一、在 master 节点操作
由于 K8s 版本不同,具体去这里查看对应的版本
https://github.com/kubernetes/dashboard/releases
如果使用 wget 命令无法下载,可以使用迅雷下载好上传到 K8s-Master 节点上
[root@k8s-master01 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
构建 Pod
[root@k8s-master01 dashboard]# kubectl apply -f recommended.yaml
查看 Pod 状态
[root@k8s-master01 ~]# kubectl get pods --all-namespaces | grep dashboard
NAMESPACE NAME READY STATUS RESTARTS AGE
kubernetes-dashboard dashboard-metrics-scraper-6ddd77bc75-qfddn 1/1 Running 0 37s
kubernetes-dashboard kubernetes-dashboard-8c9c48775-v229s 1/1 Running 0 37s
删除现有的 dashboard 服务,dashboard 服务的 namespace 是 kubernetes-dashboard,但是该服务的类型是ClusterIP,不便于我们通过浏览器访问,因此需要改成 NodePort 类型的
[root@k8s-master01 dashboard]# kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19h
default nginx-deployment ClusterIP 10.102.181.9 <none> 80/TCP 17h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 19h
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.108.52.150 <none> 8000/TCP 10s
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.110.11.43 <none> 443/TCP
[root@k8s-master01 dashboard]# kubectl delete service kubernetes-dashboard --namespace=kubernetes-dashboard
service "kubernetes-dashboard" deleted
创建配置文件dashboard-svc.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
创建该 Service
[root@k8s-master01 dashboard]# kubectl apply -f dashboard-svc.yaml
service/kubernetes-dashboard created
再次查看服务
[root@k8s-master01 dashboard]# kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19h
default nginx-deployment ClusterIP 10.102.181.9 <none> 80/TCP 17h
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 19h
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.108.52.150 <none> 8000/TCP 48s
kubernetes-dashboard kubernetes-dashboard NodePort 10.101.88.219 <none> 443:30323/TCP
创建 kubernetes-dashboard 管理员角色,dashboard-svc-account.yaml
内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
执行创建
[root@k8s-master01 dashboard]# kubectl apply -f dashboard-svc-account.yaml
serviceaccount/dashboard-admin created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
获取 token,就可以在浏览器登录了
[root@k8s-master01 dashboard]# kubectl get secret -n kube-system |grep admin|awk ‘{print $1}‘
dashboard-admin-token-b4frj
[root@k8s-master01 dashboard]# kubectl describe secret dashboard-admin-token-b4frj -n kube-system|grep ‘^token‘|awk ‘{print $2}‘
eyJhbGciOiJSUzI1NiIsImtpZCI6IndDX2MyTE...
二、浏览器访问 K8s Web管理界面
查看外部访问端口,也就是刚刚我们创建的 Service
[root@k8s-master01 ~]# kubectl get svc --all-namespaces | grep dashboard
浏览器输入https://x.x.x.x:30323
登录后的界面
参考博客:https://blog.csdn.net/mshxuyi/article/details/108425487