注意:本文k8s的版本,使用的是V1.16.2
-
dashboard版本应安装与k8s对应的版本
对应关系详见:https://github.com/kubernetes/dashboard/releases -
获取yaml文件
#wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml -
修改port
-
生成证书(有的用户不生成证书好像也可以,但我试了不行,所以还是老实手动生成)
#mkdir mydir-dashboard
#cd mydir-dashboard
#kubectl create namespace kubernetes-dashboard #创建命名空间
#openssl genrsa -out dashboard.key 2048
#openssl req -new -out dashboard.csr -key dashboard.key -subj ‘/CN=dashboard-cert’ #证书请求
#openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt #自签证书
#kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard #创建kubernetes-dashboard-certs对象 -
创建pod
#kubectl create -f recommended.yaml #执行这一步会提醒Already exist 错误,可忽略
#kubectl get pods -A #查看dashboard pod是否正常运行 -
创建账号
#vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
#kubectl create -f dashboard-admin.yaml
- 为用户分配权限
#vim dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
#kubectl create -f dashboard-admin-bind-cluster-role.yaml
- 查看token,用于网页登录时使用(选择token登录)
#kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
- 打开网页 https://172.1.32.64:31000,选择token登录,将第8步中的token秘钥复制到登录网页
如果第8步骤出现多个秘钥,那么选择第6步骤命名的账号,这里是dashboard-admin
- 进入主页面,如果没有为用户分配权限,那么页面右上角会出现很多警告,也看到pods等信息
- 此时还不能展示nodes的cpu和memory信息等,必须安装完metrics-server才会展示
安装步骤参考 k8s—扩容/缩容