Shulou(Shulou.com)06/03 Report--

Finally, after successfully deploying k8s, I plan to deploy k8s web UI: dashboard.

The main deployment methods on the web are dashboard services generated by IT using yaml files. Then all the articles are more or less problematic, either the steps are different and cannot be carried out, the content or documents are out of date, or the author thinks that some content is understood by everyone and omits some steps, but I have not been able to continue.

First of all, the problem of pulling mirrors, dashboard mirror is still in "a well-known foreign search engine" server can not be pulled down directly, so still use the method of changing the name with docker tag command after downloading from the mirror server to solve the problem.

The official mirror address is: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

I found a mirror address: mirrorgooglecontainers (download command: docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1)

Next up is the name change.

docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

After that, open the dashboard pod. There are also various versions of yaml files on the Internet. The most reliable ones I tried are the following files. Name it kubernetes-dashboard.yaml.

kind: ServiceapiVersion: v1metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-systemspec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 selector: k8s-app: kubernetes-dashboard

Among them, 30001 can be changed by itself, and changed to the port you want within the range allowed by k8s. This port applies to physical machines rather than pod networks. Clusters that are not k8s clusters can be accessed through this port (after all, they are still accessible to browsers). I have not changed the port at first, but I did not realize that port 30001 has been occupied by other services, so the yaml file does not play any role after running. I chose port 30012 here.

Use this file to install dashboard

kubectl create -f kubernetes-dashboard.yaml

The next step is to log in with a browser. First, find the dashboard running on that node.

kubectl get pods --all-namespaces -o wide | grep dashboard | awk '{print $8}'

Then visit this node in your browser. Add https://: to the URL. The browser I use is chrome, which immediately displays the "certificate untrusted" page, and there is no continue option in the advanced options, so I can't access it. The reason is that the certificate expired (0001 January 3 certificate, expired 2000+ years), only firefox can add exceptions. The real solution is to replace certificates. The best way to find it online is as follows.

mkdir key && cd keyopenssl genrsa -out dashboard.key 2048 openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.19.0.48'openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt kubectl delete secret kubernetes-dashboard-certs -n kube-systemkubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file= dashboard.crt -n kube-system #new certificate kubectl delete pod kubernetes-dashboard-746dfd476-b2r5f -n kube-system #Restart service

Some of them need to be changed according to the actual situation, for example, the IP address in the third sentence needs to be changed to node node, and the name of pod in the last sentence needs to be changed. The command obtained is

kubectl get pods --all-namespaces -o wide | grep dashboard | awk '{print $2}'

Then in the browser you can skip the certificate trust problem. The next question is the login interface, there are two ways to log in, personally feel that token is more convenient. There are also experts on the Internet who summarize the method of obtaining token commands.

kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token

Copy the token to the browser interface and you can log in to dashboard.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.