kubernetes1.9中部署dashboard1.8.3
2018-03-18 14:49
393 查看
在1.9k8s中 dashboard可以有两种访问方式kubeconfig(HTTPS)和token(http)
参考文档:主要https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.mdhttps://blog.qikqiak.com/post/add-authorization-for-kubernetes-dashboard/
一、基于token的访问
1、下载官方的dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml2、编辑yaml文件
1)添加类型nodeportspec: type: NodePort ports: - port: 443 targetPort:8443 selector:2)修改镜像为自己可用的镜像image:gcr.io/google_containers/kubernetes-dashboard-amd64:v1.8.33、创建podkubectl create -f kube-dashboard-admin.yaml4、查看pod
kubectl get svc,pod --all-namespaces | grep dashboardkube-system svc/kubernetes-dashboard NodePort 10.254.15.217 <none> 443:27446/TCP 19hkube-system po/kubernetes-dashboard-cdc8db7d-7xnsw 1/1 Running 0 19h5、创建RBAC
vim kube-dashboard-admin.yaml---apiVersion: v1kind: ServiceAccountmetadata: labels: k8s-app:kubernetes-dashboard name:kubernetes-dashboard-admin namespace:kube-system---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata: name:kubernetes-dashboard-admin labels: k8s-app:kubernetes-dashboardroleRef: apiGroup:rbac.authorization.k8s.io kind: ClusterRole name:cluster-adminsubjects:- kind: ServiceAccount name:kubernetes-dashboard-admin namespace:kube-system 6、修改deployment文件中的ServiceAccount名称146 serviceAccountName:kubernetes-dashboard-admin重启pod kubectl apply -f kubernetes-dashboard.yaml -f kubernetes-dashboard-admin.rbac.yaml7、查看RBAC的token登录UI界面时用
kubectl -n kube-system get secret | grepkubernetes-dashboard-admin8、使用proxy暴露服务
9访问 192.168.11.70:2355/ui访问dashboard后直接skip就可以了是kubeconfig登录dashboard
参考文档:https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.mdhttps://jimmysong.io/posts/kubernetes-dashboard-upgrade/ 首先:kubeconfig就是.kube/config文件但是得手动的将token放到里面1、wget下载dashboardwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/admin-rbac.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kube-rbac.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/dashboard/yaml-file/kubernetes-dashboard.yaml配置apiserver服务wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/kube-apiserver.service2、修改master上的API
vim /etc/systemd/system/kube-apiserver.service 重启APIsystemctldaemon-reloadsystemctl restartkube-apiserversystemctl statuskube-apiserver 3、部署heapster服务wget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/grafana.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster-rbac.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/heapster.yamlwget https://raw.githubusercontent.com/deauss2017/k8s/master/1.9/heapster/yaml-file/influxdb.yaml 按顺序创建heapster-rbac.yaml>>>>> influxdb.yaml>>>>> heapster.yaml >>>>> grafana.yaml 注:在k8s中服务的域名是:服务名.空间名.svc.cluster.local例如:monitoring-influxdb.kube-system.svc.cluster.local # 部署dashboard 主yaml配置文件 kubectl create -f kubernetes-dashboard.yaml kubectl create -f ui-admin-rbac.yaml kubectl create -f ui-read-rbac.yaml kubectlcreate -f admin-user-sa-rbac.yaml3、验证kubectl get pod -n kube-system | grep dashboardkubectl get svc -n kube-system|grep dashboard
kubectl cluster-info|grep dashboard
4、修改apiserver配置
修改配置文件中的IP basic-auth.csv设置dashboard密码登录格式:密码,用户,ID号例如:admin123, admin, 2 重启master5、登录
https://192.168.11.70:6443/uihttps://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/ingress?namespace=default使用token访问
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')将token复制到对话框中点击登录
使用kubeconfig访问
上传config配置文件到Windows上sz /root/.kube/config将上边的token添加到config中注:
1、apiserver中开启了RBAC认证,所以要锁RBAC2、kubeconfig = ./kube/conf = kubernetes.pem要在config文件的最后添加token信息才能访问3、修改API组件的配置文件添加密码和用登录认证,开启CA认证,关闭匿名访问--authorization-mode=Node,RBAC\ 开启RBAC认证--anonymous-auth=false\ 关闭匿名访问 --basic-auth-file=/etc/kubernetes/ssl/basic-auth.csv \ 添加密码和用登录认证(密码,用户名,ID号)4、访问方式一共有三种:1)通过kubectl proxy访问kubectl proxy --address='192.168.11.70' --port=23455--accept-hosts='^*$' &访问 192.168.11.70:2355/ui 2)通过API访问(密码+用户名+token(kubeconfig))https://192.168.11.70:6443/uihttps://192.168.11.70:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login参考文档:主要https://github.com/gjmzj/kubeasz/blob/master/docs/guide/dashboard-1.8.2.mdhttps://blog.qikqiak.com/post/add-authorization-for-kubernetes-dashboard/
相关文章推荐
- kubernetes-dashboard(1.8.3)部署与踩坑
- 部署kubernetes1.8.3高可用集群
- 使用离线包部署kubernetes 1.9.0、kubernetes-dashboard 1.8
- 基于kubernetes1.5.2集群部署DashBoard
- 离线部署 kubernetes1.9(使用kubeadm)
- k8s集群之kubernetes-dashboard和kube-dns组件部署安装
- Ubuntu16.04多主机集群上手动部署Kubernetes,配置docker私有registry,配置Kubernetes-dashboard WEB ui
- [置顶] kubernetes1.5.2--部署dashboard服务
- kubernetes 1.9版本离线部署
- 使用 kubeadm 安装部署 kubernetes 1.9
- kubernetes1.5.2--部署dashboard服务
- Kubernetes 1.7.5部署以及kubernates-dashboard 1.7安装
- kubernetes中部署dashboard UI
- Kubernetes1.91(K8s)安装部署过程(八)-- kubernetes-dashboard安装
- kubernetes 1.9 安装部署
- 基于kubernetes集群部署DashBoard
- centos7 单节点部署k8s以及kubernetes-dashboard安装
- Kubernetes集群中部署dashboard
- Kubernetes 1.5部署安装dashboard