参考文章:https://www.jianshu.com/p/f7ebd54ed0d1
1.默认情况下不会部署 Dashboard,可以通过以下命令部署:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
2.查看namespace(命名空间)的service(服务)
# kubectl get namespace
NAME STATUS AGE
default Active 74d
kube-node-lease Active 74d
kube-public Active 74d
kube-system Active 74d
kubernetes-dashboard Active 5m14s
3.查看service
# kubectl get service -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.96.75.119 8000/TCP 11m
kubernetes-dashboard ClusterIP 10.96.145.225 443/TCP 11m
4.查看deployment
# kubectl get deployment -n kubernetes-dashboard -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
dashboard-metrics-scraper 1/1 1 1 12m dashboard-metrics-scraper kubernetesui/metrics-scraper:v1.0.1 k8s-app=dashboard-metrics-scraper
kubernetes-dashboard 1/1 1 1 12m kubernetes-dashboard kubernetesui/dashboard:v2.0.0-beta4 k8s-app=kubernetes-dashboard
5.查看pod
# kubectl get pod -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-566cddb686-swrnt 1/1 Running 0 13m 10.244.1.151 computer
kubernetes-dashboard-7b5bf5d559-fgf6t 1/1 Running 0 13m 10.244.1.152 computer
6.把ClusterIP类型改为NodePort类型
# kubectl edit service -n kubernetes-dashboard kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2020-03-08T08:26:04Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "1565064"
selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
uid: d08e47e2-613c-401a-bd11-3c6c4e18cc73
spec:
clusterIP: 10.96.145.225
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort #把ClusterIP改为NodePort
status:
loadBalancer: {}
# kubectl get service -n kubernetes-dashboard -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.96.75.119 8000/TCP 22m k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.96.145.225 443:32649/TCP 22m k8s-app=kubernetes-dashboard
7.用浏览器查看,发现需要https请求,Chrom(谷歌浏览器用不了),Firefox(用火狐浏览器就行)
8.为Dashboard默认用户赋予admin(管理)权限
#创建一个admin用户
# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
serviceaccount/dashboard-admin created
#admin用户绑定集群
# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/dashboard-admin 1 20m
serviceaccount/default 1 65m
serviceaccount/kubernetes-dashboard 1 65m
NAME TYPE DATA AGE
secret/dashboard-admin-token-vbxnp kubernetes.io/service-account-token 3 20m
secret/default-token-4cpb9 kubernetes.io/service-account-token 3 65m
secret/kubernetes-dashboard-certs Opaque 0 65m
secret/kubernetes-dashboard-csrf Opaque 1 65m
secret/kubernetes-dashboard-key-holder Opaque 2 65m
secret/kubernetes-dashboard-token-nfq6n kubernetes.io/service-account-token 3 65m
# kubectl describe secrets dashboard-admin-token-vbxnp -n kubernetes-dashboard
Name: dashboard-admin-token-vbxnp
Namespace: kubernetes-dashboard
Labels:
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7ff0b669-f3b3-4f9b-93f8-47a0334f3c51
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImtCLUc2a3RwLTVmN3RmZHQ3ZGFoZzVvMXQ4TmZIV1h4V3NPZ1NBS3E1WFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdmJ4bnAiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2ZmMGI2NjktZjNiMy00ZjliLTkzZjgtNDdhMDMzNGYzYzUxIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.Hu9N0tiwZQJHID6IW75krjUYtK89Wu6Mb1muT7HWPwvsuFA3T6lC82fvK7fXr8jbPoTvzYZyqZDK6adxj1U2CZ-B4_gEa4tE1fi5AnasOvhd-7_X5i393IHx8Cl5O8dAX-z_0bYDsPSxaAbQ1dQp-dbiIHrosYayO8wwTSC702ghrlsqgrArOzAXNrt6CW-1MYRbUIJWHDA18LegGMFd4m-zQMGfUhNqCT7mJEhZhLTA3hHmFUa7G6nnWbGxjsK4k5G8EbQLwywAuu052b6AlVluWv7svwJLugEQzCnsg5eV1hp-RmyoJApIX392AXLLdolawt-bODjhaUa9GCGCHA
9.在浏览器输入Token值