First, install the dashboard
Referring first official document: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
The official installation command as follows:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
When there are multiple nodes, when attached to a non-master node, there will be some problems. dashboard to using https connection apiServer, cause problems since the certificate dial tcp 10.96.0.1:443: i / o timeout.
The recommended.yaml download, modify some configuration:
kind: the Deployment apiVersion: Apps / V1 Metadata: Labels: K8S -app: kubernetes- Dashboard name: Kubernetes - Dashboard namespace: Kubernetes - Dashboard spec: Replicas: . 1 revisionHistoryLimit: 10 Selector: matchLabels: K8S -app: kubernetes- Dashboard Template: Metadata: Labels: K8S -app: kubernetes- Dashboard spec:
# increase nodeName, designated mounted to the main node. kubernetes-node1 master node name nodeName: kubernetes-node1 containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port
Here are some comments configuration
volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "beta.kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master #tolerations: # - key: node-role.kubernetes.io/master # effect: NoSchedule
serviceAccountName: kubernetes-dashboard nodeSelector: "beta.kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master #tolerations: # - key: node-role.kubernetes.io/master # effect: NoSchedule volumes:
Then execute
kubectl apply -f recommended.yaml
Will automatically download the corresponding Mirror, mirror if the download fails, you can go to other places to download and play tag way to install
carried out
kubectl get pods -n kubernetes-dashboard
The following represents the status Running the installation was successful.
NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-745bd6bb57-gf4vn 1/1 Running 0 15m kubernetes-dashboard-7c8ff6ddc5-v8fck 1/1 Running 1 4h3m
Second, create an account
Official Address: https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
Create a dashboard-adminuser.yaml, it reads as follows:
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard
Create a dashboard-adminuser-role-binding.yaml, reads as follows:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
And then were executed:
kubectl apply -f dashboard-adminuser.yaml
kubectl apply -f dashboard-adminuser-role-binding.yaml
Third, access
Create a token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
The results are as follows:
Name: admin-user-token-v57nw Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 0303243c-4040-4a58-8a47-849ee9ba79c1 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ
Because the certificate, we use a proxy way to access
In the master node performs:
kubectl proxy --address='0.0.0.0'
The results are as follows:
Starting to serve on [::]:8001
Since the virtual machine, the browser can not directly access, add the port mapping:
Selected token, generated above the input token access