1.安装dashboard:
wget -O kubernetes-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml sed -i "s/k8s\.gcr\.io/hati/g" kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
kubectl get pods -n kube-system
2.创建服务账户,绑定集群角色:
service_account.yaml
1 apiVersion: v1 2 kind: ServiceAccount 3 metadata: 4 name: admin-user 5 namespace: kube-system
clusterrolebinding.yaml
1 apiVersion: rbac.authorization.k8s.io/v1 2 kind: ClusterRoleBinding 3 metadata: 4 name: admin-user 5 roleRef: 6 apiGroup: rbac.authorization.k8s.io 7 kind: ClusterRole 8 name: cluster-admin 9 subjects: 10 - kind: ServiceAccount 11 name: admin-user 12 namespace: kube-system
kubectl apply -f service_account.yaml
kubectl apply -f clusterrolebinding.yaml #Bearer Token kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
3.生成用户 证书
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client" echo "Please install the kubecfg.p12 certificate in your browser, and then restart browser."
4.安装图形化插件heapster
wget -O grafana.yaml https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml wget -O heapster.yaml https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml wget -O influxdb.yaml https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml wget -O heapster-rbac.yaml https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml # Set port ype as "NodePort" for test environment sed -i "s/\# type: NodePort/type: NodePort/g" grafana.yaml # Set only use API server proxy to access grafana sed -i "s/value: \//\#value: \//g" grafana.yaml sed -i "s/\# \#value: \/api/value: \/api/g" grafana.yaml sed -i "s/name: ca-certificates/name: ca-certs/g" grafana.yaml sed -i "s/heapster-grafana-amd64:v5\.0\.4/heapster-grafana-amd:v4\.4\.3/g" grafana.yaml sed -i "s/https:\/\/kubernetes\.default/https:\/\/kubernetes\.default:443?useServiceAccount=true\&kubeletHttps=true\&kubeletPort=10250\&insecure=true/g" heapster.yaml sed -i "s/name: system:heapster/name: cluster-admin/g" heapster-rbac.yaml #Replace k8s.gcr.io image with hati sed -i "s/k8s\.gcr\.io/hati/g" grafana.yaml sed -i "s/k8s\.gcr\.io/hati/g" heapster.yaml sed -i "s/k8s\.gcr\.io/hati/g" influxdb.yaml
kubectl apply -f grafana.yaml
kubectl apply -f heapster.yaml
kubectl apply -f influxdb.yaml
kubectl apply -f heapster-rbac.yaml
kubectl get pods -n kube-system
kubectl cluster-info