Kubernetes 1.20.x部署dashboard
done
info
Kubernetes 版本: 1.20.0 Dashboard 版本 : v2.3.1
Dashboard v2.3.1+0.g8d9f8e76c Kubernetes 集群的通用 Web UI
检查dashboard版本与kubernetes版本兼容性: https://github.com/kubernetes/dashboard/releases
部署Dashboard
官方教程 先下载 或者 直接浏览器cp回来 kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml kubectl apply -f recommended.yaml root@k8s-master:~# vi recommended.yaml root@k8s-master:~# kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
查看dashboard运行状态
root@k8s-master:~# kubectl get pod -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-79c5968bdc-bb6td 1/1 Running 0 85s kubernetes-dashboard-658485d5c7-l2d5b 1/1 Running 0 85s root@k8s-master:~# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.96.56.143 <none> 8000/TCP 2m33s kubernetes-dashboard ClusterIP 10.96.115.118 <none> 443/TCP 2m34s
修改Dashboard
通过NodePort方式暴露端口,这里指定30001,可自定义: kubectl patch svc kubernetes-dashboard \ -n kubernetes-dashboard \ -p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30001}]}}'
登录Dashboard
浏览器访问dashboard: 注意 要先 登录用户后才能登录 先不要急 login哦 https://<NODE_IP>:30001 master ip or node1 node2 ip https://192.168.88.70:30001/ 选择token方式 创建dashboard-adminuser.yaml: cat > dashboard-adminuser.yaml << EOF apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard EOF 创建登录用户 kubectl apply -f dashboard-adminuser.yaml 说明:上面创建了一个叫admin-user的服务账号,并放在kubernetes-dashboard 命名空间下,并将cluster-admin角色绑定到admin-user账户,这样admin-user账户就有了管理员的权限。默认情况下,kubeadm创建集群时已经创建了cluster-admin角色,我们直接绑定即可。 查看admin-user账户的token kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-njt97 Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 0ab89938-bcd6-4577-a565-a562eb1a1801 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6Im9KS1I0MHFMclQ5TGgtVC10RjFTbHAyRkpNWVV4c0tyRGhUWHB1RzliemsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLW5qdDk3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwYWI4OTkzOC1iY2Q2LTQ1NzctYTU2NS1hNTYyZWIxYTE4MDEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.BVOMj_yz5TZAp4z5IEHcz-lhubObVJX0gZvqgwAjNVdAKkHqdrSac0910XtgM0Sh_ueMQwhIM-P19b5JQU-3wAX2mYP-KwGdlnH_kyLkAgeePwds5l-BU0fCA-UQxC0iugyqJ76sERfrnaVRjXwpCFGZ5ImBCSX07OLpinQtg8GDDYfADzl2gNZoQGZt_Z8tZY1O2NorwBY7viJ5RLv4-jy-YSSCSHhVr4N3Fp7EbEsBm9pTmpB0nWNJv1iigqF2Me9ZnrlUfpamiHlgiIka5gl8BD3KJsYgF8qF48KICZE1zqf1AbAH5-du0zVEu6fdcGhVWCEJzkwEM_1Se4kz8w 选择第一项 Token