1.因訪問dashboard界面時須要使用https,因此在本次測試環境中使用openssl進行數據加密傳輸:node
[root@k8s-master ~]# openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048 Generating RSA private key, 2048 bit long modulus ....................+++ ........+++ e is 65537 (0x10001) [root@k8s-master ~]# openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key writing RSA key [root@k8s-master ~]# openssl req -new -key dashboard.key -out dashboard.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:china Locality Name (eg, city) [Default City]:beijing Organization Name (eg, company) [Default Company Ltd]:qf Organizational Unit Name (eg, section) []:qf Common Name (eg, your name or your server's hostname) []:xingdian Email Address []:zhuangyaovip@163.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@k8s-master ~]# openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt Signature ok subject=/C=CN/ST=china/L=beijing/O=qf/OU=qf/CN=xingdian/emailAddress=zhuangyaovip@163.com Getting Private key
2.將生成的祕鑰傳給node節點git
[root@k8s-master ~]# mkdir /opt/certs [root@k8s-master ~]# ls dashboard.crt dashboard.csr dashboard.key dashboard.pass.key [root@k8s-master ~]# mv dashboard.crt dashboard.key /opt/certs/ [root@k8s-master ~]# scp -r /opt/certs k8s-node-1:/opt/ dashboard.crt 100% 1273 919.4KB/s 00:00 dashboard.key 100% 1675 1.5MB/s 00:00 [root@k8s-master ~]# scp -r /opt/certs k8s-node-2:/opt/ dashboard.crt 100% 1273 966.4KB/s 00:00 dashboard.key
3.先將yaml文件下載下來,修改裏面鏡像地址和Service NodePort類型github
[root@k8s-master ~]# git clone https://github.com/blackmed/kubernetes-kubeadm.git [root@k8s-master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
使用個人git下載的yaml文件是已經修改過得,如下是修改過程web
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 selector: k8s-app: kubernetes-dashboard
執行yaml文件:docker
[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard.yaml
4.建立一個管理員角色:vim
[root@k8s-master ~]# vim kubernetes-admin.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: dashboard-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kube-system roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
執行yaml文件api
[root@k8s-master ~]# kubectl apply -f kubernetes-admin.yaml
5.生成token的令牌登陸使用瀏覽器
[root@k8s-master dashboard]# kubectl describe secret dashboard-admin -n kube-system Name: dashboard-admin-token-fsdcn Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 6700f33f-8fc3-409c-b253-8796cf850014 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjE3OVpva3B2Z2drNGN3OGppcTVkc1hhbVVzY2NJclF5QlBEYWQwZ0tjUVEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZnNkY24iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjcwMGYzM2YtOGZjMy00MDljLWIyNTMtODc5NmNmODUwMDE0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.i4P9A96V9847mlzv1e4q4EtXU-2PwXebT1Ax85d_5GtNMetPr7tDadeciw09TlTK0Ju8MCicmN0UmPDTQ3gCD6B9zR7V1chIPh7GuiSKaYxHQFeRjcRqRBhNUREmtUd_F5CZR3nP5XwNoimVQuCLD2EdveXCr8WcZTG5E8fy7T2ip0PJ1emoD_V1CV49ldSu2AmN4h7LZ9X7o4CbSt_XVABQEIBHyMn3GkeC-Q-YOM6BWKviJM8kAynSFFNSyVzygzMqwzCfZqqNv9-FE0aAUq2jECvY-aFnFBqkLAIPX_vPIlailQu4mmUNctV-GlBw2yeY0y4Zd2OMXhFGxpzrQw
6.檢查pods發現dashboard正常運行bash
[root@k8s-master dashboard]# kubectl get pods --namespace=kube-system NAME READY STATUS RESTARTS AGE coredns-6955765f44-4t2jd 1/1 Running 0 32h coredns-6955765f44-ck62g 1/1 Running 0 32h etcd-k8s-master 1/1 Running 2 32h kube-apiserver-k8s-master 1/1 Running 2 32h kube-controller-manager-k8s-master 1/1 Running 3 32h kube-flannel-ds-amd64-4n72n 1/1 Running 0 3h31m kube-flannel-ds-amd64-mpdsm 1/1 Running 0 99m kube-flannel-ds-amd64-vblsd 1/1 Running 0 99m kube-proxy-2f4jl 1/1 Running 0 99m kube-proxy-8kmc4 1/1 Running 0 99m kube-proxy-r4qsn 1/1 Running 2 32h kube-scheduler-k8s-master 1/1 Running 3 32h kubernetes-dashboard-6745f84c7b-rkg4d 1/1 Running 0 5m25s
7.瀏覽器訪問
app