方式一:
部署dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml
vim kubernetes-dashboard.yaml
#kind: Role 修改kind: ClusterRole 和 #kind: RoleBinding 修改为kind: ClusterRoleBinding 和# kind: Role kind: ClusterRole
image修改为:image: registry.cn-hangzhou.aliyuncs.com/wzz/kubernetes-dashboard-amd64:v1.10.0
type: NodePort 新增加这一条
ports:
- port: 443
默认dashboard只能本机访问,
确定以前是否开启proxy, 8001端口没有被占用,如果有执行如下:
kill -9 42039 ###kill 掉默认的 192.168.40.146:8001 用 #nohup kubectl proxy & 命令启动;这样就可以启动如下命令
然后执行下边命令启动
开启代理 - kubectl proxy --address='192.168.40.146' --accept-hosts='^*$' &
查看:kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard |grep token | awk '{print $1}')
查看token: kubectl get secret -n kube-system | grep dashboard 和 kubectl describe secret kubernetes-dashboard-admin
kube-dashboard部署后遇到错误:页面报红错误:
persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list resource "persistentvolumeclaims" in API group "" in the namespace "default"
解决方法如下:
kubectl create clusterrolebinding test:kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
方式二:
部署
下载如下三个文件:https://github.com/gjmzj/kubeasz/tree/master/manifests/dashboard
部署dashboard 主yaml配置文件
$ kubectl apply -f /etc/ansible/manifests/dashboard/kubernetes-dashboard.yaml
创建可读可写 admin Service Account
$ kubectl apply -f /etc/ansible/manifests/dashboard/admin-user-sa-rbac.yaml
创建只读 read Service Account
$ kubectl apply -f /etc/ansible/manifests/dashboard/read-user-sa-rbac.yaml
修改vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --anonymous-auth=false #增加一行,增加后不需要重启服务,自动会重启
验证
查看pod 运行状态
kubectl get pod -n kube-system | grep dashboard
kubernetes-dashboard-7c74685c48-9qdpn 1/1 Running 0 22s
查看dashboard service
kubectl get svc -n kube-system|grep dashboard
kubernetes-dashboard NodePort 10.68.219.38
查看集群服务
kubectl cluster-info|grep dashboard
kubernetes-dashboard is running at https://192.168.1.1:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
查看pod 运行日志
kubectl logs kubernetes-dashboard-7c74685c48-9qdpn -n kube-system
生成证书供本地浏览器使用:
生成client-certificate-data
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
生成client-key-data
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
生成p12
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
谷歌浏览器导入证书:
备注把上一步骤的kubecfg.p12 文件导入证书后需要重启浏览器: