k8s学习（二）虚拟机centos7的k8s集群的dashboard安装(主节点中操作)

1.下载编辑kubernetes-dashboard.yaml

cd /opt/
#如果下载不了就网上找一个
wget http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

#修改Service为NodePort, 可以指定固定的nodePort,否则就会随机分配端口
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard

kubernetes-dashboard.yaml文件

2.安装dashboard

执行安装命令：
kubectl  apply -f kubernetes-dashboard.yaml

查看安装状态
kubectl get pod -A -o wide |grep dash
kubectl get svc -A -o wide |grep dash

3.创建登录用户

kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

4.浏览器访问https://IP:30001, 输入登陆密钥，通过以下命令获取秘钥：

kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

解决google浏览器不能访问dashboard页面 https://IP:30001，证书问题

#拷贝api证书充当dashboard的证书签名, 删除默认它的证书
cp /etc/kubernetes/pki/{apiserver.crt,apiserver.key} .
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
#修改dashboard.yaml，配置生成自定义证书(修改args内容)
- --auto-generate-certificates
- --tls-key-file=apiserver.key
- --tls-cert-file=apiserver.crt
#重启dashboard
kubectl  apply -f kubernetes-dashboard.yaml