Kubernetes-v1.17集群安装dashboard

文章目录

  • 环境说明
  • 下载官方yaml文件
  • 编辑文件
    • 修改接口
  • 下载镜像和启动
  • 浏览器访问
    • 火狐浏览器
      • 默认用户
      • 新增管理员用户
    • 谷歌浏览器
  • 参考

环境说明

软件 版本
centos 7.4-1708
docker 18.03.0-ce
kubernetes 1.17.0

下载官方yaml文件

最新的配置文件v2.0.0-beta8版本recommended.yaml

官方UI文档

[root@master k8syaml]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
--2020-01-07 14:39:38--  https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.64.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.128.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7568 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’

100%[====================================================================================================================================================================================================================================>] 7,568       3.02KB/s   in 2.4s   

2020-01-07 14:46:03 (3.02 KB/s) - ‘recommended.yaml’ saved [7568/7568]

编辑文件

修改接口

原文件内容

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

修改为

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort #新增
  ports:
    - port: 443
      nodePort: 30001 #新增
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

原文件内容

spec:
  containers:
    - name: kubernetes-dashboard
      image: kubernetesui/dashboard:v2.0.0-beta8
      imagePullPolicy: Always
      ports:
        - containerPort: 8443
          protocol: TCP

修改为

spec:
  # nodeName: master.node 指定到master节点,指不指定根据需要
  containers:
    - name: kubernetes-dashboard
      image: kubernetesui/dashboard:v2.0.0-beta8
      # imagePullPolicy: Always
      imagePullPolicy: IfNotPresent #不存在再下载
      ports:
        - containerPort: 8443
          protocol: TCP

下载镜像和启动

在master节点执行

[root@master k8syaml]# docker pull kubernetesui/dashboard:v2.0.0-beta8
v2.0.0-beta8: Pulling from kubernetesui/dashboard
5cd0d71945f0: Pull complete 
Digest: sha256:fc90baec4fb62b809051a3227e71266c0427240685139bbd5673282715924ea7
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0-beta8
[root@master k8syaml]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看pod和service状态

[root@master k8syaml]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME                                             READY   STATUS    RESTARTS   AGE    IP           NODE           NOMINATED NODE   READINESS GATES
pod/dashboard-metrics-scraper-76585494d8-gbkzp   1/1     Running   0          2m9s   10.200.2.4   worker2.node   <none>           <none>
pod/kubernetes-dashboard-5f698b69fb-dxv8z        1/1     Running   0          2m9s   10.200.0.5   master.node    <none>           <none>

NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE    SELECTOR
service/dashboard-metrics-scraper   ClusterIP   10.96.98.114   <none>        8000/TCP        2m9s   k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard        NodePort    10.96.97.104   <none>        443:30001/TCP   2m9s   k8s-app=kubernetes-dashboard

浏览器访问

浏览器上输入master节点https://IP:30001

火狐浏览器

firefox在接受风险并继续之后,可以打开界面
Kubernetes-v1.17集群安装dashboard_第1张图片

默认用户

选择用默认用户kubernetes-dashboard的token登陆
查看serviceaccount和secrets

[root@master k8syaml]# kubectl  get sa,secrets -n kubernetes-dashboard
NAME                                  SECRETS   AGE
serviceaccount/default                1         25m
serviceaccount/kubernetes-dashboard   1         25m

NAME                                      TYPE                                  DATA   AGE
secret/default-token-rf26t                kubernetes.io/service-account-token   3      25m
secret/kubernetes-dashboard-certs         Opaque                                0      25m
secret/kubernetes-dashboard-csrf          Opaque                                1      25m
secret/kubernetes-dashboard-key-holder    Opaque                                2      25m
secret/kubernetes-dashboard-token-ls8l4   kubernetes.io/service-account-token   3      25m

