版权声明:本文为博主原创文章,转载请注明来源,顺便点个赞呗 https://blog.csdn.net/KingBoyWorld/article/details/79889209
kubernetes 1.9 安装 dashboard
1. 下载文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
2. 修改配置文件
添加type: NodePort,暴露Dashboard服务。注意这里只添加行type: NodePort和nodePort: 30001即可,其他配置不用改,大概位置在末尾的Dashboard Service的spec中,参考如下。
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
3. 下载镜像 (每个节点)
由于网络原因,配置文件中的k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
镜像无法下载,所以需要进行以下操作提前下载好
docker pull siriuszg/kubernetes-dashboard-amd64:v1.8.3
docker tag siriuszg/kubernetes-dashboard-amd64:v1.8.3 k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
4. 安装dashboard
kubectl create -f kubernetes-dashboard.yaml
5. 授予Dashboard账户集群管理权限
编写配置文件
vim kubernetes-dashboard-admin.rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
创建账户管理
kubectl create -f kubernetes-dashboard-admin.rbac.yaml
6. 查看dashboard运行的node的IP
$ kubectl -n kube-system get pods -o wide|grep dashboard|awk '{print $7}'
172.16.136.201
这时使用上面获取的IP加上我们配置的端口就可以访问了,例如
172.16.136.201:30001
需要注意的是如果使用了ssl证书需要使用https://172.16.136.201:30001进行访问
7. 登录
页面上有两种登录方式,这时我们使用token的方式登录。token的获取方式如下。
在master节点执行
$kubectl -n kube-system get secret | grep kubernetes-dashboard-admin|awk '{print "secret/"$1}'|xargs kubectl describe -n kube-system|grep token:|awk -F : '{print $2}'|xargs echo
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi1qYm0ycCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijg5ZmFiOGFmLTNjYzEtMTFlOC1iODQ4LTAwMGMyOTQwYWRiYSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.YS-ZklZ8fbkDp3tuOxFHyhiflXtCGDY0C5C3PYU1ot7YFCGA67_vDKY55OiE36sZNGNhWEmK52Yak7SrFZ75KwyMbM7TK69SGLftFiMedsUCfuUpBPB-Fc4beaxMuWWqVcHOs892VfE6I85xhhYLv_xD6t8x2DcJ1Cl6c5UVg_GBw13cSVaSA7asMpVuSj8MdOQcBNIUaRaxY04PDvZDWIN8Cqud9yDNkueFeuqP3DN_rN0FzLGg0Lqv3Q-fm4hKcIiiVi6E9J-i_T8QCsoKE36wEWg3hJdUTmzBufew2YrbPH4f0Aezq-OeKT8-x89vQwkbj1vttiVVtluTTX53TQ
上面获取到的就是token了,复制到登录页就可以登录了
参考:https://blog.csdn.net/u012375924/article/details/78987263