After finally successfully deployed k8s, I intend to deploy about k8s the web UI: dashboard.
Online methods are some of the major IT deployment with yaml file to generate the dashboard service. Then all the articles are more or less of a problem, not a step is not the same not go on, content or file expires, or both authors believe that something so we know everything is a little hasty steps, but I has not go on.
First, pull mirroring problems, dashboard mirroring is still on, "a foreign well-known search engine" server not directly pull down, so still use the command and then docker tag on the mirror server after downloading from the change of name to address problem.
The official mirror address is: k8s.gcr.io/kubernetes-dashboard-amd64: v1.10.1
I find the address of a mirror: mirrorgooglecontainers (download command: docker pull mirrorgooglecontainers / kubernetes-dashboard-amd64: v1.10.1)
Next is renamed
docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
Once you have then the mirror, open the pod dashboard. There are also various online yaml file version, I tried down the most likely is the following file. Name it kubernetes-dashboard.yaml.
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 selector: k8s-app: kubernetes-dashboard
30001 which can change their own, they want to change the port in the range k8s allowed inside. This port is not applied to the pod physical machine on the network. After a cluster is a cluster of non-k8s can go through this access port (after all, to the browser to access.) I have started not change the port, but did not realize 30001 port has been accounted for other services to fall, so the file is run yaml He did not play any role to play. Here I chose a 30012 port.
Use this file to install the dashboard
kubectl create -f kubernetes-dashboard.yaml
Next is landing with a browser, first find the dashboard is running on that node,
kubectl get pods --all-namespaces -o wide | grep dashboard | awk '{print $8}'
Then visit the node node in the browser. To add URL https: // <ip nodes or domain name>: <value nodePort front yaml file> . I use the browser chrome, immediately shows the "Untrusted Certificate" page, and the advanced options option to continue did not, you can not visit. Internet search a bit to solve this problem, because the certificate expired (Certificate 0001 January 3 open, full expired 2000+ years), only firefox can add an exception. The real solution is to replace the certificate. Find the best method as described online.
mkdir key && cd key openssl genrsa -out dashboard.key 2048 openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.19.0.48' openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt kubectl delete secret kubernetes-dashboard-certs -n kube-system kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system #新的证书 kubectl delete pod kubernetes-dashboard-746dfd476-b2r5f -n kube-system #重启服务
Some of these places according to the actual situation changes, such as the IP address of the third sentence should be changed to node node, and delete the last sentence pod name have to change it. Command is acquired
kubectl get pods --all-namespaces -o wide | grep dashboard | awk '{print $2}'
Then in the browser you can skip the trusted certificate problem. The next question is the login screen, landing in two ways, personally think it is a little token of this convenience. Internet also has a master summed up the acquisition method token command.
kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token
The token will get copied to the browser's interface, you can visit the dashboard.
