继续前一章部署。
dashboard 部署
17.1 下载和分发二进制文件,参考 第三章
# 解压二进制文件 [root@k8s-m1 ~]# cd ~/k8s/v1.11.2/kubernetes/ [root@k8s-m1 kubernetes]# tar zxvf kubernetes-src.tar.gz [root@k8s-m1 yaml]# cd ~/k8s/v1.11.2/kubernetes/cluster/addons/dashboard/ # 修改 dashboard-controller.yaml [root@k8s-m1 dashboard]# cp dashboard-controller.yaml dashboard-controller.yaml.orig [root@k8s-m1 dashboard]# diff dashboard-controller.yaml{,.orig} 34,35c34 < #image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 < image: registry.cn-shenzhen.aliyuncs.com/kubernetes-dashboard-amd64:v1.8.3 --- > image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 # 关于 dashboard-controller.yaml 的修改,也可以用另外一种不修改 yaml 的方法。 # 即:先在节点上 download dashboard 的镜像,然后修改 tag 后直接执行 yaml 文件 # 先看一下 yaml 里面 image 的值: [root@k8s-m1 dashboard]# grep image dashboard-controller.yaml image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 # 然后下载并修改 tag [root@k8s-m2 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:v1.8.3 [root@k8s-m2 ~]# docker tag registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:v1.8.3 k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 # 修改 dashboard-service.yaml [root@k8s-m1 dashboard]# cp dashboard-service.yaml dashboard-service.yaml.orig [root@k8s-m1 dashboard]# diff dashboard-service.yaml.orig dashboard-service.yaml 10a11 > type: NodePort [root@k8s-m1 dashboard]#
17.2 执行所有定义文件
[root@k8s-m1 dashboard]# ls *.yaml dashboard-configmap.yaml dashboard-controller.yaml dashboard-rbac.yaml dashboard-secret.yaml dashboard-service.yaml # 执行定义的 yaml
[root@k8s-m1 dashboard]# kubectl apply -f . configmap/kubernetes-dashboard-settings created serviceaccount/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-key-holder created service/kubernetes-dashboard created
17.3 查看分配的 NodePort
[root@k8s-m1 dashboard]# kubectl get deployment kubernetes-dashboard -n kube-system NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE kubernetes-dashboard 1 1 1 1 6m [root@k8s-m1 dashboard]# kubectl --namespace kube-system get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE coredns-55877fc9fb-btn4p 1/1 Running 0 1h 172.30.10.3 k8s-m2 <none> kubernetes-dashboard-69db8c7745-84vbx 1/1 Running 1 6m 172.30.10.5 k8s-m2 <none> [root@k8s-m1 dashboard]# kubectl get services kubernetes-dashboard -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes-dashboard NodePort 10.254.127.159 <none> 443:8789/TCP 6m
- 可以修改 dashboard-service.yaml 添加一个 nodePort: 8888,指定端口
- dashboard 的 --authentication-mode 支持 token、basic,默认为 token。如果使用 basic,则 kube-apiserver 必须配置 '--authorization-mode=ABAC' 和 '--basic-auth-file' 参数
17.4 查看 dashboard 支持的命令行参数
[root@k8s-m1 dashboard]# kubectl exec --namespace kube-system -it kubernetes-dashboard-69db8c7745-84vbx -- /dashboard --help 2018/11/14 10:15:50 Starting overwatch Usage of /dashboard: --alsologtostderr log to standard error as well as files --apiserver-host string The address of the Kubernetes Apiserver to connect to in the format of protocol://address:port, e.g., http://localhost:8080. If not specified, the assumption is that the binary runs inside a Kubernetes cluster and local discovery is attempted. --authentication-mode stringSlice Enables authentication options that will be reflected on login screen. Supported values: token, basic. Default: token.Note that basic option should only be used if apiserver has '--authorization-mode=ABAC' and '--basic-auth-file' flags set. (default [token]) --auto-generate-certificates When set to true, Dashboard will automatically generate certificates used to serve HTTPS. Default: false. --bind-address ip The IP address on which to serve the --secure-port (set to 0.0.0.0 for all interfaces). (default 0.0.0.0) --default-cert-dir string Directory path containing '--tls-cert-file' and '--tls-key-file' files. Used also when auto-generating certificates flag is set. (default "/certs") --disable-settings-authorizer When enabled, Dashboard settings page will not require user to be logged in and authorized to access settings page. --enable-insecure-login When enabled, Dashboard login view will also be shown when Dashboard is not served over HTTPS. Default: false. --heapster-host string The address of the Heapster Apiserver to connect to in the format of protocol://address:port, e.g., http://localhost:8082. If not specified, the assumption is that the binary runs inside a Kubernetes cluster and service proxy will be used. --insecure-bind-address ip The IP address on which to serve the --port (set to 0.0.0.0 for all interfaces). (default 127.0.0.1) --insecure-port int The port to listen to for incoming HTTP requests. (default 9090) --kubeconfig string Path to kubeconfig file with authorization and master location information. --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log_dir string If non-empty, write log files in this directory --logtostderr log to standard error instead of files --metric-client-check-period int Time in seconds that defines how often configured metric client health check should be run. Default: 30 seconds. (default 30) --port int The secure port to listen to for incoming HTTPS requests. (default 8443) --stderrthreshold severity logs at or above this threshold go to stderr (default 2) --system-banner string When non-empty displays message to Dashboard users. Accepts simple HTML tags. Default: ''. --system-banner-severity string Severity of system banner. Should be one of 'INFO|WARNING|ERROR'. Default: 'INFO'. (default "INFO") --tls-cert-file string File containing the default x509 Certificate for HTTPS. --tls-key-file string File containing the default x509 private key matching --tls-cert-file. --token-ttl int Expiration time (in seconds) of JWE tokens generated by dashboard. Default: 15 min. 0 - never expires (default 900) -v, --v Level log level for V logs --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging command terminated with exit code 2
17.5 访问 dashboard