k8s deployment and installation dashboard based on Centos8

Posted by anto on Mon, 04 May 2020 18:02:22 +0200

Install and deploy dashboard

1. Check pod operation

kubectl get pods -A -o wide

Download the recommended.yaml file
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
Modify the recommended.yaml file
vim recommended.yaml
kind: Service
apiVersion: v1
metadata:
 labels:
   k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard
spec:
type: NodePort
 ports:
   - port: 443
     targetPort: 8443
nodePort: 30000 × increase
 selector:
   k8s-app: kubernetes-dashboard

#Because many browsers cannot use the automatically generated certificates, we create and comment out the kubernetes dashboard certs object declaration
Modify image address
#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#  name: kubernetes-dashboard-certs
#  namespace: kubernetes-dashboard
#type: Opaque
---

kubectl apply -f recommended.yaml

Create certificate

mkdir dashboard-certs
cd dashboard-certs/

#Create namespace
kubectl create namespace kubernetes-dashboard

# Establish key file
openssl genrsa -out dashboard.key 2048

#Certificate request
openssl req  -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'

#Self signed certificate
openssl x509 -req  -days 36000  -in dashboard.csr -signkey dashboard.key -out dashboard.crt

#Create kubernetes dashboard certs object
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

Delete namespace:

[root@k8s-master dashboard-certs]# kubectl  get ns  | grep kubernetes kubernetes-dashboard   Active   10h [root@k8s-master dashboard-certs]# kubectl  delete ns kubernetes-dashboard namespace "kubernetes-dashboard" deleted [root@k8s-master dashboard-certs]# kubectl  get ns  | grep kubernetes [root@k8s-master dashboard-certs]# kubectl get pods -A -o wide

5. Install dashboard

kubectl create -f ~/recommended.yaml 
[root@k8s-master dashboard-certs]# kubectl create -f ~/recommended.yaml
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
Error from server (AlreadyExists): error when creating "/root/recommended.yaml": namespaces "kubernetes-dashboard" already exists
Error from server (AlreadyExists): error when creating "/root/recommended.yaml": secrets "kubernetes-dashboard-certs" already exists
Note: this may be reported as follows.
Error from server (AlreadyExists): error when creating "./recommended.yaml": namespaces "kubernetes-dashboard" already exists

This is because we created the certificate when we created it kubernetes-dashboard Namespace, so ignore this error message directly.


6. View the installation results


[root@k8s-master dashboard-certs]# kubectl get pods -A  -o wide
NAMESPACE              NAME                                         READY   STATUS              RESTARTS   AGE    IP                NODE         NOMINATED NODE   READINESS GATES
default                nginx-deployment-7789b77975-m85sx            1/1     Running             0          166m   10.244.2.7        k8s-node02   <none>           <none>
default                nginx-deployment-7789b77975-n5zpc            1/1     Running             0          155m   10.244.1.2        k8s-node01   <none>           <none>
kube-system            coredns-66bff467f8-4pzqn                     1/1     Running             2          20h    10.244.0.7        k8s-master   <none>           <none>
kube-system            coredns-66bff467f8-bw2b4                     1/1     Running             2          20h    10.244.0.6        k8s-master   <none>           <none>
kube-system            etcd-k8s-master                              1/1     Running             3          20h    192.168.253.167   k8s-master   <none>           <none>
kube-system            kube-apiserver-k8s-master                    1/1     Running             2          20h    192.168.253.167   k8s-master   <none>           <none>
kube-system            kube-controller-manager-k8s-master           1/1     Running             2          20h    192.168.253.167   k8s-master   <none>           <none>
kube-system            kube-flannel-ds-amd64-k92bk                  1/1     Running             9          19h    192.168.253.169   k8s-node02   <none>           <none>
kube-system            kube-flannel-ds-amd64-kf7j7                  1/1     Running             2          20h    192.168.253.167   k8s-master   <none>           <none>
kube-system            kube-flannel-ds-amd64-kmg7d                  1/1     Running             1          19h    192.168.253.168   k8s-node01   <none>           <none>
kube-system            kube-proxy-4hjbl                             1/1     Running             1          19h    192.168.253.168   k8s-node01   <none>           <none>
kube-system            kube-proxy-g2hlg                             1/1     Running             2          20h    192.168.253.167   k8s-master   <none>           <none>
kube-system            kube-proxy-kfvgx                             1/1     Running             1          19h    192.168.253.169   k8s-node02   <none>           <none>
kube-system            kube-scheduler-k8s-master                    1/1     Running             2          20h    192.168.253.167   k8s-master   <none>           <none>
kubernetes-dashboard   dashboard-metrics-scraper-6b4884c9d5-mj8qr   0/1     ContainerCreating   0          84s    <none>            k8s-node02   <none>           <none>
kubernetes-dashboard   kubernetes-dashboard-7b544877d5-72spd        0/1     ContainerCreating   0          87s    <none>            k8s-node02   <none>           <none>
[root@k8s-master dashboard-certs]# kubectl get service -n kubernetes-dashboard  -o wide
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE    SELECTOR
dashboard-metrics-scraper   NodePort    10.111.221.30    <none>        8000:30000/TCP   2m1s   k8s-app=dashboard-metrics-scraper
kubernetes-dashboard        ClusterIP   10.105.134.250   <none>        443/TCP          2m7s   k8s-app=kubernetes-dashboard

7. Create dashboard administrator

Create the dashboard-admin.yaml file.

vim dashboard-admin.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
 labels:
   k8s-app: kubernetes-dashboard
 name: dashboard-admin
 namespace: kubernetes-dashboard

After saving and exiting, execute the following command to create an administrator.

kubectl create -f ./dashboard-admin.yaml

8. Assign permissions to users

Create the dashboard-admin-bind-cluster-role.yaml file.

vim dashboard-admin-bind-cluster-role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: dashboard-admin-bind-cluster-role
 labels:
   k8s-app: kubernetes-dashboard
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: cluster-admin
subjects:
- kind: ServiceAccount
 name: dashboard-admin
 namespace: kubernetes-dashboard

kubectl create -f ./dashboard-admin-bind-cluster-role.yaml

9. View and copy user Token

Execute the following command at the command line.

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')

The specific implementation is as follows.
[root@k8s-master dashboard-certs]# kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-bind-cluster-role created

[root@k8s-master dashboard-certs]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name:         dashboard-admin-token-dpbz5
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
             kubernetes.io/service-account.uid: 00d333aa-e3fd-455d-b81d-20d7c9de136e

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Inh3RGxrbUZCakp3RHBvSkg0QkVaVnRZNEgxalFSdlZsQXZXUEh6bHlUR3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZHBiejUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDBkMzMzYWEtZTNmZC00NTVkLWI4MWQtMjBkN2M5ZGUxMzZlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.aJYmXtzuLkr1SvcoxCfisPBDFbWium6qVHL6qsLkqdRS7WYr54cQm20H6Vr1wLr-1QE3g0fENYpLv7SVVEmvXxy5MemWSmJ-gzDGhWnwvMkCnuX3kFOuJL7VLzwwNf31MuO458y8os34BKnfYc3N8Sk4SuyzRhYy3rCJ9lIGa46-bGsSMTtbzWxp1uwOvaec3cG2gmoJjzh7nInNqpNg-G3sD6q8kfiWVUeS1utfjvpw_yECSxL9yz86XgZxopdn7iCODeTYZGzQfy1qKEaHUgwuO0jLgreTPNdsq1BPh6ld2W0b2KloFOqqMJAc5BmX5npCj3fNDOS_QgoWzy4WDA
ca.crt:     1025 bytes
namespace:  20 bytes

[root@k8s-master ~]# kubectl get services --all-namespaces
NAMESPACE              NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default                kubernetes                  ClusterIP      10.96.0.1        <none>        443/TCP                  21h
default                nginx-deployment            LoadBalancer   10.102.49.213    <pending>     80:32682/TCP             3h55m
kube-system            kube-dns                    ClusterIP      10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   21h
kubernetes-dashboard   dashboard-metrics-scraper   NodePort       10.111.221.30    <none>        8000:30000/TCP           73m
kubernetes-dashboard   kubernetes-dashboard        ClusterIP      10.105.134.250   <none>        443/TCP                  74m

View the dashboard interface and open the link in the browser https://192.168.253.167:30000 , as shown below.

Here, we choose the Token mode to log in and enter the Token obtained from the command line, as shown below.

Click login to enter the dashboard, as shown below.

At this point, dashboard 2.0.0 is installed successfully.

https://www.processon.com/view/link/5ac64532e4b00dc8a02f05eb?spm=a2c4e.10696291.0.0.6ec019a4bYSFIw#map


[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS             RESTARTS   AGE
dashboard-metrics-scraper-755f66f567-vbvzc   1/1     Running            0          119m
kubernetes-dashboard-77f89d4675-48zp7        1/1     Running            0          92m
kubernetes-dashboard-77f89d4675-6r87x        0/1     CrashLoopBackOff   23         109m
kubernetes-dashboard-77f89d4675-xv6bq        0/1     CrashLoopBackOff   20         119m
[root@k8s-master ~]# kubeclt delete pod kubernetes-dashboard-77f89d4675-6r87x
-bash: kubeclt: command not found
[root@k8s-master ~]# kubectl  delete pod kubernetes-dashboard-77f89d4675-6r87x
Error from server (NotFound): pods "kubernetes-dashboard-77f89d4675-6r87x" not found
[root@k8s-master ~]# kubectl delete pod  kubernetes-dashboard-77f89d4675-6r87x -n kubernetes-dashboard
pod "kubernetes-dashboard-77f89d4675-6r87x" deleted
[root@k8s-master ~]# kubectl delete pod  kubernetes-dashboard-77f89d4675-xv6bq  -n kubernetes-dashboard
pod "kubernetes-dashboard-77f89d4675-xv6bq" deleted
[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-755f66f567-vbvzc   1/1     Running   0          124m
kubernetes-dashboard-77f89d4675-48zp7        1/1     Running   0          98m
kubernetes-dashboard-77f89d4675-s55ct        1/1     Running   1          70s
kubernetes-dashboard-77f89d4675-wbbr9        1/1     Running   0          32s



Topics: Linux Kubernetes Nginx vim DNS