一、下载dashboard文件
由于国内网址限制无法直接从官网下载,所以要修改hosts文件,增加
185.199.108.133 raw.githubusercontent.com
[root@k8s-master docker]# curl -O https://raw.githubusercontent.com/kubernetes/d
ashboard/v2.7.0/aio/deploy/recommended.yaml
二、修改yaml文件
增加类型和集群端口: type: NodePort 和nodePort(发布端口)如下位置,注意冒号后面有个空格:
三、安装dashboard
[root@k8s-master docker]# kubectl apply -f recommended.yaml
查看状态
[root@k8s-master docker]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5657497c4c-mgc2f 1/1 Running 0 5m29s
kubernetes-dashboard-78f87ddfc-zb2vh 1/1 Running 0 5m29s
查看服务运行端口:
[root@k8s-master docker]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-5657497c4c-mgc2f 1/1 Running 0 9m29s
pod/kubernetes-dashboard-78f87ddfc-zb2vh 1/1 Running 0 9m29s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.222.227.100 <none> 8000/TCP 9m30s
service/kubernetes-dashboard NodePort 10.222.64.210 <none> 443:30000/TCP 9m30s
查看dashboard运行节点和端口
四、创建用户并授权
创建dashboard-admin文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
应用生成:[root@k8s-master docker]# kubectl apply -f dashboard-admin.yaml
serviceaccount/admin-user unchanged
clusterrolebinding.rbac.authorization.k8s.io/admin-user create
五、创建secret文件
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: dashboard-admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
应用生成:[root@k8s-master docker]# kubectl apply -f dashboard-secret.yaml
secret/dashboard-admin-user created
六、获取token
[root@k8s-master docker]# kubectl get secrets -A | grep admin
kubernetes-dashboard dashboard-admin-user kubernetes.io/service-a
ccount-token 3 56s
[root@k8s-master docker]# kubectl describe secrets dashboard-admin-user -n kuber
netes-dashboard
Name: dashboard-admin-user
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 7ac7b510-43bd-4b49-893a-715c9aa
99f24
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1107 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Im9jakJSS1k0dDJfZkh0QVJ5azVVWVNJd1MzbXk4
dXZNNUpYVVpQTDEweVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZ
XRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1Y
mVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdXNlc
iIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pb
i11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN
2FjN2I1MTAtNDNiZC00YjQ5LTg5M2EtNzE1YzlhYTk5ZjI0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY
2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLXVzZXIifQ.baznrUdvHpnFF62sK_IinCUzZG
ifGdWWyTJUqDFc8kgRqZCUZ5658zVH-L975xRhzIlAQQhJJ8gNL3zq-5hGcTAJbWfjWfa1X-j1VufxcL
A8fPhYDYsyjTbhzAYNGdSg7kP0G68afaKQD8e6szGlDTFtna7hM1PoodlY3TlpRl5aSKHv2pbpQFDPBl
AOnQH3ZtUL3bNkYSyxyojEXD3dbCHFyVUnMm0wz6jMNaTPRYalCZQkpUUuQxYbwEy4ifHmy7xo3Ds1ef
VucGYl0CtjwF_UOiRbZ8AKmNGfQwIivvNdNU4LxcRDaJh67MWX5B-fGhqDP9xfgTcdjH6Iw77QVg
七、复制token并登录
注意token里面不能有空格、回车,复制到txt文件中取消自动换行,保持一行,否则会出错。