基础环境
拥有一个完美运行的kubernetes1.13.4集群,可参考我的部署文章创建自己的集群。
部署步骤
-
编写kubernetes-dashboard.yaml文件
# ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: docker.io/mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
-
执行命令部署dashboard
$ kubectl create -f kubernetes-dashboard.yaml # 执行下面的命令 $ kubectl get pod,svc --all-namespaces | grep dash # 出现以下状态表示部署成功 kube-system pod/kubernetes-dashboard-54d7877b75-5tdtl 1/1 Running 0 3h43m kube-system service/kubernetes-dashboard NodePort 10.101.74.157 <none> 443:31021/TCP 21h
-
创建serviceaccount 用于登陆dashboard
$ kubectl create serviceaccount dashboard-admin -n kube-system
-
创建clusterrolebinding
$ kubectl create clusterrolebinding cluster-dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
NT:以上两步也可以通过在kubernetes-dashboard.yaml文件中直接绑定。
-
查找刚刚生成的secret,获取用于登录的token
$ kubectl get secret --all-namespaces | grep dashboard kube-system dashboard-admin-token-78mnm kubernetes.io/service-account-token 3 20h kube-system kubernetes-dashboard-certs Opaque 0 21h kube-system kubernetes-dashboard-key-holder Opaque 2 21h kube-system kubernetes-dashboard-token-4mhlv kubernetes.io/service-account-token 3 21h $ kubectl describe secret dashboard-admin-token-78mnm -n kube-system Name: dashboard-admin-token-78mnm Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 63a145d9-5b8f-11e9-bf22-000c298f3d18 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNzhtbm0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjNhMTQ1ZDktNWI4Zi0xMWU5LWJmMjItMDAwYzI5OGYzZDE4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.zp5rGmtyqUqYXsHrbUPhqlS3gLcH6-L1qp31xyB5Y-z5bTcGbt_iVJoJsN5KRSnLwAm34PZF-6LiNckjuE3vJEG9i23rLve1MwevJ0uw5k6jvpAj-7q8_csVUSCE7kiF5iWtFiHpcxtC8_OUEtWsowcZxo9BaD6S5-cCY73gICbeGDUc_dsQM4Wl_mSwDNVE4l1pYy3gkl-laFbSJzzskygPElGgzj-7hU6gONIoxZIne2y3EwHO-FN_6u-9ZVYbV_0SdAYstmv51huAGKWO8u4G9xVzmcsT8CaxKa7Q_NshG7ucesU8tdYKbyhLRpJPQKJxAOOjQ7IUCMJCOLcT2A
-
登录dashboard
在浏览器输入http://masterIP:31021 即可通过刚才获取到的token登录到dashboard。