
[root@k8s-master ~]# mv dashboard.crt dashboard.key /opt/certs/
[root@k8s-master ~]# scp -r /opt/certs k8s-node-1:/opt/
dashboard.crt                                                                           100% 1273   919.4KB/s   00:00    
dashboard.key                                                                           100% 1675     1.5MB/s   00:00    
[root@k8s-master ~]# scp -r /opt/certs k8s-node-2:/opt/
dashboard.crt                                                                           100% 1273   966.4KB/s   00:00    
dashboard.key

３．先將yaml文件下載下來，修改裏面鏡像地址和Service NodePort類型

[root@k8s-master ~]# git clone https://github.com/blackmed/kubernetes-kubeadm.git
[root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0

使用個人git下載的yaml文件是已經修改過得，如下是修改過程

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

執行yaml文件：

[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard.yaml

４．建立一個管理員角色:

[root@k8s-master ~]# vim kubernetes-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

執行yaml文件

[root@k8s-master ~]#　kubectl apply -f　kubernetes-admin.yaml

５．生成token的令牌登陸使用

[root@k8s-master dashboard]# kubectl describe secret dashboard-admin -n kube-system
Name:         dashboard-admin-token-fsdcn
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 6700f33f-8fc3-409c-b253-8796cf850014

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjE3OVpva3B2Z2drNGN3OGppcTVkc1hhbVVzY2NJclF5QlBEYWQwZ0tjUVEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZnNkY24iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjcwMGYzM2YtOGZjMy00MDljLWIyNTMtODc5NmNmODUwMDE0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.i4P9A96V9847mlzv1e4q4EtXU-2PwXebT1Ax85d_5GtNMetPr7tDadeciw09TlTK0Ju8MCicmN0UmPDTQ3gCD6B9zR7V1chIPh7GuiSKaYxHQFeRjcRqRBhNUREmtUd_F5CZR3nP5XwNoimVQuCLD2EdveXCr8WcZTG5E8fy7T2ip0PJ1emoD_V1CV49ldSu2AmN4h7LZ9X7o4CbSt_XVABQEIBHyMn3GkeC-Q-YOM6BWKviJM8kAynSFFNSyVzygzMqwzCfZqqNv9-FE0aAUq2jECvY-aFnFBqkLAIPX_vPIlailQu4mmUNctV-GlBw2yeY0y4Zd2OMXhFGxpzrQw

６．檢查pods發現dashboard正常運行

[root@k8s-master dashboard]# kubectl get pods --namespace=kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
coredns-6955765f44-4t2jd                1/1     Running   0          32h
coredns-6955765f44-ck62g                1/1     Running   0          32h
etcd-k8s-master                         1/1     Running   2          32h
kube-apiserver-k8s-master               1/1     Running   2          32h
kube-controller-manager-k8s-master      1/1     Running   3          32h
kube-flannel-ds-amd64-4n72n             1/1     Running   0          3h31m
kube-flannel-ds-amd64-mpdsm             1/1     Running   0          99m
kube-flannel-ds-amd64-vblsd             1/1     Running   0          99m
kube-proxy-2f4jl                        1/1     Running   0          99m
kube-proxy-8kmc4                        1/1     Running   0          99m
kube-proxy-r4qsn                        1/1     Running   2          32h
kube-scheduler-k8s-master               1/1     Running   3          32h
kubernetes-dashboard-6745f84c7b-rkg4d   1/1     Running   0          5m25s

７．瀏覽器訪問