一、下载kubernetes dashboard配置文件recommended.yaml
查看dashboard的github仓库:https://github.com/kubernetes/dashboard
根据服务器安装的kubernetes版本选择对应的dashboard版本,如果版本不对应的话,可能会发生各种问题。
如果是科学上网的话可以直接apply
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
否则,在国内默认情况下,需要先下载配置文件,
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
然后修改镜像地址,如下说明:
image: kubernetesui/dashboard:v2.4.0
改成
image: registry.aliyuncs.com/google_containers/dashboard:v2.4.0
image: kubernetesui/metrics-scraper:v1.0.7
改成
image: registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
二、执行安装
kubectl apply -f recommended.yaml
查看Pod和服务状态: kubectl get pod,service -n kubernetes-dashboard
由于默认安装的kubernetes-dashboard是ClusterIP类型的,不方便直接通过浏览器访问,因此需要调整为NodePort类型的。
删除kubernetes dashboard服务
kubectl delete service kubernetes-dashboard --namespace=kubernetes-dashboard
创建dashboard-service.yml,内容如下:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
执行创建: kubectl apply -f dashboard-service.yml
查看状态:kubectl get service -n kubernetes-dashboard
从上面service的端口映射关系可以得知,对外映射的端口为32612,因此我们可以通过浏览器访问:
https://192.168.253.100:32612/
https://192.168.253.101:32612/
https://192.168.253.102:32612/
以上三个地址任意一个都是正常访问。
三、创建kubernetes dashboard访问Token
创建dashboard-account.yml文件,内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
执行账号的创建: kubectl apply -f dashboard-account.yml
获取token:
kubectl get secret -n kube-system |grep admin|awk ‘{print $1}’
kubectl describe secret dashboard-admin-token-2557b -n kube-system|grep ‘^token’|awk ‘{print $2}’
打印输出的字符串即为token
eyJhbGciOiJSUzI1NiIsImtpZCI6ImpDOFZNUGh0ejg0WWdLOUt4UTNNclM4NTQ2RlhwUWxBVXI4SV9fM012SmcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tMjU1N2IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYWE0MThlOTAtOGNhNC00ZWY1LTlmZDEtYmE3ZDgxMTRlMzY0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.X-d1ItdTi0As-7r-9kaseFq_LXNf1q5cXpdce_hlGnb5x5y1glMiSDoen4WXLz42-0Yo5XqAf4M_74We9UjgZkHm2gnrfuLypuH3L1CQr_goqn3S7Q6TS2zI0o8Y7D4zcMFatUKmhAIvLTB3KjF7YvYQyNakR1DV0TnA9IO74wqb-2qdZfTn0D_tnnXXvcTzaVROKKgDC-VL2Q0WKWF4uX72UB24Yo_VyWon18QvVWTsJ5LYVpK1ajucDLEdxf9oefjiiXqWjOt0d9rEmv59HVNnlaRPjn44GE9XeME6AOHHQKSj7bLz8IHG9VS9tHGw2HiensbeLMI6Q2R52LP9zg
打开浏览器输出dashboard访问地址
录入生成的token,点击【登录】按钮即可。