9. 部署 Dashboard

⚠️

Master 节点安装

helm 安装 Dashboard

添加chart repo:

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard

root@master:/etc/kubernetes/conf/nfs# helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard
NAME: kubernetes-dashboard
LAST DEPLOYED: Fri May 12 07:25:41 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************

Get the Kubernetes Dashboard URL by running:
  export POD_NAME=$(kubectl get pods -n default -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=kubernetes-dashboard" -o jsonpath="{.items[0].metadata.name}")
  echo https://127.0.0.1:8443/
  kubectl -n default port-forward $POD_NAME 8443:8443

创建管理员sa:

kubectl create serviceaccount kube-dashboard-admin-sa -n kube-system

kubectl create clusterrolebinding kube-dashboard-admin-sa \
--clusterrole=cluster-admin --serviceaccount=kube-system:kube-dashboard-admin-sa

创建集群管理员登录dashboard所需token:

kubectl create token kube-dashboard-admin-sa -n kube-system --duration=876000h

eyJhbGciOiJSUzI1NiIsImtpZCI6IlU1SlpSTS1YekNuVzE0T1k5TUdTOFFqN25URWxKckt6OUJBT0xzblBsTncifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxOTY4OTA4MjgyLCJpYXQiOjE2NTM1NDgyODIsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJrdWJlLWRhc2hib2FyZC1hZG1pbi1zYSIsInVpZCI6IjY0MmMwMmExLWY1YzktNDFjNy04Mjc5LWQ1ZmI3MGRjYTQ3ZSJ9fSwibmJmIjoxNjUzNTQ4MjgyLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06a3ViZS1kYXNoYm9hcmQtYWRtaW4tc2EifQ.Xqxlo2vJ9Hb6UUVIqwvc8I5bahdxKzSRSaQI_67Yt7_YEHmkkHApxUGlwJYTKF9ufww3btlCmM8PtRn5_Q1yv-HAFyTOYKo8WHZ9UCm1bT3X8V8g4GQwZIl2dwmlUmKb1unBz2-em2uThQ015bMPDE8a42DV_bOwWjljVXat0nwV14nGorC8vKLjXbohrIJ3G1pgCJvlBn99F1RelmSUSQLlolUFoxpN6MamYTElwR6FfD-AGmFXvZSbcFaqVW0oxJHV70Gjs2igOtpqHFxxPlHT8aQzlRiybPtFyBf9Ll87TmVJimT89z8wv2si2Nee8bB2jhsApLn8TJyUSlbTXA

如何访问

第一种: port-forward转发

使用 port-forward 转发 (临时方案, 需要阻塞终端)

 kubectl -n default port-forward $POD_NAME 30443:8443 --address 0.0.0.0

第二种: NodePort 转发 + 外部 nginx 转发

调整 Service kubernetes-dashboard

从 ClusterIP 转化为 NodePort , 新增 nodePort: 30843

kubectl edit service kubernetes-dashboard

apiVersion: v1
kind: Service
metadata:
  ...
spec:
  ports:
  - name: https
    nodePort: 30843
    port: 443
    protocol: TCP
    ...
  ...
  type: NodePort

配置 nginx 转发

注意 proxy_pass 的协议是 https

 
server {
listen 443 ssl http2;
server_name kubernetes.fabric.jansora.com;
ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate     /etc/nginx/certs/lets-encrypt-jansora.com/jansora.com.cer;
ssl_certificate_key /etc/nginx/certs/lets-encrypt-jansora.com/jansora.com.key;
location / {
proxy_pass_header Server;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_pass https://192.168.88.103:30843/;
}
}

第三种: 配置 ingress 转发

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard-ingress
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # 80 -> 443
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 代理 dashboard 的 https 协议
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - dashboard.kubernetes.jansora.com
      secretName: wildcard.jansora.com
  rules:
    - host: dashboard.kubernetes.jansora.com
      http:
        paths:
          - backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 443
            pathType: Prefix
            path: /

喜闻悦见 https://dashboard.kubernetes.jansora.com (opens in a new tab) lBc5i7

等等. 还需要配置 dashboard 权限

否则页面是空的

namespace 默认是 default 请根据实际的填写

kubectl apply -f https://storage.qiniu.jansora.com/files/uPic/2023/05/12/dashboard-admin.yaml

dashboard-admin.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: default

kubectl apply -f dashboard-admin.yaml

调整dashboard token 失效期

默认的 dashboard token 好像是 10 分钟.

从 dashboard web ui 编辑 dashboard deployment yaml

KPeYZn

调整 args --token-ttl=3153600000 点 Update

tmfQdK

12. 部署证书 14. 部署 Metric Server