一、首先安裝dashboard
https://github.com/kubernetes/dashboard
需要下載的yaml文件 https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
可以進行一些修改
首先是HTTPS的修改部分
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
- --metrics-provider=none
- --api-log-level=DEBUG
- --v=10
HTTP的修改部分
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 80
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: #- --auto-generate-certificates #- --namespace=kubernetes-dashboard - --enable-insecure-login=true - --insecure-port=8443 - --metrics-provider=none - --namespace=kubernetes-dashboard - --enable-skip-login=true
用kubectl apply -f 提交修改后的文件
查看相關內容是否都已經啟動成功
kubectl get all -n kubernetes-dashboard
二、下邊開始安裝ingress
首先參考
https://kubernetes.github.io/ingress-nginx/deploy/#prerequisite-generic-deployment-command
主要使用的文件就是
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/mandatory.yaml
由於不想使用 nodeport 的service暴露服務,選擇在ingress-controller的機器上暴露端口
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/hostname: xxx.xxx.xxx.xxx #nginx啟動所在的機器
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: nginx-ingress-controller
配置service文件 由於我是bare-metal的 所以參考地址 https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/provider/baremetal/service-nodeport.yaml
進行了一些修改
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
#type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
上邊說過不用Nodeport方式,所以改了一下
用kubectl apply -f 提交這兩個文件
查看啟動情況
kubectl get all -n ingress-nginx
三、 開始為dashboard配置ingress的rule
首先是HTTPS的配置
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
#nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
#tls:
#- secretName: kubernetes-dashboard-certs
rules:
- http:
paths:
#- path: /dashboard(/|$)(.*)
- path: /dashboard/(.*)
backend:
serviceName: kubernetes-dashboard
servicePort: 443
注意上邊的 annotations
其次是 HTTP的
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 80
HTTP的方式我直接使用 / 作為路徑, HTTPS使用/dashboard/ 作為路徑
訪問時使用在 ingress那綁定的機器 使用80或者443端口來訪問 記得后邊一定要有 / , 比如 (HTTP的配置) http://xxx.xxx.xxx.xxx/ ,
(HTTPS的配置) https://xxx.xxx.xxx.xxx/dashboard/
四、為dashboard創建用戶
可以參考 https://github.com/kubernetes/dashboard#create-an-authentication-token-rbac
可以參考 https://my.oschina.net/u/2306127/blog/1930169?from=timeline
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
然后執行安裝(所建立的賬號為dashboard):
kubectl create -f dashboard-rbac.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-token | awk '{print $1}')
注意:如果使用cert-manager, 那ingress是https的,deployment就使用http的
參考地址
https://www.servicemesher.com/blog/general-kubernetes-dashboard/