########国内网#######
1.1、在 master 节点执行
vim /etc/ hosts
185.199.108.133 raw.githubusercontent.com #增加
1.2、下载recommended.yaml
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
--2023-11-07 09:23:42-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.108.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7621 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’ 100%[=================================================================================================================================>] 7,621 --.-K/s in 0s2023-11-07 09:23:42 (57.3 MB/s) - ‘recommended.yaml’ saved [7621/7621]
注:如果被拒绝链接,等下多试几次就能成功。
1.3、所有节点下载镜像
[root@k8s-master ~]# grep "image:" recommended.yaml
image: kubernetesui/dashboard:v2.0.0
image: kubernetesui/metrics-scraper:v1.0.4
[root@k8s-master ~]# docker pull kubernetesui/dashboard:v2.0.0
v2.0.0: Pulling from kubernetesui/dashboard
e3ce5d699e5f: Pull complete
6a5c1f547a22: Pull complete
Digest: sha256:4af9580485920635d888efe1eddbd67e12f9d5d84dba87100e93feb4e46636b3
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0
docker.io/kubernetesui/dashboard:v2.0.0
[root@k8s-master ~]# docker pull kubernetesui/metrics-scraper:v1.0.8
v1.0.8: Pulling from kubernetesui/metrics-scraper
Digest: sha256:76049887f07a0476dc93efc2d3569b9529bf982b22d29f356092ce206e98765c
Status: Image is up to date for kubernetesui/metrics-scraper:v1.0.8
docker.io/kubernetesui/metrics-scraper:v1.0.8
1.4、修改recommended.yaml文件
vim recommended.yaml
需要修改的内容如下所示
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30000 #增加
selector:
k8s-app: kubernetes-dashboard
#因为自动生成的证书很多浏览器无法使用,所以我们自己创建,注释掉kubernetes-dashboard-certs对象声明
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
1.5、创建证书
mkdir dashboard-certs
cd dashboard-certs/
#创建命名空间
kubectl create namespace kubernetes-dashboard
# 创建key文件
openssl genrsa -out dashboard.key 2048
#证书请求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#自签证书
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
1.6、安装dashboard
kubectl apply -f ~/recommended.yaml
[root@k8s-master dashboard-certs]# kubectl apply -f ~/recommended.yaml
namespace/kubernetes-dashboard configured
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
注:这里可能会报如下所示。
Error from server (AlreadyExists): error when creating "./recommended.yaml": namespaces "kubernetes-dashboard" already exists
这是因为我们在创建证书时,已经创建了kubernetes-dashboard命名空间,所以直接忽略此错误信息即可。
1.7、查看安装结果
[root@k8s-master dashboard-certs]# kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-7ff77c879f-f9h2z 1/1 Running 0 3d23h 10.244.0.2 k8s-master <none> <none>
kube-system coredns-7ff77c879f-qg6s5 1/1 Running 0 3d23h 10.244.0.3 k8s-master <none> <none>
kube-system etcd-k8s-master 1/1 Running 0 3d23h 192.168.155.110 k8s-master <none> <none>
kube-system kube-apiserver-k8s-master 1/1 Running 0 3d23h 192.168.155.110 k8s-master <none> <none>
kube-system kube-controller-manager-k8s-master 1/1 Running 0 3d23h 192.168.155.110 k8s-master <none> <none>
kube-system kube-flannel-ds-2h4ng 1/1 Running 0 3d21h 192.168.155.110 k8s-master <none> <none>
kube-system kube-flannel-ds-cc4n9 1/1 Running 0 3d21h 192.168.155.112 k8s-node2 <none> <none>
kube-system kube-flannel-ds-rrw65 1/1 Running 0 3d21h 192.168.155.111 k8s-node1 <none> <none>
kube-system kube-proxy-42hl5 1/1 Running 0 3d21h 192.168.155.112 k8s-node2 <none> <none>
kube-system kube-proxy-t64x8 1/1 Running 0 3d23h 192.168.155.110 k8s-master <none> <none>
kube-system kube-proxy-z9fs2 1/1 Running 0 3d21h 192.168.155.111 k8s-node1 <none> <none>
kube-system kube-scheduler-k8s-master 1/1 Running 0 3d23h 192.168.155.110 k8s-master <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-dpm8p 1/1 Running 0 117s 10.244.1.3 k8s-node1 <none> <none>
kubernetes-dashboard kubernetes-dashboard-7b544877d5-bxvnd 1/1 Running 2 117s 10.244.2.3 k8s-node2 <none> <none>
[root@k8s-master dashboard-certs]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-6b4884c9d5-dpm8p 1/1 Running 0 4m19s
kubernetes-dashboard-7b544877d5-bxvnd 1/1 Running 2 4m19s
[root@k8s-master dashboard-certs]# kubectl describe pod kubernetes-dashboard-7b544877d5-bxvnd -n kubernetes-dashboard
Name: kubernetes-dashboard-7b544877d5-bxvnd
Namespace: kubernetes-dashboard
Priority: 0
Node: k8s-node2/192.168.155.112
Start Time: Tue, 07 Nov 2023 14:16:19 +0800
Labels: k8s-app=kubernetes-dashboard
pod-template-hash=7b544877d5
Annotations: <none>
Status: Running
IP: 10.244.2.3
IPs:
IP: 10.244.2.3
Controlled By: ReplicaSet/kubernetes-dashboard-7b544877d5
Containers:
kubernetes-dashboard:
Container ID: docker://fa25253513a268b1aa47eedd6a857d801c768d2b08e5a62594b90c0017c95792
Image: kubernetesui/dashboard:v2.0.0
Image ID: docker-pullable://kubernetesui/dashboard@sha256:06868692fb9a7f2ede1a06de1b7b32afabc40ec739c1181d83b5ed3eb147ec6e
Port: 8443/TCP
Host Port: 0/TCP
Args:
--auto-generate-certificates
--namespace=kubernetes-dashboard
State: Running
Started: Tue, 07 Nov 2023 14:17:29 +0800
[root@k8s-master dashboard-certs]# kubectl get svc -A -o wide
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d <none>
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 4d k8s-app=kube-dns
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.107.127.209 <none> 8000/TCP 46m k8s-app=dashboard-metrics-scraper
kubernetes-dashboard kubernetes-dashboard NodePort 10.101.136.206 <none> 443:30000/TCP 46m k8s-app=kubernetes-dashboard
1.8、创建dashboard管理员
创建dashboard-admin.yaml文件。
vim dashboard-admin.yaml
#文件的内容如下所示:
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
#保存退出后执行如下命令创建管理员。
kubectl create -f ./dashboard-admin.yaml
[root@k8s-master ~]# kubectl create -f ./dashboard-admin.yaml
serviceaccount/dashboard-admin created
1.9、为用户分配权限
创建dashboard-admin-bind-cluster-role.yaml文件。
vim dashboard-admin-bind-cluster-role.yaml
#文件内容如下所示。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
#保存退出后执行如下命令为用户分配权限。
kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
[root@k8s-master ~]# kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-bind-cluster-role created
2.0、查看并复制用户Token
#在命令行执行如下命令。
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
[root@k8s-master ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-ldmn5
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: d1f00c29-1b79-486a-99ea-aa4d9eeee9dfType: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjU2SXlpUTdGWkJsVnZoc1ZKYW5LQTVwb1prU2FsZ3VVRlF2Mks3RFFxakEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbGRtbjUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZDFmMDBjMjktMWI3OS00ODZhLTk5ZWEtYWE0ZDllZWVlOWRmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.mAJPPAHiam4QwxV5HYTJl0CORDDAPK6fQwpvu6rXPB6_Byv8k07XE30g33-RlfL_muLdmtj5vG2SZUboqaLxSrwGmYIlcFKqPSOFenmSZIltG04ARlKNli5Qx1TAr2aS6-wGJAsU96VeFjOXchRyK08SHaDERT5giBngvzk6fXbhPZLqGWImXUSr-Gc8oSux2MPLzQhskQcD7yWaiNIhU0p6MhuqjsHLPIktFT99QbLbEFIjXCzlNAl8l0cTFVYNDPuH2RuvT5Bd0Y1eP7M0zPhYab_mq4I8ZLJz4pFn-1vcK7_zlvwN3zj7oBRR8SuteGFpBjKsm5O09pWSnRo5Iw
#复制保存以上Token值
2.1、查看dashboard界面
在浏览器中打开链接 https://192.168.155.110:30000
#以Token方式登录
输入以上Token值
注:打开网页的时候,底部显示“因为此网站发送了Chrome无法处理的杂乱凭据。网络错误和攻击通常是暂时的,因此,此网页稍后可能会恢复正常”,并且我们发现没有任何继续访问的按钮出现
解决方式: 在此页面空白处任意位置点击鼠标左键后,键盘输入引号中内容 "thisisunsafe" 即可自动跳转