本实验已获取免费一年的证书,免费证书获取可参考:https://freessl.cn。
提示:也可手动如下操作创建自签证书:
[root@master01 ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=ZheJiang/L=HangZhou/O=Xianghy/OU=Xianghy/CN=k8s.odocker.com"
```shell [root@master01 ~]# kubectl create ns kubernetes-dashboard #v2版本dashboard独立ns [root@master01 ~]# kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/dashboard/certs/ -n kubernetes-dashboard [root@master01 ~]# kubectl get secret kubernetes-dashboard-certs -n kubernetes-dashboard -o yaml #查看新证书 NAME TYPE DATA AGE kubernetes-dashboard-certs Opaque 2 4s ``` ### 下载yaml
```shell [root@master01 ~]# cd /root/dashboard [root@master01 dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml ``` ### 修改为yaml `[root@master01 dashboard]# vi recommended.yaml` ```shell …… kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort #新增 ports: - port: 443 targetPort: 8443 nodePort: 30001 #新增 selector: k8s-app: kubernetes-dashboard --- …… #如下全部注释 #apiVersion: v1 #kind: Secret #metadata: # labels: # k8s-app: kubernetes-dashboard # name: kubernetes-dashboard-certs # namespace: kubernetes-dashboard #type: Opaque …… kind: Deployment …… replicas: 3 #适当调整为3副本 …… imagePullPolicy: IfNotPresent #修改镜像下载策略 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates #关闭自动创建证书 - --namespace=kubernetes-dashboard - --tls-key-file=tls.key - --tls-cert-file=tls.crt - --token-ttl=3600 #追加如上args …… nodeSelector: "beta.kubernetes.io/os": linux "dashboard": "yes" #部署在master节点 …… kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: type: NodePort #新增 ports: - port: 8000 nodePort: 30000 #新增 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper …… replicas: 3 #适当调整为3副本 …… nodeSelector: "beta.kubernetes.io/os": linux "dashboard": "yes" #部署在master节点 …… ``` ### 正式部署 [root@master01 dashboard]# kubectl apply -f recommended.yaml [root@master01 dashboard]# kubectl get deployment kubernetes-dashboard -n kubernetes-dashboard [root@master01 dashboard]# kubectl get services -n kubernetes-dashboard [root@master01 dashboard]# kubectl get pods -o wide -n kubernetes-dashboard
提示:master01 NodePort 30001/TCP映射到 dashboard pod 443 端口。
提示:dashboard v2版本默认没有创建具有管理员权限的账户,可如下操作创建。
[root@master01 dashboard]# vi dashboard-admin.yaml
[root@master01 dashboard]# kubectl apply -f dashboard-admin.yaml
创建ingress策略 [root@master01 ~]# cd /root/dashboard/ [root@master01 dashboard]# vi dashboard-ingress.yaml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" #nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_ssl_session_reuse off; spec: rules: - host: k8s.odocker.com http: paths: - path: / backend: serviceName: kubernetes-dashboard servicePort: 443 tls: - hosts: - k8s.odocker.com secretName: kubernetes-dashboard-tls [root@master01 dashboard]# kubectl apply -f dashboard-ingress.yaml [root@master01 dashboard]# kubectl -n kubernetes-dashboard get ingress