1.部署和访问 Kubernetes 仪表板
sudo curl -fsSLo recommended.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
#修改刚下载的yaml文件,添加type: NodePort -> 外网访问
$ vim recommended.yaml
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
type: NodePort
----------------------------------------------------------------
# create -f 创建dashboard
$ kubectl create -f recommended.yaml
# 查看namespace为kubernetes-dashboard下创建的pods
$ kubectl get pods -n kubernetes-dashboard
--------------------------------------------------------------------------
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-5fd74ddbcd-2m4j6 1/1 Running 0 3d23h
$ kubectl proxy &
# Starting to serve on 127.0.0.1:8001Access Control: 创建一个admin账号,否则进去之后无法观测各个小集群的信息(没有admin权限登录后各个界面都没有集群信息)
$ vim dashboard_admin.yaml
# *** 请替换为你想创建的名字
----------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ***
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: ***
namespace: kubernetes-dashboard
-----------------------------------------
$ kubectl create -f dashboard_admin.yaml
# 查找名为*** secret token
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep ***| awk '{print $1}')
----------------------------------------------------
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJl.....
# 复制这长一串的tokenChrome可能回因为证书问题无法访问
在chrome该页面上,直接键盘敲入这12个字符:`thisisunsafe`
**注意:鼠标点击当前页面任意位置,让页面处于最上层即可输入**2.通过局域网访问
kubectl port-forward -n kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 8080:443- 创建一个dashboard管理用户
kubectl create serviceaccount dashboard-admin -n kube-system- 绑定用户为集群管理用户
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin执行完以上操作后,由于管理用户的名称为dashboard-admin,生成的对应的secret的值则为dashboard-admin-token-随机字符串我的机器上完整名称为dashboard-admin-token-sg6bp
[centos@k8s-master dashboard]$ kubectl get secret -n=kube-system |grep dashboard-admin-token
dashboard-admin-token-sg6bp kubernetes.io/service-account-token 3 23h可以看到这个secret的完整名称,或者不使用grep管道,列出所有的secrets,然后从中寻找需要的.
通过上面介绍过的kubectl describe secret命令查看token
[centos@k8s-master dashboard]$ kubectl describe -n=kube-system secret dashboard-admin-token-sg6bp
Name: dashboard-admin-token-sg6bp
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: c60d2a65-619e-11e9-a627-0050568417a2
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtp...
[centos@k8s-master dashboard]$我们把以上token复制到登陆页面的token栏里,就可以登陆了.登陆以后就可以看到如上面最后展示的有完整信息的界面.
3.获取token
kubectl get secret -n=kube-system |grep dashboard-admin-token
kubectl describe -n=kube-system secret dashboard-admin-token-t854k
