在前两篇的基础上，我们继续基于Kubernetes搭建dashboard及应用服务。

安装kubernetes dashboard

首先还是老套路，下载依赖镜像：

docker pull gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1

docker tag gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

docker rmi gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1

• 下载kubernetes-dashboard.yaml文件:

wget [https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml](https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml)

• 修改 kubernetes-dashboard.yaml
  kubernetes的service默认的网络模型是CLUSTER-IP，也就是暴露在service的网络内，这里我们改成暴露在master机器的IP上。我们在targetPort后面添加两行，分别指定dashboard以NodePort的方式暴露在哪个端口，端口记得限制只能在31000-33000之间，这里我们选择了32001端口。

spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 32001
  type: NodePort

• 安装kubernetes dashboard

kubectl apply -f kubernetes-dashboard.yaml

• 查看dashboard运行状态

# kubectl get deployment kubernetes-dashboard -n kube-system
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1/1     1            1           25h

• 查看kube-system这个namespace下的服务运行状态：

# kubectl get services -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP   28h
kubernetes-dashboard   NodePort    10.109.142.27   <none>        443:32001/TCP            25h

• 查看端口暴露情况

# netstat -ntlp|grep 32001
tcp6       0      0 :::32001                :::*                    LISTEN      3741/kube-proxy

• 通过virtualbox暴露网络

  
  
  端口转发

• 访问dashboard
  输入: http://127.0.0.1:32001 访问dashboard：

  
  
  image.png
  
  

  至此安装完成。

创建用户

## 创建用户
# kubectl create serviceaccount  kaka -n kube-system
serviceaccount/kaka created
## 为用户授权cluster-admin角色
# kubectl create clusterrolebinding kaka --clusterrole=cluster-admin --serviceaccount=kube-system:kaka
clusterrolebinding.rbac.authorization.k8s.io/kaka created
## 查看访问Dashboard的令牌
# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/kaka/{print $1}')
Name:         kaka-token-cfk4x
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kaka
              kubernetes.io/service-account.uid: 44a30976-35b5-402c-a0dd-627432c01dc1

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJ
uZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXM
uaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrYWthLXRva2VuLWNmazR4Iiwia3ViZXJuZXR
lcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imtha2EiLCJrdWJlcm5ldGVz
LmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0NGEzMDk3Ni0zNWI1LTQwM
mMtYTBkZC02Mjc0MzJjMDFkYzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0Z
W06a2FrYSJ9.QM40KH3MsSmIZPIhdCVB744brQ-rxZoecnyG8dZ5s13WDAksf0ITrkXg-
ljHNORpszvDhJyx682i7z3ikqx2b8GKoNDHIrwuA6xVDZIJfQX3BioRoPcU_ENu-qaEQ24LlXbdy7-
hGeVpmpaBXNerjpamhgL9hMOJX2vOYSUZeW8AtR5KPIaRtThvw1ENQbI0Uj7sGJ5Wq1I7sfaKtbcEQ
LhGLToisqMGCGt8KZhnDN82f8B3DRfw3iyT5LLiQbIUH4a5lL8p5v3IK-
osIWaegnI4bqRWADrCmZglOMnjNYikL13_PGQPhFLsjQAgmoiLiZR5WFmYguoArkMjSDwb9g

将token复制粘贴到仪表板的令牌里，点击登录，进入管理页面：

dashboard主页

至此dashboard安装配置完成。