kubenetes github :https://github.com/kubernetes/dashboard/releases
kubenetes官网:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
查看版本k8s版本:
# kubelet --version
Kubernetes v1.16.0
注意kubernetes-dashboard的版本一定要跟kubernetes版本对应,在https://github.com/kubernetes/dashboard/releases中可以产看,例如:
然后根据提示下载yaml,也可直接使用线上的yaml,建议使用前者,因为这样我们可以手动更改nodePort:
yaml修改的地方:
token过期时间:
运行https://192.168.10.11:31001,我使用火狐浏览器打开的,谷歌貌似有问题:
Dashboard 支持 Kubeconfig 和 Token 两种认证方式,我们这里选择Token认证方式登录:
创建登录用户
官方参考文档:
https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
创建dashboard-adminuser.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl apply -f dashboard-adminuser.yaml
说明:上面创建了一个叫admin-user的服务账号,并放在kube-system命名空间下,并将cluster-admin角色绑定到admin-user账户,这样admin-user账户就有了管理员的权限。默认情况下,kubeadm创建集群时已经创建了cluster-admin角色,我们直接绑定即可。
查看token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-d7bgx
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 58baa633-d91b-42ec-bbf7-5b00decb460f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjUxVmNGXzdNV01PLXN6TlpsSVB6ZVdIbmxGY1hJbWdlNWlocTNET1VFUmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWQ3Ymd4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1OGJhYTYzMy1kOTFiLTQyZWMtYmJmNy01YjAwZGVjYjQ2MGYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.MAUlpNfW6d0qUhUAUPG45qBi4CDcQvIU-wThaWo-Uy6C0h-hDOG2igf8raukPL2NhHepFGQizEBaNR5XL_MoS_-DOtUZZZLTmm6teoNGGFOOXr90QfZtPp0HbVLUAf2L1LiNtk1isBxgrRoqHOZ3LTLbTdpN2CJYSmvxBRaFxQrRn9Yo4m8kQI-hFqqMhV9eiBOc5DqJt1hqU_drZOHPU3Y1P_osPRIMe6UUwslc96wj3Vnu9m42S1rmPwZxGY18iifxgLqyKNjfgU9BfGt7gj_GSJkZ0TT5oa5DApedUy4Z3PGOvIBp3YYPZO52JwhCIc8L0ZTH1wnHdYPvwPHAMg
输入token后登录效果:
除了以上的访问方式还有几种方式:
参考:https://blog.csdn.net/networken/article/details/85607593
有以下几种方式访问dashboard:
Nodport方式访问dashboard,service类型改为NodePort
loadbalacer方式,service类型改为loadbalacer
Ingress方式访问dashboard
API server方式访问 dashboard
kubectl proxy方式访问dashboard