部署 kubernetes-dashboard

部署 :kubernetes-dashboad

kubernetes-dashboard.yaml文件内容在如下链接地址处复制

1https://raw.githubusercontent.com/luckylucky421/kubernetes1.17.3/master/kubernetes-dashboard.yaml 2 3

在master-01 上部署既可

1 kubectl apply -f kubernetes-dashboard.yaml 2 3

上面如果访问不了,可以访问下面的链接,然后把下面的分支克隆和下载,手动把yaml文件传到master1上即可:
https://github.com/luckylucky421/kubernetes1.17.3

验证:

1[root@k8s-master-01 ~]# kubectl get pods -n kubernetes-dashboard 2NAME READY STATUS RESTARTS AGE 3dashboard-metrics-scraper-694557449d-dxvdg 1/1 Running 0 41m 4kubernetes-dashboard-5f98bdb684-6rrng 1/1 Running 0 41m 5 6

查看dashboard前端的service

1[root@k8s-master-01 ~]# kubectl get svc -n kubernetes-dashboard -o wide 2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3dashboard-metrics-scraper ClusterIP 10.106.27.254 <none> 8000/TCP 42m k8s-app=dashboard-metrics-scraper 4kubernetes-dashboard ClusterIP 10.101.228.109 <none> 443:31126/TCP 42m k8s-app=kubernetes-dashboard 5 6

修改service type类型变成NodePort, 把type: ClusterIP变成 type: NodePort,保存退出即可。

1 [root@k8s-master-01 ~]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard 2 3

查看对外暴露的端口

1[root@k8s-master-01 ~]# kubectl get svc -n kubernetes-dashboard -o wide 2NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3dashboard-metrics-scraper ClusterIP 10.106.27.254 <none> 8000/TCP 47m k8s-app=dashboard-metrics-scraper 4kubernetes-dashboard NodePort 10.101.228.109 <none> 443:31126/TCP 47m k8s-app=kubernetes-dashboard 5 6

上面可看到service类型是NodePort,访问master1节点ip:31175端口即可访问kubernetes dashboard,我的环境需要输入如下地址: https://10.10.100.71:31126
在这里插入图片描述

通过yaml文件里指定的默认的token登陆dashboard

  1. 查看kubernetes-dashboard名称空间下的secret

1[root@k8s-master-01 ~]# kubectl get secret -n kubernetes-dashboard 2NAME TYPE DATA AGE 3default-token-lmdvj kubernetes.io/service-account-token 3 51m 4kubernetes-dashboard-certs Opaque 0 51m 5kubernetes-dashboard-csrf Opaque 1 51m 6kubernetes-dashboard-key-holder Opaque 2 51m 7kubernetes-dashboard-token-gc8sd kubernetes.io/service-account-token 3 51m 8 9

2)找到对应的带有token的kubernetes-dashboard-token-ngcmg

1[root@k8s-master-01 ~]# kubectl describe secret kubernetes-dashboard-token-gc8sd -n kubernetes-dashboard 2Name: kubernetes-dashboard-token-gc8sd 3Namespace: kubernetes-dashboard 4Labels: <none> 5Annotations: kubernetes.io/service-account.name: kubernetes-dashboard 6 kubernetes.io/service-account.uid: 7001cf72-7f4b-49de-a40b-26698b20f887 7 8Type: kubernetes.io/service-account-token 9 10Data 11==== 12ca.crt: 1029 bytes 13namespace: 20 bytes 14token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjBLWC1rOEd6MmNISFVLMERQWlEwQ25XTzV3SkRmV3V0eUZHR19qal9qWW8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1nYzhzZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcwMDFjZjcyLTdmNGItNDlkZS1hNDBiLTI2Njk4YjIwZjg4NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.d3Y4-BI4p1CwBTA3TpKqUOF5234aOGZiZ6e8q6nCgFi_qby6w2pUq4jW0_P0ghkICfzGAmBAFKNACMWrbaY4Exis-LMogFLaqs4ydN2HDcoJewAGXtIKfItwRSDVAeUs0LW1x47QLYFBHI-v-hZOtgRwos8vFgTKj2FjqoM2Ekk6dlY39kKOjqYXHZzravZcDbZ37QsFILezv-pbVGi6Br1MivWMY4v9cnbyjf836oPa8fpw6rAPp9gAj3KAzqpoFObwqaxJdkBHrw-Q3N1eJeKU1mAYpJBiTwKaIwFhAiAmPc7y-D__ECZruyq0eOT6lNRHvhrK9z4nlBErEPH3tg 15 16

记住token后面的值,把下面的token值复制到浏览器token登陆处即可登陆:
点击sing in登陆,显示如下,默认是只能看到default名称空间内容,我们需要建立管理员权限token

1[root@k8s-master-01 namespaces]# kubectl create clusterrolebinding dashboard-cluster-admin -n kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard 2clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created 3 4

3)找到对应的带有token的kubernetes-dashboard-token-ngcmg

1[root@k8s-master-01 namespaces]# kubectl describe secret kubernetes-dashboard-token-gc8sd -n kubernetes-dashboard 2Name: kubernetes-dashboard-token-gc8sd 3Namespace: kubernetes-dashboard 4Labels: <none> 5Annotations: kubernetes.io/service-account.name: kubernetes-dashboard 6 kubernetes.io/service-account.uid: 7001cf72-7f4b-49de-a40b-26698b20f887 7 8Type: kubernetes.io/service-account-token 9 10Data 11==== 12ca.crt: 1029 bytes 13namespace: 20 bytes 14token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjBLWC1rOEd6MmNISFVLMERQWlEwQ25XTzV3SkRmV3V0eUZHR19qal9qWW8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1nYzhzZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcwMDFjZjcyLTdmNGItNDlkZS1hNDBiLTI2Njk4YjIwZjg4NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.d3Y4-BI4p1CwBTA3TpKqUOF5234aOGZiZ6e8q6nCgFi_qby6w2pUq4jW0_P0ghkICfzGAmBAFKNACMWrbaY4Exis-LMogFLaqs4ydN2HDcoJewAGXtIKfItwRSDVAeUs0LW1x47QLYFBHI-v-hZOtgRwos8vFgTKj2FjqoM2Ekk6dlY39kKOjqYXHZzravZcDbZ37QsFILezv-pbVGi6Br1MivWMY4v9cnbyjf836oPa8fpw6rAPp9gAj3KAzqpoFObwqaxJdkBHrw-Q3N1eJeKU1mAYpJBiTwKaIwFhAiAmPc7y-D__ECZruyq0eOT6lNRHvhrK9z4nlBErEPH3tg 15 16

记住token后面的值,把下面的token值复制到浏览器token登陆处即可登陆,这样就有权限查看所有的资源了

代码交流 2021