$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
$ kubectl apply -f recommended.yaml
注意,版本要和k8s版本匹配,具体参考:https://github.com/kubernetes/dashboard/releases
拉镜像:
$ docker pull kubernetesui/dashboard:v2.5.1
把刚下载的 recommended.yaml 中443和8443位置所在的Service加一句,如下图:
重新启动生效:
$ kubectl apply -f recommended.yaml
$ kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-799d786dbf-6bx5b 1/1 Running 0 18s
kubernetes-dashboard-6b6b86c4c5-7jgsk 1/1 Running 0 18s
找到所在Node节点:
$ kubectl get pods -o wide -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-799d786dbf-stdff 1/1 Running 0 15m 10.244.1.8 node01 <none> <none>
kubernetes-dashboard-fb8648fd9-kkx47 1/1 Running 0 15m 10.244.1.7 node01 <none> <none>
找到Service的端口:
$ kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.101.201.191 <none> 8000/TCP 32m
kubernetes-dashboard NodePort 10.102.41.203 <none> 443:30538/TCP 32m
这里显示是node01,那么在浏览器中的地址就是:https://node01-IP:30538
。
此时,随便点击 chrome 空白位置,输入 thisisunsafe 即进入登录界面。
有2种认证方式,我们使用token来登录。
找到secret名称:
$ kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-92tvb kubernetes.io/service-account-token 3 44m
kubernetes-dashboard-certs Opaque 0 44m
kubernetes-dashboard-csrf Opaque 1 44m
kubernetes-dashboard-key-holder Opaque 2 44m
kubernetes-dashboard-token-kzzcz kubernetes.io/service-account-token 3 44m
查看 secret 的值:
$ kubectl describe secret kubernetes-dashboard-token-kzzcz -n kubernetes-dashboard
Name: kubernetes-dashboard-token-kzzcz
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 3906dcf6-5daf-484c-abed-ef8583a8781f
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjlSYjV6YkpmeGpmTTV5cGdxWHJVYVdiQ2Q2aWV3N0F0SEJCamc5TFJTOVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1renpjeiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjM5MDZkY2Y2LTVkYWYtNDg0Yy1hYmVkLWVmODU4M2E4NzgxZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.KgDZGiiUPGeLT4QD4AH1CStOpECfHAMDqNCcnN2nrhd2koiWyoJp1yi0kUyNdLDmHA2RYW7_Dff-vRICfwDgi9V15KHLIU7VBtxFiIiHdyQ6tHH5BkV0yLnE-jW3zeXnpZ2RcFbPalVZnHA-0YybhnTy8Fxen642Lx7Lp8o_zTRL1aIrmuREJWiKiC6rZqy3mcLj7mqnQbVf7Hstx48rFa6MltHZfhEBMUL_ngd4LxNndYseFuIQWlwoX89NhabTU91TxboXPGvcdbgpp_sxp5hv0lsR1Jsdlh2FIsXOkZdLbkOEsLhDANK6Oo6aBpIYFcAMYW8FetsGz5H7Oli7nQ
ca.crt: 1099 bytes
namespace: 20 bytes
经过查询,是由于权限问题导致。需要把 kubernetes-dashboard绑定cluster-admin权限。
$ kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
参考: