从github复制或下载:https://github.com/kubernetes/dashboard/blob/master/aio/deploy/recommended.yaml
然后运行:
kubectl create -f addons/dashboard/recommended.yaml
耐心等待运行成功:
[root@master1 k8s-manual-files]# kubectl -n kubernetes-dashboard get po,svc
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-5ffcdcd45d-mp97p 1/1 Running 0 68s
pod/kubernetes-dashboard-66d7777546-wxjsd 1/1 Running 0 68s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.101.210.188 <none> 8000/TCP 68s
service/kubernetes-dashboard ClusterIP 10.98.70.204 <none> 443/TCP 68s
然后在浏览器中输入地址:
https://192.168.108.131:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
结果提示:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}
这就需要我们为这个服务创建一个匿名账号,anonymous-proxy-rbac.yml:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: anonymous-dashboard-proxy-role
rules:
- apiGroups:
- ""
resources:
- "services/proxy"
resourceNames:
- "https:kubernetes-dashboard:"
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: anonymous-dashboard-proxy-binding
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: anonymous-dashboard-proxy-role
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:anonymous
然后,运行:
kubectl create -f addons/dashboard/anonymous-proxy-rbac.yml
这时候刷新web页面就出现登陆界面:
这需要我们通过命令创建一个用户:
[root@master1 k8s-manual-files]# kubectl -n kubernetes-dashboard create sa dashboard
serviceaccount/dashboard created
[root@master1 k8s-manual-files]# kubectl create clusterrolebinding dashboard --clusterrole cluster-admin --serviceaccount=kubernetes-dashboard:dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashboard created
[root@master1 k8s-manual-files]# SECRET=$(kubectl -n kubernetes-dashboard get sa dashboard -o yaml | awk '/dashboard-token/ {print $3}')
[root@master1 k8s-manual-files]# kubectl -n kubernetes-dashboard describe secrets ${SECRET} | awk '/token:/{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6ImRoQ1RiWWdHdC1BT1lSMDBPUWE4cUJGeDdFZC1qdzY5U080UklKZW5aa00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtdG9rZW4tNmR0ZDIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYjJmZGU1YTUtODdmYi00YWU1LWJmM2EtZTM4ZGM2YjNhNjllIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZCJ9.jtfxCRhdxuM_mpFPpd_rkTcYItmy1LRT9UzLQ8LJwTM9fJjMjax6xl6ew_HYe7QuwcZ9JiVIbThhJeKZra2Y2tMs01zzBPGvMBpsI6544FEIfqaJtS-CmiMlEobFWSwC7n4XcWFN61GqPC1FokdOYx8vOad4oXr6gQmM_iCkcRWJzFMhjBeyxGNB7beQPumTNZFkORYKeVcPYH5c3DxWT6HlFZWN6pE_Bbds_vU0v3tX0oWFE4Ej0hlGb2AiA8B1X8ujhvpvhM9JAQvHg3H4N6oUpVrSwFN-xKd1i4Rpbf0MvU7Gis0i8wju0LTF_e3zMLU8fHB7BiT4B4zZiRANdg
我们将生成的token复制到登陆界面,登陆即可:
这里切换namespace到kube-system了。
ps: 上海疫情啥时候结束啊!