Shulou(Shulou.com)06/02 Report--

Finally, after the successful deployment of K8s, I intend to deploy K8s web UI:dashboard.

The main deployment methods on the Internet are some dashboard services that IT uses yaml files to generate. Then all the articles have some problems more or less, it's not that the steps are different, the contents or files are out of date, or the author thinks that some of the content is known to everyone, so he skips some steps, but I can't do it anymore.

First of all, there is the problem of pulling the image. The image of dashboard still cannot be pulled directly from the server of "some well-known foreign search engine", so the problem is still solved by downloading from the image server and then changing the name with the docker tag command.

The official image address is: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

I found the address of an image: mirrorgooglecontainers (download command: docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1)

The next step is to change the name

Docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

Then, after you have the image, turn on the pod of dashboard. There are various versions of yaml files on the Internet, and the most reliable ones I try are the following files. Name it kubernetes-dashboard.yaml.

Kind: ServiceapiVersion: v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-systemspec: type: NodePort ports:-port: 443 targetPort: 8443 nodePort: 30001 selector: k8s-app: kubernetes-dashboard

Among them, 30001 can be changed to the port you want within the range of K8s. This port is used on physical machines rather than pod networks. Clusters that are not K8s clusters can be accessed through this port (after all, they are accessed by browsers. I didn't change the port at first, but I didn't realize that port 30001 had been occupied by other services, so the yaml file didn't make any difference when it was run. I chose a 30012 port here.

Use this file to install dashboard

Kubectl create-f kubernetes-dashboard.yaml

The next step is to log in with a browser, and first find out which node dashboard is running on.

Kubectl get pods-- all-namespaces-o wide | grep dashboard | awk'{print $8}'

Then access the node node in the browser. Add https://: to the URL. The browser I use is chrome, which immediately displays the "Certificate is not trusted" page, and there is no continuation option in the advanced options, so you can't access it. I checked the solution to this problem on the Internet, because the certificate expired (the certificate issued on January 3, 2001, expired for 2000 + years), and only firefox can add the exception. The real solution is to replace the certificate. The best way to find it online is as follows.

Mkdir key & & cd keyopenssl genrsa-out dashboard.key 2048 openssl req-new-out dashboard.csr-key dashboard.key-subj'/ CN=172.19.0.48'openssl x509-req-in dashboard.csr-signkey dashboard.key-out dashboard.crt kubectl delete secret kubernetes-dashboard-certs-n kube-systemkubectl create secret generic kubernetes-dashboard-certs-- from-file=dashboard.key-- from-file=dashboard.crt-n kube-system # New Certificate kubectl delete pod kubernetes-dashboard-746dfd476-b2r5f-n kube-system # restart service

Some of them should be changed according to the actual situation, for example, the IP address of the third sentence should be changed to node node, and the name of pod should be changed when the last sentence is deleted. The command to get is

Kubectl get pods-- all-namespaces-o wide | grep dashboard | awk'{print $2}'

Then you can skip the certificate trust issue in the browser. The next problem is the login interface, there are two ways to log in, I think token is a little more convenient. There are also experts on the Internet who have summed up the methods of obtaining token commands.

Kubectl-n kube-system describe $(kubectl-n kube-system get secret-n kube-system-o name | grep namespace) | grep token

Copy the acquired token to the browser interface and log in to dashboard.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.