一、安装kubernetes-dashboard
安装dashboard需要先下载recommended.yaml文件,如果下载的时候报错,请参考前文在hosts文件里配置github的地址。
执行以下命令下载文件
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml --2021-09-17 14:07:51-- https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 199.232.28.133, 199.232.96.133, 185.199.108.133 Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.28.133|:443... connected. HTTP request sent, awaiting response... Read error (Success.) in headers. Retrying. --2021-09-17 14:08:33-- (try: 2) https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.28.133|:443... failed: Connection refused. Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.96.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 7543 (7.4K) [text/plain] Saving to: ‘recommended.yaml’ recommended.yaml 100%[============================================================================>] 7.37K --.-KB/s in 0s 2021-09-17 14:08:55 (16.6 MB/s) - ‘recommended.yaml’ saved [7543/7543]
修改recommended.yaml文件,在spec中增加如下配置:
[root@k8s-master ~]# vim recommended.yaml --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ##################添加这个配置 ports: - port: 443 targetPort: 8443 nodePort: 30000 ################添加这个配置 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1
以上配置增加完成之后执行如下命令,创建pod,并查看dashboard的状态。
[root@k8s-master ~]# kubectl create -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [root@k8s-master ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.102.62.153 <none> 8000/TCP 12s kubernetes-dashboard NodePort 10.110.179.54 <none> 443:30000/TCP 12s [root@k8s-master ~]#
此时可以用浏览器访问https://192.168.186.132:30000/#/login,如下图:
二、创建登录token
这里有Token和Kubeconfig两种登录方式,我采用的是第一种方式,以下是生成token的步骤:
1:创建token
[root@k8s-master ~]# kubectl create sa dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
2:授权token访问权限
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
3:获取token
[root@k8s-master ~]# ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}') [root@k8s-master ~]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}') [root@k8s-master ~]# echo ${DASHBOARD_LOGIN_TOKEN} eyJhbGciOiJSUzI1NiIsImirtyuioptpZCI6Ik45QXZnWVB4a011Q25I8V1dKOEdFWHM2blJJaU5sQTNRR2wyanN6WExQSzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZ2cydm4iLCJpordWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTlmZDUwNzItNTlhNi00NTcwLThkMTMtOTg0OTBhOTA4MDM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50O9iuhbmt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.42l75va-u1HYxOOey8obrxID8YdXwx3jwqrycFZUHZ8gmj0uYSHPmXHm3mt1iM15S_nZmMjaZZPbeUxmhf2D_khsG29t6_RaEad19YnWU4V5ibc9qHOCz2RtFEfh_S3rhcePJ5grP30NPZ1c6-4qKyAvgwLuwhSnphebkMLi-q5ELul4dl3t7yzyFjUphq1KZOvJQD-U3njdY8XCPwxQIKO7Ymi6m0Tm2a2dldXbaQPfCCgCdFumCJ7TfEJLFwK8CW3dAuzUQ6jKYneOgt2Jb0EaUGvFoZqcDRd96J_-K7F4rKZtmwEPsltRtz71i7_5_84b8smZnwJZj409hPDJfw [root@k8s-master ~]#
4:登录
用上一步生成的token登录dashboard
登录后的页面如图:
三、常用的token命令
1、查看token
[root@k8s-master ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS en5aq7.2fnljgjetdr3ou5w 20h 2021-09-18T02:57:34Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
2、创建token
[root@k8s-master ~]# kubeadm token create
3、删除token
[root@k8s-master ~]# kubeadm token delete tokenxxxxxxxxxxxxxxxx
4、获取node节点加入集群的token
kubeadm token create --print-join-command
kuberneters-dashboard安装完成,接下来开始安装node节点及加入k8s集群。
~~~未完待续