kubernetes部署Dashboard(可通过域名外网访问)_kubernetes dashboard 外部访问-CSDN博客
Excerpt
文章浏览阅读3.7k次。在kubernetes 1.22中部署Dashboard,并可以通过域名在外网访问_kubernetes dashboard 外部访问
一、安装环境
- kubernetes 1.22
- Dashboard v2.2.0
二、开始安装
1、参考文章
https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
部署 Kubernetes Dashboard 2.0.0 并通过域名访问 - 简书
2、下载recommended.yaml文件并运行:
1
| wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
|
1
| kubectl apply -f recommended.yaml
|
查看运行结果:
3、创建ingress,用于外网访问:
tips:安装ingress-nginx的步骤可以参考:
kubernetes安装ingress-nginx详细步骤_vampiresuper的专栏-CSDN博客在kubernetes 1.22版本中,安装ingress-nginx的详细步骤,适合刚刚接触k8s的同学https://blog.csdn.net/vampiresuper/article/details/122036310(1)创建secret:
由于Dashboard外网域名访问需要使用https,所以需要提前为你的域名申请一个证书,在阿里云或者腾讯云有免费的1年证书,申请好证书后将文件上传到服务器,然后执行:
1
| kubectl -n kubernetes-dashboard create secret tls 定义一个自己的密码名称 --key 证书的.key文件路径 --cert 证书的.crt文件或者.pem文件路径
|
(2)创建ingress,内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
| apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/configuration-snippet: |-
proxy_ssl_server_name on;
proxy_ssl_name $host;
spec:
tls:
- hosts:
- 你自己的域名
secretName: 上一步定义的secret名称
rules:
- host: 你自己的域名,同上
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: kubernetes-dashboard
port:
number: 443
|
(3)创建一个用户:
用于使用token登陆Dashboard,内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
| apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
|
(4)查看登陆用的token,是很长的一串:
1
| kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
|
(5)在浏览器登录: