参考:
https://www.kubernetes.org.cn/7189.html
http://blog.51yip.com/cloud/2399.html
# 需要科学攀登:wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml
=============================
#1 用自己下载好的依赖文件
[root@master1 ~]# wget https://makeoss.oss-cn-hangzhou.aliyuncs.com/k8s/recommended.yaml
#2 修改nodePort的端口
[root@master1 ~]# kubectl get pod,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-6799fc88d8-krzhj 1/1 Running 0 175m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d18h
service/nginx NodePort 10.102.9.196 <none> 80:30237/TCP 4d17h
#3 create管理员角色
[root@master1 ~]# kubectl create -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
The Service "kubernetes-dashboard" is invalid: spec.ports[0].nodePort: Forbidden: may not be used when `type` is 'ClusterIP'
#4 定义角色的端口,设置3200端口(范围:30000-32767),此端口不要与NodePort一样。
[root@master1 ~]# vi recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新增的
ports:
- port: 443
targetPort: 8443
nodePort: 32000 # 新增的,此端口与NodePort不要写一样
selector:
k8s-app: kubernetes-dashboard
#5 查看pod,service,角色的端口端口是否已经修改成功
[root@master1 ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.100.165.150 <none> 8000/TCP 12s
kubernetes-dashboard NodePort 10.106.76.111 <none> 443:32000/TCP 12s
#6 检查kubernetes-dashboard是否成功
[root@master1 ~]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-7f89b7bc75-gxkgp 1/1 Running 2 2d7h 10.244.0.6 master1 <none> <none>
coredns-7f89b7bc75-zfvbw 1/1 Running 2 2d7h 10.244.0.7 master1 <none> <none>
etcd-master1 1/1 Running 4 4d18h 192.168.131.30 master1 <none> <none>
kube-apiserver-master1 1/1 Running 4 4d18h 192.168.131.30 master1 <none> <none>
kube-controller-manager-master1 1/1 Running 3 4d17h 192.168.131.30 master1 <none> <none>
kube-flannel-ds-k9ps8 1/1 Running 3 4d18h 192.168.131.31 node1 <none> <none>
kube-flannel-ds-snzpw 1/1 Running 4 4d18h 192.168.131.30 master1 <none> <none>
kube-flannel-ds-vzbmc 1/1 Running 3 4d18h 192.168.131.32 node2 <none> <none>
kube-proxy-89mcj 1/1 Running 3 4d18h 192.168.131.32 node2 <none> <none>
kube-proxy-cmlvx 1/1 Running 4 4d18h 192.168.131.30 master1 <none> <none>
kube-proxy-skz5n 1/1 Running 3 4d18h 192.168.131.31 node1 <none> <none>
kube-scheduler-master1 1/1 Running 3 4d17h 192.168.131.30 master1 <none> <none>
#6 生成Dashboard的认证令牌
[root@master1 ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@master1 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@master1 ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-j746c
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: c0e2f317-1258-4ed8-bc44-d8d31cf43cc0
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik0zdzB3bnluSVFCNkdBV3RXT0NBbzdtc1dfdW4wVUpCZGpIWWtPS190MWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tajc0NmMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzBlMmYzMTctMTI1OC00ZWQ4LWJjNDQtZDhkMzFjZjQzY2MwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.kpjtGoOOnVk9Fr31QBzmMP4DduvwjP1o5lxdzxf7fmxiuJ35F63djokNx6-4DAOXW0AM15kgwk_0oGmM5Hc43pLWmAhfdN9SDg3LXhp0X3J5A8nlAlJXk3g89r9jz83EJzbWqsPK0z5c1p5-2GHJFP-S5kwzYqQPDDoau-jrmQZx4SoYhF_eVDOFpicls1wzscMzqdoqz4oA-GncG2YYEmrd-veDL3UWKeDgrtT5IqbfkahL_jEJ65Av-a_KT7SyNfeinP87wTfuQkAlumzafo4EJrf7gBXAVROrYWSNqu1PWgPZcsJFOnL8EofAknUp9thPPFqimr9i6gsN2tydNw
#7 访问(如果没有配置https,则访问不了,请使用火狐访问)
#7.1 将生成的#6中的token填入下面:
#7.2 登录成功:
-