直接按以下部署會出來幾個問題
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
第一個問題是pod報以下錯誤,導致 CrashLoopBackOff
2019/10/12 08:37:25 Starting overwatch
2019/10/12 08:37:25 Using in-cluster config to connect to apiserver
2019/10/12 08:37:25 Using service account token for csrf signing
2019/10/12 08:37:26 Error while initializing connection to Kubernetes apiserver. This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service account's configuration) or the --apiserver-host param points to a server that does not exist. Reason: Get https://10.96.0.1:443/version: dial tcp 10.96.0.1:443: connect: no route to host
Refer to our FAQ and wiki pages for more information: https://github.com/kubernetes/dashboard/wiki/FAQ
要解決這個錯誤就要把Dashboard部署到Master節點,
將kubernetes-dashboard.yaml下載下來,註釋掉下面的行
# Comment the following tolerations if Dashboard must not be deployed on master
# tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
然後添加nodeName(你的Master節點)
spec:
nodeName: k8s-master
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
ports:
- containerPort: 8443
protocol: TCP
第二個問題是service使用沒有使用nodePort,不能從外部訪問,需要使用Proxy。
可以通過修改這個yaml裏的service服務,添加tyep: nodePort解決
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
第三個,請使用Firefox來訪問避免證書無效相關問題。
最後重新發布這個yaml即可,原因可能是apiserver證書權限相關,還沒搞清楚,有空查明原因再來更新Blog。
通過以下獲取隨機的nodePort(或者在yaml裏指定)
kubectl get svc --all-namespaces
獲取Token
kubectl get secret -n kube-system | grep dashboard
kubectl describe secret kubernetes-dashboard-token-7t469 -n kube-system