k8s dashboard yaml 下载
# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.8.1/src/deploy/recommended/kubernetes-dashboard.yaml # 下载https版本
# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml # 下载http版本
k8s dashboard登陆报错
persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list persistentvolumeclaims in the namespace "default"
解决
# cat kubernetes-dashboard.yaml
serviceAccountName: kubernetes-dashboard-admin
k8s在nginx中的配置
# cat nginx.conf
# k8s test proxy.
location /k8s/ {
proxy_pass https://192.168.x.xx:xxx;
rewrite ^/k8s/(.*) /$1 break; #不要忘记重定向
access_log logs/k8stest.access.log main;
}
查看服务端口
# kubectl get service --all-namespaces
使用自定义的cert
# kubectl create secret generic kubernetes-dashboard-certs --from-file=/home/k8s/certs -n kube-system # certs 是目录
查看k8s dashuboard的token
# kubectl -n kube-system get secret | grep admin
# kubectl describe -n kube-system secret/kubernetes-dashboard-admin-token-xxxxx
k8s 建立自签名
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr
openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
查看pod信息
# kubectl get pod -n default -o wide # -n namespace
创建删除文件配置
kubectl create/delete -f kube.XXX.yaml
强制删除pod
# kubectl delete pod --grace-period=0 --force -n default podxxxxx
绑定nodeport
# cat kubernetes-dashboard.yaml
spec:
type: NodePort # 使用nodeport
ports:
- port: 80
targetPort: 9090
nodePort: 31XXX
selector:
k8s-app: kubernetes-dashboard