创建 kubernetes-dashboard
官方仓库
https://github.com/kubernetes/dashboard
下载
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml也可以直接使用 url
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml但是,因为后续需要修改,而且 raw.githubusercontent.com 域名不一定总能打开,所以,下载下来比较放心!
改用 NodePort 方式访问
vim recommended.yaml找到 k8s-app: kubernetes-dashboard ,增加 type: NodePort 和 nodePort: 30001
--- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort #使用 NodePort方式,方便外网访问 ports: - port: 443 targetPort: 8443 nodePort: 30001 #映射到host的30001端口 selector: k8s-app: kubernetes-dashboard ---后来配置了本地 LoadBalancer
k8s学习: 使用 MetalLB 给测试环境配置LoadBalancer 服务
所以,改成了这样kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: LoadBalancer # NodePort ports: - port: 443 targetPort: 8443 # nodePort: 30001 selector: k8s-app: kubernetes-dashboard ---kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created确认
kubectl get pods --all-namespacesNAMESPACE NAME READY STATUS RESTARTS AGE ... kubernetes-dashboard dashboard-metrics-scraper-c45b7869d-nxbct 1/1 Running 5 (53m ago) 6d kubernetes-dashboard kubernetes-dashboard-576cb95f94-jtz58 1/1 Running 5 (53m ago) 6d
创建访问用户
官方仓库文档
Creating sample user镜像仓库文档
Creating sample user创建一个 adminuser(Creating a Service Account)
vim dashboard-adminuser.yamlapiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard生成
kubectl apply -f dashboard-adminuser.yaml创建一个ClusterRole(Creating a ClusterRoleBinding)
vim dashboard-ClusterRoleBinding.yamlapiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard生成
kubectl apply -f dashboard-ClusterRoleBinding.yaml获取访问令牌(Getting a Bearer Token)
从仓库文档中找到 Getting a Bearer Token 命令样本
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
结果如下
eyJhbGciOiJSUzI1NiIsImtpZCI6IkhRVkxadFBlblNkbGYtZ05obUNDWmxkNzhEazFsbWoxOGNCSkRST25VY28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWpzc3BwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4NmJkZGQwZS1lODE0LTQ4MjItODAyYS0wZGVlZWU1YzQ2ZjAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.OivIRkS11wQMNTztVeokL63qYSl3-Cb9UnHHa3yFhiVBuDz_92F7gy3C1etX2MEE1l-1zAFnmiAypum1T-PjCVSodvgvUKv_N3KTDSUdW0JIpDxymK_cIoU6H6aqL5F5FvYgodYNKc05wuKVH2Jc1udZthADoD5RRpo1S_ttwLfjJgiSOa-Bz-4A_jv4EzJqcBqVZtusacosT6x9JxcukoWq9bmuSZ8Lp99dVFzsCHgD1XicBYSm6RQ8tXAYioEHa0tk3SJrC6rLrLBa5_NIO9ZkwGWpumj35yC-SkD8uDjuwPFtn1DE7EmOEut8N1Rg5kZ9izV4_7oY9CK1nQDcb[root@c[root@centos7-189 working]# [root@centos7-[root@c[root@centos7-[root@centos7-[root@centos7-[root@c[root@centos7-
或者
这个指令样本忘记从哪里 cp 来的了
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
返回结果样本:
eyJhbGciOiJSUzI1NiIsImtpZCI6IkhRVkxadFBlblNkbGYtZ05obUNDWmxkNzhEazFsbWoxOGNCSkRST25VY28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWpzc3BwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4NmJkZGQwZS1lODE0LTQ4MjItODAyYS0wZGVlZWU1YzQ2ZjAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.OivIRkS11wQMNTztVeokL63qYSl3-Cb9UnHHa3yFhiVBuDz_92F7gy3C1etX2MEE1l-1zAFnmiAypum1T-PjCVSodvgvUKv_N3KTDSUdW0JIpDxymK_cIoU6H6aqL5F5FvYgodYNKc05wuKVH2Jc1udZthADoD5RRpo1S_ttwLfjJgiSOa-Bz-4A_jv4EzJqcBqVZtusacosT6x9JxcukoWq9bmuSZ8Lp99dVFzsCHgD1XicBYSm6RQ8tXAYioEHa0tk3SJrC6rLrLBa5_NIO9ZkwGWpumj35yC-SkD8uDjuwPFtn1DE7EmOEut8N1Rg5kZ9izV4_7oY9CK1nQDcbQ
打开Dashboard
浏览器打开 https://192.168.1.189:30001/#/login
后来使用了 LoadBalancer ,url 变成了这个
https://192.168.1.242/#/ingress?namespace=default
ip 地址是这样子获取的kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.96.77.141 <none> 8000/TCP 7m35s kubernetes-dashboard LoadBalancer 10.101.232.27 192.168.1.242 443:30332/TCP 7m36s
使用前一步保存的 token 登录
版权声明:本文为u010953609原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。