查看token

[root@master k8syaml]# kubectl describe secrets kubernetes-dashboard-token-ls8l4 -n kubernetes-dashboard
Name:         kubernetes-dashboard-token-ls8l4
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: ec58717f-ae47-4bfb-bff3-ffb677e73f2f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sczhsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVjNTg3MTdmLWFlNDctNGJmYi1iZmYzLWZmYjY3N2U3M2YyZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.K-_hKDZfnjgHAK4b_a3Umm9deFtLJzI0pAown0vyNa8Gofx8pcyUkfT0IDMrkxnPLONbTUjom433WmR6e8TP0DlE0YKc_UgkhIY-viHEqdngrYujmJRC6thduITo5ysLoh6tI2h7XcgDoGfoWoUhJOl_SecoV45BpuEXF8xhxacXerHMSWKfaSCtI36gGkmz3yU6ds1MgabG2PTkU0yDEIgqm0YLoucM66Hp_4eL2M0mtbhDKsqERZhC67A2d13jRBwMmRCtk-8ogry1qf1iCXWcaZy2TV6Sj8Az3_0NDm6IqdEEHEMp0_eEDJDgCf9a6ZG0Dm4PK8vtoFX7LrW5GQ

或者

[root@master k8syaml]# kubectl describe secrets  $(kubectl  get secrets -n kubernetes-dashboard | awk  '/kubernetes-dashboard-token/{print $1}' ) -n kubernetes-dashboard |sed -n '/token:.*/p'
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sczhsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVjNTg3MTdmLWFlNDctNGJmYi1iZmYzLWZmYjY3N2U3M2YyZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.K-_hKDZfnjgHAK4b_a3Umm9deFtLJzI0pAown0vyNa8Gofx8pcyUkfT0IDMrkxnPLONbTUjom433WmR6e8TP0DlE0YKc_UgkhIY-viHEqdngrYujmJRC6thduITo5ysLoh6tI2h7XcgDoGfoWoUhJOl_SecoV45BpuEXF8xhxacXerHMSWKfaSCtI36gGkmz3yU6ds1MgabG2PTkU0yDEIgqm0YLoucM66Hp_4eL2M0mtbhDKsqERZhC67A2d13jRBwMmRCtk-8ogry1qf1iCXWcaZy2TV6Sj8Az3_0NDm6IqdEEHEMp0_eEDJDgCf9a6ZG0Dm4PK8vtoFX7LrW5GQ

用上面得到的token登陆之后,界面上数据显示不出来
并提示权限不足
Kubernetes-v1.17集群安装dashboard_第2张图片

新增管理员用户

新建一个create-admin.yaml
填入以下内容

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

保存退出,并执行

[root@master k8syaml]# kubectl apply -f create-admin.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

查看sa和secret

[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME                                  SECRETS   AGE
serviceaccount/admin-user             1         64s
serviceaccount/default                1         42m
serviceaccount/kubernetes-dashboard   1         42m

NAME                                      TYPE                                  DATA   AGE
secret/admin-user-token-t79xh             kubernetes.io/service-account-token   3      64s
secret/default-token-rf26t                kubernetes.io/service-account-token   3      42m
secret/kubernetes-dashboard-certs         Opaque                                0      42m
secret/kubernetes-dashboard-csrf          Opaque                                1      42m
secret/kubernetes-dashboard-key-holder    Opaque                                2      42m
secret/kubernetes-dashboard-token-ls8l4   kubernetes.io/service-account-token   3      42m
[root@master k8syaml]# kubectl describe secret admin-user-token-t79xh -n kubernetes-dashboard
Name:         admin-user-token-t79xh
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 0723ea98-f2e7-47ce-a954-eb99013dda47

