1、下载初始化文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
2,修改recommended.yaml ----只展示需要修改的部分内容
--- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort #增加NodePort ports: - port: 443 targetPort: 8443 nodePort: 30000 #增加映射到容器外端口 selector: k8s-app: kubernetes-dashboard
3、创建证书
mkdir dashboard-certs cd dashboard-certs # 创建命名空间 kubectl create namespace kubernetes-dashboard # 创建key文件 openssl genrsa -out dashboard.key 2048 # 证书请求 openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert' # 自签证书 openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt # 创建kubernetes-dashboard-certs对象 kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
4,查看证书文件
[root@ha01 ~]# ll dashboard-certs/ 总用量 12 -rw-r--r-- 1 root root 989 1月 12 15:50 dashboard.crt -rw-r--r-- 1 root root 899 1月 12 15:49 dashboard.csr -rw-r--r-- 1 root root 1675 1月 12 15:49 dashboard.key
5、运行recommended.yaml
kubectl create -f recommended.yaml #注意会报错 Error from server (AlreadyExists): error when creating "./recommended.yaml": namespaces "kubernetes-dashboard" already exists #这是因为我们在创建证书时,已经创建了kubernetes-dashboard命名空间,所以,直接忽略此错误信息即可。
6、查看安装结果
[root@ha01 ~]# kubectl get pods -A -o wide | grep dashboard kubernetes-dashboard dashboard-metrics-scraper-78f5d9f487-qbqgr 1/1 Running 0 18h 10.244.0.12 ha01 <none> <none> kubernetes-dashboard kubernetes-dashboard-59ddbcfdcb-h7gsd 1/1 Running 8 18h 10.244.0.11 ha01 <none> <none>
7、查看暴露端口
[root@ha01 ~]# kubectl get service -n kubernetes-dashboard -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR dashboard-metrics-scraper ClusterIP 10.106.77.109 <none> 8000/TCP 18h k8s-app=dashboard-metrics-scraper kubernetes-dashboard NodePort 10.101.143.170 <none> 443:30000/TCP 18h k8s-app=kubernetes-dashboard
8、创建dashboard管理员
[root@ha01 ~]# cat dashboard-admin.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: dashboard-admin namespace: kubernetes-dashboard
9、执行创建命令
kubectl create -f dashboard-admin.yaml
10、用户权限分配
[root@ha01 ~]# cat dashboard-admin-bind-cluster-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dashboard-admin-bind-cluster-role labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kubernetes-dashboard
11,执行分配命令
kubectl create -f dashboard-admin-bind-cluster-role.yaml
12、查看并复制用户Token
[root@ha01 ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}') Name: dashboard-admin-token-6ll6p Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 4d358094-69b3-417a-85ea-241868f31957 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlA2WnBRZENRTEhVeUYzNFZJbGtLQTdpeXBTOF9fYnA2MHBKZExKNXpZdHMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNmxsNnAiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNGQzNTgwOTQtNjliMy00MTdhLTg1ZWEtMjQxODY4ZjMxOTU3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.e3SUQTnthXX0VnH9_mXnaPZF4Q3xGeoiIhlYCVDzKd80T4zsLuPIn
13、 查看dashboard界面
在浏览器中输入链接https://192.168.109.113:30000/#/login 界面如下图所示
14、我们选择Token方式登录,并输入在命令行获取到的Token,如下所示
15、登录后进入dashboard,如下所示