一、首先安装dashboard
https://github.com/kubernetes/dashboard
需要下载的yaml文件 https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
可以进行一些修改
首先是HTTPS的修改部分
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
- --metrics-provider=none
- --api-log-level=DEBUG
- --v=10
HTTP的修改部分
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 80
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: #- --auto-generate-certificates #- --namespace=kubernetes-dashboard - --enable-insecure-login=true - --insecure-port=8443 - --metrics-provider=none - --namespace=kubernetes-dashboard - --enable-skip-login=true
用kubectl apply -f 提交修改后的文件
查看相关内容是否都已经启动成功
kubectl get all -n kubernetes-dashboard
二、下边开始安装ingress
首先参考
https://kubernetes.github.io/ingress-nginx/deploy/#prerequisite-generic-deployment-command
主要使用的文件就是
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/mandatory.yaml
由于不想使用 nodeport 的service暴露服务,选择在ingress-controller的机器上暴露端口
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector:
kubernetes.io/os: linux
kubernetes.io/hostname: xxx.xxx.xxx.xxx #nginx启动所在的机器
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: nginx-ingress-controller
配置service文件 由于我是bare-metal的 所以参考地址 https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal
https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.26.2/deploy/static/provider/baremetal/service-nodeport.yaml
进行了一些修改
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
#type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
- name: https
port: 443
targetPort: 443
protocol: TCP
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
上边说过不用Nodeport方式,所以改了一下
用kubectl apply -f 提交这两个文件
查看启动情况
kubectl get all -n ingress-nginx
三、 开始为dashboard配置ingress的rule
首先是HTTPS的配置
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
#nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
#tls:
#- secretName: kubernetes-dashboard-certs
rules:
- http:
paths:
#- path: /dashboard(/|$)(.*)
- path: /dashboard/(.*)
backend:
serviceName: kubernetes-dashboard
servicePort: 443
注意上边的 annotations
其次是 HTTP的
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 80
HTTP的方式我直接使用 / 作为路径, HTTPS使用/dashboard/ 作为路径
访问时使用在 ingress那绑定的机器 使用80或者443端口来访问 记得后边一定要有 / , 比如 (HTTP的配置) http://xxx.xxx.xxx.xxx/ ,
(HTTPS的配置) https://xxx.xxx.xxx.xxx/dashboard/
四、为dashboard创建用户
可以参考 https://github.com/kubernetes/dashboard#create-an-authentication-token-rbac
可以参考 https://my.oschina.net/u/2306127/blog/1930169?from=timeline
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
然后执行安装(所建立的账号为dashboard):
kubectl create -f dashboard-rbac.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-token | awk '{print $1}')
注意:如果使用cert-manager, 那ingress是https的,deployment就使用http的
参考地址
https://www.servicemesher.com/blog/general-kubernetes-dashboard/