部署
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml [machangwei@mcwk8s-master ~]$ kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [machangwei@mcwk8s-master ~]$ kubectl get pod --namespace=kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-799d786dbf-kmxqs 1/1 Running 0 4m14s kubernetes-dashboard-546cbc58cd-292lp 1/1 Running 0 4m15s [machangwei@mcwk8s-master ~]$ kubectl get service --namespace=kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.106.156.251 <none> 8000/TCP 4m26s kubernetes-dashboard ClusterIP 10.103.171.207 <none> 443/TCP 4m28s [machangwei@mcwk8s-master ~]$ kubectl get deployment --namespace=kubernetes-dashboard NAME READY UP-TO-DATE AVAILABLE AGE dashboard-metrics-scraper 1/1 1 1 4m50s kubernetes-dashboard 1/1 1 1 4m52s 将部署配置文件kubernetes-dashboard这个service修改为NodePort类型,这里没有,直接添加 kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard type: NodePort
[machangwei@mcwk8s-master ~]$ vim recommended.yaml [machangwei@mcwk8s-master ~]$ kubectl apply -f recommended.yaml namespace/kubernetes-dashboard unchanged serviceaccount/kubernetes-dashboard unchanged service/kubernetes-dashboard configured secret/kubernetes-dashboard-certs unchanged secret/kubernetes-dashboard-csrf configured Warning: resource secrets/kubernetes-dashboard-key-holder is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically. secret/kubernetes-dashboard-key-holder configured configmap/kubernetes-dashboard-settings unchanged role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged deployment.apps/kubernetes-dashboard unchanged service/dashboard-metrics-scraper unchanged deployment.apps/dashboard-metrics-scraper unchanged [machangwei@mcwk8s-master ~]$ kubectl get service --namespace=kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.106.156.251 <none> 8000/TCP 11m kubernetes-dashboard NodePort 10.103.171.207 <none> 443:30766/TCP 11m [machangwei@mcwk8s-master ~]$ kubectl get pod --namespace=kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-799d786dbf-kmxqs 1/1 Running 0 11m kubernetes-dashboard-546cbc58cd-292lp 1/1 Running 0 11m [machangwei@mcwk8s-master ~]$ kubectl get pod --namespace=kubernetes-dashboard -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dashboard-metrics-scraper-799d786dbf-kmxqs 1/1 Running 0 11m 10.244.1.2 mcwk8s-node1 <none> <none> kubernetes-dashboard-546cbc58cd-292lp 1/1 Running 0 11m 10.244.2.2 mcwk8s-node2 <none> <none> [machangwei@mcwk8s-master ~]$
由上可知,访问地址是:https://10.0.0.6:30766/ 或者是.4 .5的ip也行
mcwk8s-node2 10.0.0.6
页面访问
需要使用token,如果没有创建账号和secret的话,
可以创建账号,这里其实部署的时候已经创建好了
[machangwei@mcwk8s-master ~]$ cat rolebd.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: Cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard [machangwei@mcwk8s-master ~]$
[machangwei@mcwk8s-master ~]$ kubectl get secret --namespace=kubernetes-dashboard #查看它的secret NAME TYPE DATA AGE default-token-jv99x kubernetes.io/service-account-token 3 58m kubernetes-dashboard-certs Opaque 0 58m kubernetes-dashboard-csrf Opaque 1 58m kubernetes-dashboard-key-holder Opaque 2 58m kubernetes-dashboard-token-bszwp kubernetes.io/service-account-token 3 58m [machangwei@mcwk8s-master ~]$ kubectl describe secret kubernetes-dashboard-token-bszwp --namespace=kubernetes-dashboard #查看dashboard的token的详情 Name: kubernetes-dashboard-token-bszwp Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: kubernetes-dashboard kubernetes.io/service-account.uid: 2fdc3d0f-3d90-4231-be4b-408af9bc8b02 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6InVZcVJ4N09mRTZMMWRYWThlTkY3T01JMFBrdnA3emhOTW1kMXpsVzFZUGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ic3p3cCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjJmZGMzZDBmLTNkOTAtNDIzMS1iZTRiLTQwOGFmOWJjOGIwMiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.jZZRCvgQVUc_xS2R4hABNqmQ2DeU8DxXChihQ3gg-d7QmhPrqX8iSlijLwbAwPfZh8X8OArmZy6Fi2ijHpERvkSCXsQGKOrPpVtrlNURUhGwo4MNNEvxqjdbE2llDRLZm7Vdshf5GKiJpbrLjlLMx0KpUOYfaLG6Sv3macXzOmW39W-Hj9KflsvT_Zo4B5J36wsaI7d_Wex4pO6MPwJJUnoQ1bLHuPs8rRar5U_UAowDz78gWum42H_2NkD7IRkAL7b8UD-CaN9j2nVadnChRGes_nBELcP1EpPm-VCdxidkTKfzukL7EsqsifxUedTchzjDzl4AKDgGk3BeT_BJYg [machangwei@mcwk8s-master ~]$ #直接复制上面token的值粘贴到输入token的框中,点击登录进入
刚刚的操作这里有提示:
右边可以创建资源,左边这个可以选择命名空间
点一点又出来了,貌似没有权限把,额好像是没资源的提示
添加一个,并上传
还真是没有权限呀