BlueXIII's Blog

热爱技术,持续学习

0%

K8S离线部署笔记-11-Dashboard

Posted on

下载地址

https://github.com/kubernetes/dashboard/releases

下载yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# 在线环境,下载yml
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml

# 将Service修改为NodePort类型
spec:
  type: NodePort
  ports:
    - port: 443
      nodePort: 30443
      targetPort: 8443

# 注释掉imagePullPolicy
imagePullPolicy: Always

# 在线环境,下载镜像
docker pull kubernetesui/dashboard:v2.0.4
docker pull kubernetesui/metrics-scraper:v1.0.4
docker save kubernetesui/dashboard:v2.0.4 > dashboard_v2.0.4.tar
docker save kubernetesui/metrics-scraper:v1.0.4 > metrics-scraper_v1.0.4.tar

# 离线环境,导入镜像
docker load < dashboard_v2.0.4.tar
docker load < metrics-scraper_v1.0.4.tar

# 创建自签名CA
openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA" 
openssl x509 -in ca.crt -noout -text

# 签发Dashboard证书
openssl genrsa -out dashboard.key 2048
openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=yourcompany"
cat <<EOF > dashboard.cnf
extensions = san
[san]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth,serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName = IP:10.10.51.78,DNS:yourcompany.com
EOF
openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf
openssl x509 -in dashboard.crt -noout -text

# 挂载证书
kubectl create namespace kubernetes-dashboard
kubectl delete secret kubernetes-dashboard-certs  --namespace=kubernetes-dashboard
kubectl create secret generic kubernetes-dashboard-certs --from-file="./dashboard.crt,./dashboard.key" -n kubernetes-dashboard

# 离线环境,部署dashboard
kubectl delete -f recommended.yaml
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard

# 生成token
kubectl create serviceaccount dashboard-admin-sa
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
kubectl get secrets
kubectl describe secret dashboard-admin-sa-token-5sb8s

# 浏览器访问
https://10.10.51.78:30443

参考文档