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXQ3OXhoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNzIzZWE5OC1mMmU3LTQ3Y2UtYTk1NC1lYjk5MDEzZGRhNDciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.aaQgyqDJ217d4sxv0uPL6lSVntQmq3NLM2g5w3newhj4rBkXW1RGmKJQtuqSEx4CeGlbPknl1nsFrG4Z0WOSa2ZHj8zDI1YXaxNmpuOPYC94TMYpfK1p1tSVXYJhrnPggQmsa-O7m3S7cNkPgFtpS_GMgGqdh6zWTzQVQyvMHrWcczCe3kW4XJzU7F-v8uEzD5m7Kn7iivV9L4PMqtOb7_qeeDzuMLmAnmJREDyiE7lumc_ZfdoDdHS6jbmv_J4yFf0YWu_lqXbM1mLFdfTVjVcsIuGqGwXM2YZ7nnuIrZwNTiXoJcL4rK8sBvbgfrgIt-iqA3VlcbYYqLiNeTxLNQ

或者用下面这种方法

# 创建serviceaccount
[root@master k8syaml]# kubectl create serviceaccount admin-myuser -n kubernetes-dashboard
serviceaccount/admin-myuser created
# sa绑定集群管理员
[root@master k8syaml]# kubectl create clusterrolebinding  dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-myuser
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME                                  SECRETS   AGE
serviceaccount/admin-myuser           1         84s
serviceaccount/default                1         58m
serviceaccount/kubernetes-dashboard   1         58m

NAME                                      TYPE                                  DATA   AGE
secret/admin-myuser-token-275f9           kubernetes.io/service-account-token   3      87s
secret/default-token-rf26t                kubernetes.io/service-account-token   3      58m
secret/kubernetes-dashboard-certs         Opaque                                0      58m
secret/kubernetes-dashboard-csrf          Opaque                                1      58m
secret/kubernetes-dashboard-key-holder    Opaque                                2      58m
secret/kubernetes-dashboard-token-ls8l4   kubernetes.io/service-account-token   3      58m

查看token

[root@master k8syaml]# kubectl describe secret admin-myuser-token-275f9 -n kubernetes-dashboard
Name:         admin-myuser-token-275f9
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-myuser
              kubernetes.io/service-account.uid: bfcb1bdc-4740-4c3a-9e36-2602842b96a7

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi1teXVzZXItdG9rZW4tMjc1ZjkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYWRtaW4tbXl1c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmZjYjFiZGMtNDc0MC00YzNhLTllMzYtMjYwMjg0MmI5NmE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLW15dXNlciJ9.ysqLRFHBXOPOZjLDbn8Vd02hvhPnS7Tt4XhQRscXBTY7D8b57R2Lz7AR-uF6k7hP5cU15we7bVXMVjGelezFpblLMxiB0EM0w6HN82yucPZRGFW4S8SPN2Mz6CoIYBHT72wwSvgKXtNqnhezG1RaQ-R4dPrZBVKVNBNIqBaHbmD8wOq-GJQ49FOdLMQZ1Rj_UCALoJlxLPC5xlQGrtQQHzgbx4bbwqaswG_wN-uIUp8Q-5re1be1E9qpior4f6gwGYJLG2-kfcum3aBEC7AK9tqLhcOuEEnFY73HMUfS2ha-vrEXEDIs5T72YQ7JFr2njJMvBw9fK-HZfi2CyWkQrQ

使用上述两种方法任一均可,拿到token后重新登陆,可正常显示数据了
Kubernetes-v1.17集群安装dashboard_第3张图片

谷歌浏览器

仅做上述修改无法打开,显示以下信息

10.XX.XX.52 通常会使用加密技术来保护您的信息。Google Chrome 此次尝试连接到 10.XX.XX.52 时,此网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 10.XX.XX.52,或 Wi-Fi
登录屏幕中断了此次连接。请放心,您的信息仍然是安全的,因为 Google Chrome 尚未进行任何数据交换便停止了连接。

您目前无法访问 10.XX.XX.52,因为此网站发送了 Google Chrome
无法处理的杂乱凭据。网络错误和攻击通常是暂时的,因此,此网页稍后可能会恢复正常。

