1. To download Dashboard plugin deployment YAML file from internet.
#cd /home
#mkdir k8s
#cd k8s
##官方链接https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
2. To Create certificate for dashboard
# mkdir certs
# openssl req -nodes -newkey rsa:2048 -keyout certs/dashboard.key -out certs/dashboard.csr -subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboard"
# openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt
# kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system
3.To modify the default kubernetes-dashboard.yaml file, Modify the rbac parameter, and add type: NodePort to expose Dashboard service can be accessed by outside.
# vi kubernetes-dashboard.yaml
4.To create Dashboard
# kubectl create -f kubernetes-dashboard.yaml
5.To get NodePort and access token.
# kubectl -n kube-system get secret | grep kubernetes-dashboard
# kubectl describe -n kube-system secret/kubernetes-dashboard-token-xxxxx
# kubectl get svc -n kube-system (Dashboard runs on port 32580)
6. To access the Dashboard (https://192.168.4.200:32580)
Note:
1) If you login the dashboard , you find the dashboard show error like “User "system:anonymous" cannot get at the cluster scope.”,
# vi /etc/kubernetes/manifests/kube-apiserver.yaml
添加如下参数:
--anonymous-auth=false
2) Kube-apiserver down after installing the kubernetes dashboard?
Change or add bellow parameters.(bellow is for only one master lab environment)
- --insecure-bind-address=127.0.0.1
- --insecure-port=8080
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15