kubernetes1.9中部署dashboard1.8.3

在1.9k8s中 dashboard可以有两种访问方式kubeconfig（HTTPS）和token（http）

一、基于token的访问

1、下载官方的dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

2、编辑yaml文件

1）添加类型nodeportspec:  type: NodePort  ports:    - port: 443      targetPort:8443  selector:2）修改镜像为自己可用的镜像image:gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.33、创建podkubectl create -f kube-dashboard-admin.yaml 

4、查看pod

kubectl get svc,pod --all-namespaces  | grep dashboardkube-system  svc/kubernetes-dashboard  NodePort    10.254.15.217   <none>          443:27446/TCP   19hkube-system  po/kubernetes-dashboard-cdc8db7d-7xnsw   1/1       Running   0         19h 

5、创建RBAC

vim kube-dashboard-admin.yaml---apiVersion: v1kind: ServiceAccountmetadata:  labels:    k8s-app:kubernetes-dashboard  name:kubernetes-dashboard-admin  namespace:kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name:kubernetes-dashboard-admin  labels:    k8s-app:kubernetes-dashboardroleRef:  apiGroup:rbac.authorization.k8s.io  kind: ClusterRole  name:cluster-adminsubjects:- kind: ServiceAccount  name:kubernetes-dashboard-admin  namespace:kube-system 6、修改deployment文件中的ServiceAccount名称146  serviceAccountName:kubernetes-dashboard-admin重启pod kubectl apply -f kubernetes-dashboard.yaml -f kubernetes-dashboard-admin.rbac.yaml

7、查看RBAC的token登录UI界面时用

kubectl -n kube-system get secret | grepkubernetes-dashboard-admin  

8、使用proxy暴露服务

9访问 192.168.11.70:2355/ui访问dashboard后直接skip就可以了      

是kubeconfig登录dashboard

参考文档：https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.mdhttps://jimmysong.io/posts/kubernetes-dashboard-upgrade/   首先：kubeconfig就是.kube/config文件但是得手动的将token放到里面1、wget下载dashboardwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/admin-rbac.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kube-rbac.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kubernetes-dashboard.yaml配置apiserver服务wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/kube-apiserver.service 

2、修改master上的API

vim /etc/systemd/system/kube-apiserver.service 重启APIsystemctldaemon-reloadsystemctl restartkube-apiserversystemctl statuskube-apiserver 3、部署heapster服务wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/grafana.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster-rbac.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/influxdb.yaml 按顺序创建heapster-rbac.yaml>>>>> influxdb.yaml>>>>> heapster.yaml >>>>> grafana.yaml 注：在k8s中服务的域名是：服务名.空间名.svc.cluster.local例如：monitoring-influxdb.kube-system.svc.cluster.local  # 部署dashboard 主yaml配置文件 kubectl create -f kubernetes-dashboard.yaml kubectl create -f ui-admin-rbac.yaml kubectl create -f ui-read-rbac.yaml kubectlcreate -f admin-user-sa-rbac.yaml3、验证kubectl get pod -n kube-system | grep dashboard

kubectl get svc -n kube-system|grep dashboard

kubectl cluster-info|grep dashboard

 

4、修改apiserver配置

修改配置文件中的IP basic-auth.csv设置dashboard密码登录格式：密码，用户，ID号例如：admin123, admin, 2 重启master

5、登录

https://192.168.11.70:6443/uihttps://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/ingress?namespace=default  

使用token访问

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

将token复制到对话框中点击登录

使用kubeconfig访问

上传config配置文件到Windows上sz /root/.kube/config将上边的token添加到config中      

注：

1、apiserver中开启了RBAC认证，所以要锁RBAC2、kubeconfig = ./kube/conf = kubernetes.pem要在config文件的最后添加token信息才能访问3、修改API组件的配置文件添加密码和用登录认证，开启CA认证，关闭匿名访问--authorization-mode=Node,RBAC\                                                                开启RBAC认证--anonymous-auth=false\                                                                                  关闭匿名访问 --basic-auth-file=/etc/kubernetes/ssl/basic-auth.csv \                          添加密码和用登录认证（密码，用户名，ID号）4、访问方式一共有三种：1）通过kubectl  proxy访问kubectl proxy --address='192.168.11.70' --port=23455--accept-hosts='^*$' &访问 192.168.11.70:2355/ui 2)通过API访问（密码+用户名+token(kubeconfig)）https://192.168.11.70:6443/uihttps://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

参考文档：主要https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.mdhttps://blog.qikqiak.com/post/add-authorization-for-kubernetes-dashboard/