一、下载并修改 Dashboard 安装脚本
-
github 下载最新脚本的 recommended.yaml
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
-
修改 recommended.yaml 的文件内容
#apiVersion: v1 #kind: Namespace #metadata: # name: kubernetes-dashboard --- #增加直接访问端口 kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort #增加 ports: - port: 443 targetPort: 8443 nodePort: 30001 #增加 selector: k8s-app: kubernetes-dashboard --- #因为自动生成的证书很多浏览器无法使用,所以我们自己创建,注释掉kubernetes-dashboard-certs对象声明 #apiVersion: v1 #kind: Secret #metadata: # labels: # k8s-app: kubernetes-dashboard # name: kubernetes-dashboard-certs # namespace: kubernetes-dashboard #type: Opaque #---
二、自签发证书
mkdir dashboard-certs
cd dashboard-certs/
#创建命名空间
kubectl create namespace kubernetes-dashboard
# 创建key文件
openssl genrsa -out dashboard.key 2048
#证书请求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#自签证书
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
三、安装 Dashboard
#安装
kubectl create -f ~/recommended.yaml
#检查结果
kubectl get pods -A -o wide
kubectl get service -n kubernetes-dashboard -o wide
四、创建管理员
-
创建并编辑 dashboard-admin.yaml
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: dashboard-admin namespace: kubernetes-dashboard
-
保存退出后执行
kubectl create -f dashboard-admin.yaml
-
为用户分配权限,创建 dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dashboard-admin-bind-cluster-role labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kubernetes-dashboard
-
保存退出后执行
kubectl create -f dashboard-admin-bind-cluster-role.yaml
五、获取用户 token 并访问 Dashboard
-
查看并复制用户 token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
-
访问:https://<自己搭建的 master 的 IP>:30001,谷歌浏览器不行,但其他浏览器可以,比如Safari,选择Token登录,输入刚才复制的密钥就能登录了。
六、安装 metrics-server
-
拉取镜像
docker pull rancher/metrics-server:v0.3.6 docker tag rancher/metrics-server:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
-
下载安装脚本
cd ~ mkdir metrics-server cd metrics-server wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
-
修改安装脚本
spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} containers: - name: metrics-server image: k8s.gcr.io/metrics-server-amd64:v0.3.6 imagePullPolicy: IfNotPresent args: - --cert-dir=/tmp - --secure-port=4443 ports: - name: main-port containerPort: 4443 protocol: TCP securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 command: #增加 - /metrics-server - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname volumeMounts: - name: tmp-dir mountPath: /tmp nodeSelector: kubernetes.io/os: linux kubernetes.io/arch: "amd64"
-
安装
#安装 kubectl create -f components.yaml #1-2分钟后查看结果 kubectl top nodes
-
再回到dashboard界面可以看到CPU和内存使用情况了
评论区