先把之前启动的资源全部删除掉

[root@master k8syaml]# kubectl delete -f recommended.yaml 
namespace "kubernetes-dashboard" deleted
serviceaccount "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted
secret "kubernetes-dashboard-certs" deleted
secret "kubernetes-dashboard-csrf" deleted
secret "kubernetes-dashboard-key-holder" deleted
configmap "kubernetes-dashboard-settings" deleted
role.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
clusterrole.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
deployment.apps "kubernetes-dashboard" deleted
service "dashboard-metrics-scraper" deleted
deployment.apps "dashboard-metrics-scraper" deleted

需要额外修改recommended.yaml
以下内容全部注释掉

# apiVersion: v1
# kind: Secret
# metadata:
#   labels:
#     k8s-app: kubernetes-dashboard
#   name: kubernetes-dashboard-certs
#   namespace: kubernetes-dashboard
# type: Opaque

自己生成kubernetes-dashboard-certs
新建一个目录并进入

# 生成 key
[root@master create_cert]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
............................+++
.+++
e is 65537 (0x10001)
[root@master create_cert]# ll
total 4
-rw-r--r-- 1 root root 1675 Jan  7 17:31 dashboard.key
[root@master create_cert]# openssl req -days 36000   -new -out dashboard.csr    -key dashboard.key   -subj '/CN=**10.180.249.52**'
[root@master create_cert]# ll
total 8
-rw-r--r-- 1 root root  903 Jan  7 17:32 dashboard.csr
-rw-r--r-- 1 root root 1675 Jan  7 17:31 dashboard.key
# 生成自签证书
[root@master create_cert]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=**10.180.249.52**
Getting Private key
[root@master create_cert]# ll
total 12
-rw-r--r-- 1 root root  997 Jan  7 17:32 dashboard.crt
-rw-r--r-- 1 root root  903 Jan  7 17:32 dashboard.csr
-rw-r--r-- 1 root root 1675 Jan  7 17:31 dashboard.key
# 使用自签证书创建secret
[root@master create_cert]# kubectl create secret generic kubernetes-dashboard-certs     --from-file=dashboard.key     --from-file=dashboard.crt      -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created

再次启动应用

[root@master k8syaml]# kubectl apply -f recommended.yaml 
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

稍等片刻查看pod和service信息

[root@master create_cert]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME                                             READY   STATUS    RESTARTS   AGE     IP           NODE           NOMINATED NODE   READINESS GATES
pod/dashboard-metrics-scraper-76585494d8-mq62z   1/1     Running   0          6m15s   10.200.1.4   worker1.node   <none>           <none>
pod/kubernetes-dashboard-5f698b69fb-44vxj        1/1     Running   0          6m15s   10.200.0.6   master.node    <none>           <none>

NAME                                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE     SELECTOR
service/dashboard-metrics-scraper   ClusterIP   10.96.183.245   <none>        8000/TCP        6m15s   k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard        NodePort    10.96.106.179   <none>        443:30001/TCP   6m15s   k8s-app=kubernetes-dashboard

查看sa和secret信息

[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME                                  SECRETS   AGE
serviceaccount/default                1         19m
serviceaccount/kubernetes-dashboard   1         19m

NAME                                      TYPE                                  DATA   AGE
secret/default-token-kjrs9                kubernetes.io/service-account-token   3      19m
secret/kubernetes-dashboard-certs         Opaque                                2      14m
secret/kubernetes-dashboard-csrf          Opaque                                1      19m
secret/kubernetes-dashboard-key-holder    Opaque                                2      19m
secret/kubernetes-dashboard-token-bhcxb   kubernetes.io/service-account-token   3      19m

在浏览器上打开https://IP:30001,可以正常打开,选择高级-继续前往即可打开登陆页面
Kubernetes-v1.17集群安装dashboard_第4张图片
正常使用仍然需要新建管理员用户,参考火狐部分。

参考

  • https://www.jianshu.com/p/f7ebd54ed0d1
  • https://www.cnblogs.com/tianleblog/p/12157499.html

你可能感兴趣的:(Kubernetes,kubernetes,docker,centos,linux,大数据)