Kubernetes 1.21.2部署dashboard 2.3.1Kubernetes 版本: 1.21.2
Dashboard 版本 : v2.3.1
检查dashboard版本与kubernetes版本兼容性:
https://github.com/kubernetes/dashboard/releases
部署Dashboard
需要提取的镜像:
Images
Kubernetes Dashboard
kubernetesui/dashboard:v2.3.1
Metrics Scraper
kubernetesui/metrics-scraper:v1.0.6
查看dashboard运行状态
[root@k8smaster ~]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-856586f554-cltht 1/1 Running 0 12m
kubernetes-dashboard-67484c44f6-8fb64 1/1 Running 0 12m
[root@k8smaster ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.98.224 <none> 8000/TCP 12m
kubernetes-dashboard ClusterIP 10.101.235.74 <none> 443/TCP 12m
修改Dashboard
通过NodePort方式暴露端口,这里指定30001,可自定义:
kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30001}]}}'
[root@k8smaster Dashboard]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.98.224 <none> 8000/TCP 21m
kubernetes-dashboard NodePort 10.101.235.74 <none> 443:30001/TCP 21m
登录Dashboard
浏览器访问dashboard:
https://<NODE_IP>:30001
选择token方式
创建dashboard-adminuser.yaml:
cat > dashboard-adminuser.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
创建登录用户
kubectl apply -f dashboard-adminuser.yaml
说明:上面创建了一个叫admin-user的服务账号,并放在kubernetes-dashboard 命名空间下,并将cluster-admin角色绑定到admin-user账户,这样admin-user账户就有了管理员的权限。默认情况下,kubeadm创建集群时已经创建了cluster-admin角色,我们直接绑定即可。
查看admin-user账户的token
[root@k8smaster Dashboard]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-94cwc
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 40066934-3d51-4dc7-a683-69dcef1a30ed
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkVCXzVHWmY2bVd2TW9JVkdYaDhBVGtEaWZXSzZRSllJSHJWZGZ4UmJJVzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTk0Y3djIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0MDA2NjkzNC0zZDUxLTRkYzctYTY4My02OWRjZWYxYTMwZWQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.EsMU-6EVXLieky6MRrTe4gTyHpFxEXinc5fHH6R6U6GQod48NH7rMQghvwGcecP73JGQIm2ASybU_MoVizRFTd6ijCwIwsNEMuRkmBV_q7IokIkpPJKlqSFI_xz3HZBDnDki6x5Rhz13EWDUWtGv8AuORzjQ3NGLDYFPZ3UE_8DivGcyLB9dvmP_UgUYGKRL-nke-v_bMLTS3L2Fv60uAXme4WHV96UZxVeBGiEV27-gNLXXoeqh_R7Rv9HmPaCC7kFoJ8WaAt-fdDUQvuykAAeUjIekuOk62L68_59gePmIu6KYdB7quidONquQTT6_VANEw
把获取到的Token复制到登录界面的Token输入框中,成功登陆dashboard:
