docker-使用rancher安裝k8s集群之安裝dashborad

1、下載官方文件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml

sed -i 's#k8s.gcr.io#gcrxio#g' kubernetes-dashboard.yaml

修改nodeport訪問，service部分

vim kubernetes-dashboard.yaml
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
　　   nodeport: 30443
selector: k8s-app: kubernetes-dashboard

　　

　　

[root@master .kube]# kubectl apply -f kubernetes-dashboard.yaml

 

[root@master .kube]# kubectl get pods -nkube-system
NAME                                      READY   STATUS      RESTARTS   AGE
canal-5j244                               2/2     Running     0          3h43m
canal-xz2bw                               2/2     Running     1          3h30m
coredns-86bc4b7c96-szfpl                  1/1     Running     4          3h43m
coredns-autoscaler-5d5d49b8ff-r88rf       1/1     Running     0          3h43m
kubernetes-dashboard-6fc5c9db-sqgxq       1/1     Running     0          56m
metrics-server-7f6bd4c888-j2875           1/1     Running     0          3h43m
rke-coredns-addon-deploy-job-xkcj5        0/1     Completed   0          3h43m
rke-ingress-controller-deploy-job-7vx4q   0/1     Completed   0          3h43m
rke-metrics-addon-deploy-job-ngxj4        0/1     Completed   0          3h43m
rke-network-plugin-deploy-job-f48r2       0/1     Completed   0          3h43m
[root@master .kube]# 

可以用 如下命令查看pod狀態

[root@master .kube]# kubectl describe pods kubernetes-dashboard-6fc5c9db-jwrck -n kube-system

根據查到的信息，這個pods 跑在141上，登錄141查看日志，報錯了
[root@node1 rancher_server_images]# docker logs -f  cf29a4ab17b9
2019/08/13 18:07:08 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2019/08/13 18:07:38 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2019/08/13 18:08:08 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2019/08/13 18:08:38 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.

　

部署 heapster
下載 heapster 相關 yaml 文件
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml

wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml

wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml

wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml

　

刪除現在創建的dashboard
kubect delete -f kubernetes-dashboard.yaml

　　

修改這些個下載下來的yaml，畢竟里面的源都是國外的，你拉不下來
[root@master kubernet-dashboard]# sed -i 's#k8s.gcr.io#gcrxio#g'  heapster-rbac.yaml 
[root@master kubernet-dashboard]# sed -i 's#k8s.gcr.io#gcrxio#g'  influxdb.yaml 
[root@master kubernet-dashboard]# sed -i 's#k8s.gcr.io#gcrxio#g'  heapster.yaml
[root@master kubernet-dashboard]# sed -i 's#k8s.gcr.io#gcrxio#g'  grafana.yaml
然后重新創建一次
[root@master kubernet-dashboard]# kubectl create -f .

獲取dashborad外網訪問端口

[root@master dashboard]# kubectl -n kube-system get svc kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.43.112.242   <none>        443:30443/TCP   61m
[root@master dashboard]#

　得到外部端口為30443

瀏覽器訪問dashboard登陸頁面，使用火狐瀏覽器。別的瀏覽器訪問有問題

https://192.168.65.140:30443 ###必須要用https 不然會提示tls問題。。。。

首次登陸會發現權限問題，因部分原因忘記截圖了，不過很明顯的黃色圖案，啥也看不到

[root@master dashboard]# cat dashboard_cluster_role_binding_admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
[root@master dashboard]# cat dashboard_service_account-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
[root@master dashboard]# kubectl apply -f dashboard_service_account-admin.yaml 

[root@master dashboard]# kubectl apply -f dashboard_cluster_role_binding_admin.yaml

獲取創建admin用戶的token

[root@master dashboard]# kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
Name:         admin-user-token-4qd72
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 1298e129-b512-11e9-b76b-000c2934ddb0

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1017 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRxZDcyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxMjk4ZTEyOS1iNTEyLTExZTktYjc2Yi0wMDBjMjkzNGRkYjAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.rZx7xl0pHKaSGreo7SVFhZa5BfOq7JHuClFaT03fHelb8FRVyvqm3HkNGr9_zOleI4f3jf1vUWFb3z32NYa_BNoLaIF-1j3tOyjrA0MCYsaO0bpbiXQwxUwDdqn_qkdI-9IE5MNFxbKRsAc8otyJCMxeV-T1TnuoqKGRzxM2UneJrHRLnjVKUmdswLO8U8bX-jhXgDmbMG0RBz2D6HlU6y6kIkqUGUyJ-mS6lP3g7MH9T2ZUQH7zeT-xu7gRPNmmiZBWOjsOJx4gj6NGCNecg2s-8CZXN9cvRx83D0WvmzswE3E3M6tUZEpV9zuG7Qs08M3BommLZr0JiV8xlgj8Xg
[root@master dashboard]# 

　　再次登陸輸入token

成功！！！