1安装
[root@k8s-master01 ~]#cd /root/k8s-ha-install/dashboard/ [root@k8s-master01 ~/k8s-ha-install/dashboard]#kubectl create -f .
2谷歌浏览器访问前的设置
在谷歌浏览器启动文件中加入启动参数,用于解决无法访问Dashboard的问题,操作步骤:
右击谷歌浏览器--选择属性--在目标一栏的路路径后面追加: --test-type --ignore-certificate-errors
3查看dashboard端口号:
[root@k8s-master01 ~/k8s-ha-install/dashboard]#kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 192.168.223.247 <none> 8000/TCP 8m4s kubernetes-dashboard NodePort 192.168.202.76 <none> 443:32081/TCP 8m4s
5查看管理员Token:
[root@k8s-master01 ~/k8s-ha-install/dashboard]#kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-fgvzb Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 7fd27882-08ec-484b-a159-11a48a6ff624 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6InFJS2xDc1MtUUo1TXl0bXJOR0lnZ1pIRW5YUENtaU9lTzdaUmJMNjlVd3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWZndnpiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3ZmQyNzg4Mi0wOGVjLTQ4NGItYTE1OS0xMWE0OGE2ZmY2MjQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.CkD-eq-NO_aMuJXp6wkgqStuxtR6gzS5n4MTqUuD7me84D8Jj0woByn-2qWrPccwiqVRx8Eu8fGN0QMm8FhoZC3FBSkZ3JVhxCui3qYjQfClNsjqzJ6xsK7mPne9qGJPmXEtFpZlU28cj84wZtMvqmL523Dih46TCCtAmFTBJ1J5PUiyexdSBCUQdnFl_J04dRetaRkfZNKODRdxvdhfA3lvWm0TjhmLaux0J2BJP4pMdVP8QS_LJql_ip2rImpjcqvDuQthym0MhD3ShK0TqpRFlGO3Ig8K2UmokWdjzJXFEM4zAZgwjW6mOhzQr5-g_1EgwsDNeDeKkwNVfYRYAg 您在 /var/spool/mail/root 中有新邮件 [root@k8s-master01 ~/k8s-ha-install/dashboard]#
6随便找一个node节点的ip地址+上面查出来的端口进行访问测试:
用上面获取的token进行登录
https://10.0.0.204:32081/#/login
7【必看】一些必须的配置更改:
将Kube-proxy改为ipvs模式,因为在初始化集群的时候注释了ipvs配置,所以需要自行修改一下
在master01节点执行
#编辑
[root@k8s-master01 ~/k8s-ha-install/dashboard]#kubectl edit cm kube-proxy -n kube-system mode: "ipvs"
#更新Kube-Proxy的Pod
[root@k8s-master01 ~/k8s-ha-install/dashboard]#kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" -n kube-system
daemonset.apps/kube-proxy patched
8查看模式是否更改成功
[root@k8s-master01 ~/k8s-ha-install/dashboard]#curl 127.0.0.1:10249/proxyMode ipvs
9注意事项:
kubeadm安装的集群,证书有效期是一年,master节点的kube-apiserver, kube-scheduler, kube-controller-manager, etcd都是以容器运行的,可通过
kubectl get pod -n kube-system查看
启动和二进制不同的是:
kubectl的配置文件在/etc/sysconfig/kubelet和、var/lib/kubelet/config.yaml里,配置文件修改后需要重构其kubelet
其它组件的配置文件在/etc/kubernetes/manifests目录下,比如kube-apiserver.yaml,改yanl文件更改后,kubelet会自动刷新配置,也就是会自动重启pod
kube-proxy的配置在 kube-system命名空间下的configmap中,可通过kubectl edit cm kube-proxy -n kube-system进行更改,更改完成后,可通过patch重启kube-proxy
kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" -n kube-system
Kubeadm安装后,默认master节点默认不允许部署pod,可通过以下方式删除污点
#查看污点 [root@k8s-master01 ~]#kubectl describe node -l node-role.kubernetes.io/master= |grep Taints Taints: node-role.kubernetes.io/master:NoSchedule Taints: node-role.kubernetes.io/master:NoSchedule #删除某一个污点 [root@k8s-master01 ~]#kubectl taint node k8s-master02 node-role.kubernetes.io/master:NoSchedule- node/k8s-master02 untainted
删除节点的名称不是宿主机的名称,而是node节点的名称:
[root@k8s-master01 ~]#kubectl get node NAME STATUS ROLES AGE VERSION k8s-master01 Ready control-plane,master 6h2m v1.23.4 k8s-master02 Ready control-plane,master 5h10m v1.23.4 k8s-master03 Ready <none> 3h41m v1.23.4 k8s-node1 Ready <none> 4h38m v1.23.4 k8s-node2 Ready <none> 4h38m v1.23.4 [root@k8s-master01 ~]#