基于已经搭建好的Kubernetes集群进行部署Dashboard
下载yaml文件
# 代理网络使用者
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.1.0/aio/deploy/recommended.yaml
# 国内网络使用者
wget https://www.feiyiblog.com/files/dashboard/recommended.yaml
下载镜像
部署时也会下载,为了部署时可以更快的Running,所以提前下载
docker pull kubernetesui/dashboard:v2.1.0
修改yaml文件
默认这个文件部署之后不是通过Clusterip访问的,为了更友好的访问,采用 NodePort的方式部署
# dashboard 2.1.0版本
# 40行添加type
39 spec:
40 type: NodePort
41 ports:
42 - port: 443
43 targetPort: 8443
# 44行添加nodePort,也可以不写,不写会随机分配
44 nodePort: 30001
修改镜像下载策略
因为刚才已经下载了镜像,这里修改为如果镜像存在直接使用,不存在才会去下载
# 193行
imagePullPolicy: IfNotPresent
# 将Always修改为IfNotPresent
部署Dashboard
# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看是否运行
# 切换默认命名空间
# kubectl config set-context --current --namespace=kubernetes-dashboard
# kubectl get pods
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-6b4884c9d5-86xt4 1/1 Running 0 106s
kubernetes-dashboard-8478c4964c-xnxcj 1/1 Running 0 107s
查看映射到主机的访问端口
主机ip:192.168.1.11
映射port:30001
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.42.139 <none> 8000/TCP 105s
kubernetes-dashboard NodePort 10.105.185.21 <none> 443:30001/TCP 105s
验证访问Dashboard
网络内服务器访问https://NodeIP:port
,也就是https://192.168.1.11:30001
如果是随机调度到某节点,需要查看pod在哪个节点,然后去用哪个节点的ip
验证方式这里就选择token,需要获取token,往下看
Token认证方式登录
给所有namespace授权
# 创建serviceaccount
kubectl create serviceaccount dashboard-serviceaccount -n kubernetes-dashboard
# 创建clusterrolebinding
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-serviceaccount
获取token
[root@openness ~]# kubectl get secret | grep dashboard-serviceaccount-token
dashboard-serviceaccount-token-8x7gg kubernetes.io/service-account-token 3 2m43s
[root@openness ~]# kubectl describe secret dashboard-serviceaccount-token-8x7gg
将token字段的值复制到网页的token部分,即可登录