目录
4.使用管理员角色登陆kubernetes-dashboard web界面
1.创建新目录
在master机器上执行:
# mkdir dashboard
# cd dashboard
下载yaml文件:
# curl -o kubernetes-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
修改此文件:
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
===================================================
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
主要是将镜像仓库地址换掉,使用NodePort暴露到集群外,方便访问
然后创建pod:
# kubectl create -f kubernetes-dashboard.yaml
也可以查看dashboard暴露出来的本地端口:
# kubectl -n kube-system get service kubernetes-dashboard
本次已经将映射端口固定为:30001
- 查看容器是否已经运行:
# kubectl get pods -n kube-system
附:
- 删除dashboard:
#kubectl delete –f xxx.yaml
- 获取pod“过程日志”描述
#kubectl describe pod kubernetes-dashboard-5f7b999d65-fdln9 -n kube-system
- 获取pod“反馈信息”
# kubectl logs kubernetes-dashboard-5f7b999d65-fdln9
2.创建kubernetes-dashboard管理员角色
# vim k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
- 加载管理员角色
# kubectl create -f k8s-admin.yaml
- 获取dashboard secret
#kubectl get secret -n kube-system
[root@docker-master1 ~]# kubectl get secret -n kube-system
NAME TYPE DAT A AGE
attachdetach-controller-token-9x2w2 kubernetes.io/service-account-token 3 19h
bootstrap-signer-token-62p44 kubernetes.io/service-account-token 3 19h
dashboard-admin-token-qn42j kubernetes.io/service-account-token 3 115s
default-token-9kxfq kubernetes.io/service-account-token 3 19h
deployment-controller-token-k62kh kubernetes.io/service-account-token 3 19h
disruption-controller-token-2szx7 kubernetes.io/service-account-token 3 19h
3.获取token
[root@docker-master1 ~]# kubectl describe secret dashboard-admin-token-qn42j -n kube-system
Name: dashboard-admin-token-qn42j
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: cf7ca71e-8cb0-11e9-94b4-fa163ea61xxe
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcW40MmoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiY2Y3Y2E3MWUtOGNiMC0xMWU5LTk0YjQtZmExNjNlYTYxMDhlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.lyXSL_YGuW21u1xShf7hOjtVG4wwQc4Q6BCIzjBDfIhEWczxt7wjx7DcyrKSTzHHG9Y2NKhnPqxi20kjFjYDlUU5UMXpAtoX1RQtl7jj_VFXIyBz4y14VE779FwGm5rX2GUwQvmh1snm7Xal16kJfSg0jjpWLbJf_1vmm9ZgM8t3nvC4HRcdRG4ZeliSL4-CZCqHNqn-SGbFrqtt0f7QN8p3GsvhMGWeXWqmyqbLtSlwSL1Lw_syG2E1LWgUrVRupVM1u_QNl_ZmSZMc7IqCMJwTfRLijswNhk1TkECzK_F8mJG8vDFqgYcIcTJV-5AUEp6LXa357YM8iCKvxxxQ
4.使用管理员角色登陆kubernetes-dashboard web界面
客户端浏览器输入:https://nodeIP:nodeport ,也就是kubernetes-dashboard容器在哪台node节点上跑,以及上面设置的nodeport端口(我这里是https://193.xx.xx.167:30001)
出现如下界面,选择令牌——输入令牌,(令牌为上面的token)
成功!
本系列文章:
1、centos7 通过kubeadm安装Kubernetes 1.14.3 集群
2、centos7 基于Kubernetes 安装dashboard
参考:https://www.kubernetes.org.cn/5462.html
https://www.cnblogs.com/harlanzhang/p/10045975.html
https://juejin.im/post/5c9a49ace51d456c9d78dbef#heading-2
http://jkzhao.github.io/2019/04/08/kubeadm%E5%AE%89%E8%A3%85kubernetes-1-14-0/
https://wangtingwei.info/?p=152
https://note.youdao.com/ynoteshare1/index.html?id=1197d46dd344f8aaaed66c1914a094b0&type=note