安裝k8s-dashboard

基于k8s-1.22.2的版本

1.下載dashboard安裝yaml

下載地址如下

https://github.com/kubernetes/kubernetes/tree/v1.22.2/cluster/addons/dashboard

2.修改yaml文件

vim dashboard.yaml

將以下代碼注釋掉

#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#    addonmanager.kubernetes.io/mode: EnsureExists
#  name: kubernetes-dashboard-certs
#  namespace: kubernetes-dashboard
#type: Opaque

添加nodePort的端口

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort    #增加
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30002     #增加的端口  
  selector:
    k8s-app: kubernetes-dashboard

3.創(chuàng)建證書(shū)

創(chuàng)建證書(shū)存儲(chǔ)目錄：

mkdir k8s-cert
cd k8s-cert 

創(chuàng)建私鑰：

openssl genrsa -out dashboard.key 2048

創(chuàng)建請(qǐng)求證書(shū)：

openssl req -days 3600 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'

證書(shū)自簽：

openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

創(chuàng)建名稱(chēng)空間：

kubectl create namespace kubernetes-dashboard 

創(chuàng)建剛才注釋掉的證書(shū)kubernetes-dashboard-certs

kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

4.創(chuàng)建管理員賬號(hào)

4.1創(chuàng)建賬號(hào)

vim dashboard-admin.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard

保存后退出并執(zhí)行一下命令

kubectl apply -f dashboard-admin.yaml

4.2賬號(hào)綁定集群，獲取權(quán)限悍募。

vim dashboard-admin-bind-cluster-role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

保存后執(zhí)行以下命令：

kubectl create -f dashboard-admin-bind-cluster-role.yaml

5.安裝dashboard

kubectl apply -f dashboard.yaml

6.查看dashboard 的安裝情況：

[root@k8s-master dashboard]# kubectl get pod -n kubernetes-dashboard 
NAME                                         READY   STATUS    RESTARTS      AGE
dashboard-metrics-scraper-7b4c85dd89-j4vzg   1/1     Running   1 (17h ago)   17h
kubernetes-dashboard-7fff8584c9-2dq46        1/1     Running   1 (17h ago)   17h

[root@k8s-master dashboard]# kubectl get pod -n kubernetes-dashboard 
NAME                                         READY   STATUS    RESTARTS      AGE
dashboard-metrics-scraper-7b4c85dd89-j4vzg   1/1     Running   1 (17h ago)   17h
kubernetes-dashboard-7fff8584c9-2dq46        1/1     Running   1 (17h ago)   17h

7.查看并復(fù)制token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name:         dashboard-admin-token-4qhxb
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: dfefca26-2207-46ef-b298-3992a4c9c6bb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkZ0YTZHaUd1M3lJTGdEMm9ZQ3doNEU3OWs3eEx0bHRQSGVrb3ktZXloTkkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNHFoeGIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZGZlZmNhMjYtMjIwNy00NmVmLWIyOTgtMzk5MmE0YzljNmJiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.HBwY6tm2V3BMTu3HiQHjYd8vG6rKVUPImp7XjcEC2-POHXJE_K7-9SZBgLcnz0BZ8HphdlcIPm421Swo6XMENAL8yD_JGwcJqoLz5yp2EyjrpQc3u8znVvLxEV_Nd4WFumfEAfbwH_vocgruOvUSs3E5ybP31u-9l6ZZo9OJS-9ebyRUdBwVLf6Zr8LGsnABzGgMDCrjGPXnAu_OQ_xiTjtxSf-Qvk9Vetn1P1rsMMfR0TjsyK6w0IAQSqVFj1Fz4qT3N1yyXb2KXeRsyuW3sVXR9RRVJVAEba4bahVCdwwhPN3XIgGduIlJLTJbn3KMzihlxhkLM76DH4B6zyIFYA

7.訪(fǎng)問(wèn)網(wǎng)頁(yè)

• https://192.168.10.21:30002，選擇輸入token洋机，輸入剛才復(fù)制的密匙坠宴。

C3004DA7-EF63-4135-8563-D4FD795EEAE9.png

登錄成功后的界面：

3CD2CD11-7016-4c31-BA9B-D0484E81DEA8.png