下载
先从官网把部署Kubernetes Dashboard的yaml下载到本地。
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yamlPS:如果因为墙了,自己想办法,总之先下载下来。
部署
执行下面的命令进行Kubernetes Dashboard部署
kubectl apply -f ./recommended.yaml执行之后输出以下信息,表示已经部署成功
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created查询一下pod和service是否都已经创建
- 查询kubernetes-dashboard命名空间下全部pod
kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-64bcc67c9c-6hbv5 1/1 Running 0 4m
kubernetes-dashboard-5c8bd6b59-mm7gh 1/1 Running 0 4m- 查询kubernetes-dashboard命名空间下全部service
kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.102.13.19 <none> 8000/TCP 4m22s
kubernetes-dashboard ClusterIP 10.109.154.224 <none> 443:/TCP 4m22s可以看到service的TYPE是ClusterIP:只对集群内部可见,外部无法访问。NodePort:才可对外部可见。
因此但是443端口仍是内部才可以访问的,我们机器无法访问,因此需要将443端口映射出来。
映射端口让外部可以访问
执行一下命令,即可随机分配一个30000+的端口映射443即https端口
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard执行后,我们再执行kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.102.13.19 <none> 8000/TCP 4m22s
kubernetes-dashboard NodePort 10.109.154.224 <none> 443:31767/TCP 4m22s已经将kubernetes-dashboard的service TYPE改为了NodePort,外部端口是31767。
浏览器进入
浏览器打开:https://localhost:31767/
PS:如果Chrome/Edge提示不安全,你就在页面出,盲敲 thisisunsafe ,就可以进入。
到此为止就可以进入kubernetes-dashboard。
另一种打开方式
执行kubectl proxy
会代理出一个8001端口
浏览器打开下面这个地址也可以进入kubernetes-dashboard
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/loginToken生成
- 创建dashboard-admin用户
kubectl create serviceaccount dashboard-admin -n kube-system - 查看是否已经创建
kubectl get serviceaccount -n kube-system | grep dashboard-admin - 在集群范围将cluster-admin ClusterRole授予用户dashboard-admin
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin 手动生成token
kubectl create token -n kube-system dashboard-admineyJh****OiJSUzI1NiIsImtpZCI6InBhby1lam9JMHZGMWJPZEVpYVZ2UnZvTl9pMkF6Nlh5MlhyY3FNamNMdWcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjc3NjU3MjUzLCJpYXQiOjE2Nzc2NTM2NTMsImlzcyI6Imh0dHB****va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJ****5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkYXNoYm9hcmQt****aW4iLCJ1aWQiOiJmNWQ2MzhlOC05MmVkLTRhYjgtYjhmYS1jMWRhMzBhZWJmM2UifX0sIm5iZiI6MTY3NzY1MzY1Mywic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3l****tOmRhc2hib2FyZC1hZG1pbiJ9.IV8kbC2fh--OX8Hdofq4H2q0KSl-fEcRCQRkv2Y6GirovZSyOZzmFL-TiVRKHRScR0R6mOzX8wv7W3uEO__4LyqngnA8KMtC2khvJv14eppTjs-QIg7tSKQb1XIDrN3moIEK_n5dpuqb-B9tFJB_rginmKBDOsL0ZCtB1WQtLzek4Oo3KqPnBWxbDqb6PcZum3nJHE8PIqKr2FGDV17xmwA8T5iadT0Vj5S7qChSYOW8_kz5z1tAxHtIA4kLwChD9tRFUltzX8TX08CoLubDUhgREdsZBmnB3560ahiiRZjudky2aPvc3WH9za2lG8KQe1Zy-3YeQVvD2d3bGQ****
完成
把生成的Token放进去网页点确认就可以进去了
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。