安装kubernetes-dashboard
<p><span style="color: rgba(255, 0, 0, 1); font-family: "Microsoft YaHei"; font-size: 18px">注意:以下的命令都是在kubernetes 1.15中执行的,如果是其他版本,不保证效果。 </span></p><p><span style="color: rgba(0, 0, 255, 1); font-family: "Microsoft YaHei"; font-size: 18px">1、创建kubernetes-dashboard服务和对应的pod</span></p>
<p>kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml</p>
<p>如果发现该链接失效,请访问https://github.com/kubernetes/dashboard,然后查找最新的链接。</p>
<p> </p>
<p><span style="color: rgba(0, 0, 255, 1); font-family: "Microsoft YaHei"; font-size: 18px">2、查看创建的服务和pod</span></p>
<p><img src="https://img2018.cnblogs.com/blog/1138081/201907/1138081-20190719174250875-1240564067.png"></p>
<p><img src="https://img2018.cnblogs.com/blog/1138081/201907/1138081-20190719174340346-1379033899.png"></p>
<p> </p>
<p><span style="font-size: 18px; font-family: "Microsoft YaHei"; color: rgba(0, 0, 255, 1)">3、重新创建一个可以供外网访问的Service</span></p>
<p># cat kubernetes-dashboard.yaml</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
clusterIP: <span style="color: rgba(255, 0, 0, 1)">10.97.14.63</span>
externalTrafficPolicy: Cluster
ports:
- nodePort: <span style="color: rgba(255, 0, 0, 1)">30443</span>
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}</span></pre>
</div>
<p>在填写clusterIP时,一定要跟已经存在的kubernetes-dashboard服务的IP不同,也就是在第二步中截图中的10.97.14.62,所以我改成了63.</p>
<p> </p>
<p><span style="color: rgba(0, 0, 255, 1); font-family: "Microsoft YaHei"; font-size: 18px">4、创建一个ServiceAccount</span></p>
<p><span style="color: rgba(0, 0, 0, 1); font-family: 宋体; font-size: 15px"># cat dashboard.yaml</span></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io</span></pre>
</div>
<p>我们需要使用该ServiceAccount的secret作为登录dashboard的凭证。</p>
<p><span style="color: rgba(255, 0, 0, 1)">因为官方给的默认权限是最小的,所以我们要自建一个最大权限的SA。</span></p>
<p> </p>
<p><span style="color: rgba(0, 0, 255, 1); font-family: "Microsoft YaHei"; font-size: 18px">5、获取secret中的token</span></p>
<p># kubectl describe secret dashboard -n kube-system</p>
<p>类似这样:</p>
<p><img src="https://img2018.cnblogs.com/blog/1138081/201907/1138081-20190719175107545-107978015.png"></p>
<p> </p>
<p><span style="color: rgba(0, 0, 255, 1); font-family: "Microsoft YaHei"; font-size: 18px">6、访问dashboard</span></p>
<p>浏览器输入:(请使用火狐浏览器,使用谷歌浏览器时不好使)</p>
<p>https://192.168.198.136:30443</p>
<p>首次访问时,会阻拦你,所以你需要继续访问,然后选择验证方式时,会有kubeconfig和令牌两种方式,我们选择令牌。</p>
<p>然后将第5步中获取的token填入,就可以访问了。</p>
<p><img src="https://img2018.cnblogs.com/blog/1138081/201907/1138081-20190719175434165-966880421.png"></p>
<p> </p><br><br>
来源:https://www.cnblogs.com/t-road/p/11214862.html
頁:
[1]