k8s dashboard安装

安装

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
$ kubectl apply -f recommended.yaml

注意，版本要和k8s版本匹配，具体参考：https://github.com/kubernetes/dashboard/releases

拉镜像：

$ docker pull kubernetesui/dashboard:v2.5.1

更改为nodePort

把刚下载的 recommended.yaml 中443和8443位置所在的Service加一句，如下图：

重新启动生效：

$ kubectl apply -f recommended.yaml 

查看是否在运行

$ kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-799d786dbf-6bx5b   1/1     Running   0          18s
kubernetes-dashboard-6b6b86c4c5-7jgsk        1/1     Running   0          18s

找到所在Node节点：

$ kubectl get pods -o wide -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-799d786dbf-stdff   1/1     Running   0          15m   10.244.1.8   node01   <none>           <none>
kubernetes-dashboard-fb8648fd9-kkx47         1/1     Running   0          15m   10.244.1.7   node01   <none>           <none>

找到Service的端口：

$ kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.101.201.191   <none>        8000/TCP        32m
kubernetes-dashboard        NodePort    10.102.41.203    <none>        443:30538/TCP   32m

这里显示是node01，那么在浏览器中的地址就是：https://node01-IP:30538。

登录界面

此时，如果用chrome访问，会出现不安全的网站的提示：

此时，随便点击 chrome 空白位置，输入 thisisunsafe 即进入登录界面。

有2种认证方式，我们使用token来登录。

Token查看

找到secret名称：

$ kubectl get secret -n kubernetes-dashboard
NAME                               TYPE                                  DATA   AGE
default-token-92tvb                kubernetes.io/service-account-token   3      44m
kubernetes-dashboard-certs         Opaque                                0      44m
kubernetes-dashboard-csrf          Opaque                                1      44m
kubernetes-dashboard-key-holder    Opaque                                2      44m
kubernetes-dashboard-token-kzzcz   kubernetes.io/service-account-token   3      44m

查看 secret 的值：

$ kubectl describe secret kubernetes-dashboard-token-kzzcz -n kubernetes-dashboard
Name:         kubernetes-dashboard-token-kzzcz
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 3906dcf6-5daf-484c-abed-ef8583a8781f

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjlSYjV6YkpmeGpmTTV5cGdxWHJVYVdiQ2Q2aWV3N0F0SEJCamc5TFJTOVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1renpjeiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjM5MDZkY2Y2LTVkYWYtNDg0Yy1hYmVkLWVmODU4M2E4NzgxZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.KgDZGiiUPGeLT4QD4AH1CStOpECfHAMDqNCcnN2nrhd2koiWyoJp1yi0kUyNdLDmHA2RYW7_Dff-vRICfwDgi9V15KHLIU7VBtxFiIiHdyQ6tHH5BkV0yLnE-jW3zeXnpZ2RcFbPalVZnHA-0YybhnTy8Fxen642Lx7Lp8o_zTRL1aIrmuREJWiKiC6rZqy3mcLj7mqnQbVf7Hstx48rFa6MltHZfhEBMUL_ngd4LxNndYseFuIQWlwoX89NhabTU91TxboXPGvcdbgpp_sxp5hv0lsR1Jsdlh2FIsXOkZdLbkOEsLhDANK6Oo6aBpIYFcAMYW8FetsGz5H7Oli7nQ
ca.crt:     1099 bytes
namespace:  20 bytes

把token拷贝进去，登录即可。

错误

RBAC权限问题

虽然部署好了，但是啥都没有，过一会，报了好些个错误：

经过查询，是由于权限问题导致。需要把 kubernetes-dashboard绑定cluster-admin权限。

$ kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard

clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created

此时，刷新页面就出来了：

参考：

• kubernetes（k8s）中部署dashboard可视化面板
• 两种方法k8s安装dashboard组件
• Kubernetes Dashboard 安装配置
• k8s安装dashboard
• Kubernetes-Dashboard 在 chrome（证书不可信任）解决办法
• k8s-安装dashboard