安装k8s-dashboard
基于k8s-1.22.2的版本
1.下载dashboard安装yaml
下载地址如下
https://github.com/kubernetes/kubernetes/tree/v1.22.2/cluster/addons/dashboard
2.修改yaml文件
vim dashboard.yaml
将以下代码注释掉
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# addonmanager.kubernetes.io/mode: EnsureExists
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
添加nodePort的端口
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30002 #增加的端口
selector:
k8s-app: kubernetes-dashboard
3.创建证书
创建证书存储目录:
mkdir k8s-cert
cd k8s-cert
创建私钥:
openssl genrsa -out dashboard.key 2048
创建请求证书:
openssl req -days 3600 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
证书自签:
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
创建名称空间:
kubectl create namespace kubernetes-dashboard
创建刚才注释掉的证书kubernetes-dashboard-certs
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
4.创建管理员账号
4.1创建账号
vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
保存后退出并执行一下命令
kubectl apply -f dashboard-admin.yaml
4.2账号绑定集群,获取权限。
vim dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
保存后执行以下命令:
kubectl create -f dashboard-admin-bind-cluster-role.yaml
5.安装dashboard
kubectl apply -f dashboard.yaml
6.查看dashboard 的安装情况:
[root@k8s-master dashboard]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7b4c85dd89-j4vzg 1/1 Running 1 (17h ago) 17h
kubernetes-dashboard-7fff8584c9-2dq46 1/1 Running 1 (17h ago) 17h
[root@k8s-master dashboard]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7b4c85dd89-j4vzg 1/1 Running 1 (17h ago) 17h
kubernetes-dashboard-7fff8584c9-2dq46 1/1 Running 1 (17h ago) 17h
7.查看并复制token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-4qhxb
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: dfefca26-2207-46ef-b298-3992a4c9c6bb
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkZ0YTZHaUd1M3lJTGdEMm9ZQ3doNEU3OWs3eEx0bHRQSGVrb3ktZXloTkkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNHFoeGIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZGZlZmNhMjYtMjIwNy00NmVmLWIyOTgtMzk5MmE0YzljNmJiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.HBwY6tm2V3BMTu3HiQHjYd8vG6rKVUPImp7XjcEC2-POHXJE_K7-9SZBgLcnz0BZ8HphdlcIPm421Swo6XMENAL8yD_JGwcJqoLz5yp2EyjrpQc3u8znVvLxEV_Nd4WFumfEAfbwH_vocgruOvUSs3E5ybP31u-9l6ZZo9OJS-9ebyRUdBwVLf6Zr8LGsnABzGgMDCrjGPXnAu_OQ_xiTjtxSf-Qvk9Vetn1P1rsMMfR0TjsyK6w0IAQSqVFj1Fz4qT3N1yyXb2KXeRsyuW3sVXR9RRVJVAEba4bahVCdwwhPN3XIgGduIlJLTJbn3KMzihlxhkLM76DH4B6zyIFYA
7.访问网页
- https://192.168.10.21:30002,选择输入token,输入刚才复制的密匙。
C3004DA7-EF63-4135-8563-D4FD795EEAE9.png
登录成功后的界面:
3CD2CD11-7016-4c31-BA9B-D0484E81DEA8.png
