kubernetes(1.21.1)学习之三helm安装dashboard并且通过ingress对外暴露服务

  |   0 评论   |   0 浏览

制作SSL证书

  由于对外暴露dashboard需要证书,我们先准备一份证书,然后再安装dashboard。

[root@server-master dashboard] mkdir certs
[root@server-master dashboard] cd certs/
#domain是dashboard.junxworks.top
[root@server-master dashboard] openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout dashboard.key -out dashboard.crt -subj "/CN=dashboard.junxworks.top/O=dashboard.junxworks.top"
[root@server-master certs] ls
dashboard.crt  dashboard.key
#创建secret
[root@server-master certs] kubectl create secret generic kubernetes-dashboard-tls --from-file=dashboard.crt --from-file=dashboard.key -n kube-system
secret/kubernetes-dashboard-tls created

helm安装dashboard服务

  • 拉取dashboard的chart
[root@server-master dashboard] helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
"kubernetes-dashboard" has been added to your repositories
[root@server-master dashboard] helm search repo  kubernetes-dashboard
NAME                                            CHART VERSION   APP VERSION     DESCRIPTION                                     
aliyuncs/kubernetes-dashboard                   1.10.1          1.10.1          General-purpose web UI for Kubernetes clusters  
aliyuncs/kubernetes-dashboard-tls               1.2.3           1.10.1          General-purpose web UI with auto-generated TLS ...
kubernetes-dashboard/kubernetes-dashboard       4.3.1           2.3.0           General-purpose web UI for Kubernetes clusters  
stable/kubernetes-dashboard                     1.11.1          1.10.1          DEPRECATED! - General-purpose web UI for Kubern...
[root@server-master dashboard] mkdir chart
[root@server-master dashboard] cd chart/
[root@server-master chart] helm pull kubernetes-dashboard/kubernetes-dashboard
[root@server-master chart] ls
kubernetes-dashboard-4.3.1.tgz
[root@server-master chart] tar zxvf kubernetes-dashboard-4.3.1.tgz
[root@server-master chart] cd kubernetes-dashboard/
  • 修改dashboard的values.yaml
    imagepng
    注意tls就是在上面创建的那个kubernetes-dashboard-tls
    imagepng
  • 安装dashboard
[root@server-master kubernetes-dashboard] helm install -n kube-system kubernetes-dashboard .
[root@server-master kubernetes-dashboard] helm list -n kubernetes-dashboard
NAME                    NAMESPACE               REVISION        UPDATED                                 STATUS          CHART                           APP VERSION
kubernetes-dashboard    kubernetes-dashboard    1               2021-07-20 16:48:29.654222074 +0800 CST deployed        kubernetes-dashboard-4.3.1      2.3.0   
[root@server-master kubernetes-dashboard] kubectl get ingress -n kube-system
NAME                   CLASS    HOSTS                     ADDRESS         PORTS     AGE
kubernetes-dashboard   <none>   dashboard.junxworks.top   192.168.1.223   80, 443   7m33s
[root@server-master dashboard] kubectl get pod -n kube-system
NAME                                    READY   STATUS    RESTARTS   AGE
kubernetes-dashboard-755574b68d-jvpq4   1/1     Running   0          3m39s
  • 访问dashboard
      因为通过域名进行访问,因此修改一下hosts文件,将dashboard.junxworks.top的ip解析成slave1节点的ip 192.168.1.223。浏览器访问 https://dashboard.junxworks.top/,然后自动跳转到登录页面:
    imagepng
    由于dashboard自动生成的token没有权限,这里我们需要自己另外新建一个serviceaccount,dashboard-admin.yaml如下:
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

[root@server-master dashboard] kubectl create -f dashboard-admin.yaml
[root@server-master kubernetes-dashboard] kubectl get secret -n kube-system | grep dashboard-admin-token
dashboard-admin-token-cmjfx                      kubernetes.io/service-account-token   3      5m30s
[root@server-master dashboard]#  kubectl describe secret dashboard-admin-token-cmjfx -n kube-system
Name:         dashboard-admin-token-cmjfx
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: bb9ef2ca-461f-46a8-b907-8b2d3fb5035c

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImZpYjNoMXRCZ1JoZW96RW5xa1F2bXVKSndDY0w1M2pySmFpSFdVcWZNRkUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tY21qZngiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmI5ZWYyY2EtNDYxZi00NmE4LWI5MDctOGIyZDNmYjUwMzVjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.xzl4WDgx9VMiai8LgFo_eKNGwMdCpnlEO4k-L9tgu46ua6ziicZRYut40Fim-Apw214Y6sh1G0jpyQopp68hiv5cr_BQo_PsO_1Hkf7JsgLIAnYa-rJ6vKN3zaUDLGQ4RRkM6ynIxfHYy0v5XHAXGzvPDZHyHVECR4THzHPYNL7gRQKE3XQc5j8Fg-pcFrfYBBtzwwUeXUDeHklfIPU6mANTCXVOY4CI0cWZUhguvENnL--tkNOTdUD31JH4j4JH0OdB7YDSjfi3uvsIWlvI3stIp1yjT5UDZwEOPG6iWVnVm34rJ7Pnh3WULMWg9zms8E3hjBBBpLBljuPuunPmhg
ca.crt:     1066 bytes

将token复制下来,输入到登录页面的token中,即可实现dashboard的登录了
imagepng

标题:kubernetes(1.21.1)学习之三helm安装dashboard并且通过ingress对外暴露服务
作者:michael
地址:https://blog.junxworks.cn/articles/2021/07/20/1626764835133.html