0
点赞
收藏
分享

微信扫一扫

[Kubernetes]安装dashboard

洒在心头的阳光 2022-04-26 阅读 128
kubernetes

从github复制或下载:https://github.com/kubernetes/dashboard/blob/master/aio/deploy/recommended.yaml

然后运行:

kubectl create -f addons/dashboard/recommended.yaml

耐心等待运行成功:

[root@master1 k8s-manual-files]# kubectl -n kubernetes-dashboard get po,svc
NAME                                             READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-5ffcdcd45d-mp97p   1/1     Running   0          68s
pod/kubernetes-dashboard-66d7777546-wxjsd        1/1     Running   0          68s

NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/dashboard-metrics-scraper   ClusterIP   10.101.210.188   <none>        8000/TCP   68s
service/kubernetes-dashboard        ClusterIP   10.98.70.204     <none>        443/TCP    68s

然后在浏览器中输入地址:
https://192.168.108.131:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

结果提示:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
 
  },
  "status": "Failure",
  "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
  "reason": "Forbidden",
  "details": {
    "name": "https:kubernetes-dashboard:",
    "kind": "services"
  },
  "code": 403
}

这就需要我们为这个服务创建一个匿名账号,anonymous-proxy-rbac.yml:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: anonymous-dashboard-proxy-role
rules:
- apiGroups:
  - ""
  resources:
  - "services/proxy"
  resourceNames:
  - "https:kubernetes-dashboard:"
  verbs:
  - get
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: anonymous-dashboard-proxy-binding
  namespace: ""
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: anonymous-dashboard-proxy-role
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: system:anonymous

然后,运行:

这时候刷新web页面就出现登陆界面:
在这里插入图片描述
这需要我们通过命令创建一个用户:

[root@master1 k8s-manual-files]# kubectl -n kubernetes-dashboard create sa dashboard
serviceaccount/dashboard created
[root@master1 k8s-manual-files]# kubectl create clusterrolebinding dashboard --clusterrole cluster-admin --serviceaccount=kubernetes-dashboard:dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashboard created
[root@master1 k8s-manual-files]# SECRET=$(kubectl -n kubernetes-dashboard get sa dashboard -o yaml | awk '/dashboard-token/ {print $3}')
[root@master1 k8s-manual-files]# kubectl -n kubernetes-dashboard describe secrets ${SECRET} | awk '/token:/{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6ImRoQ1RiWWdHdC1BT1lSMDBPUWE4cUJGeDdFZC1qdzY5U080UklKZW5aa00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtdG9rZW4tNmR0ZDIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYjJmZGU1YTUtODdmYi00YWU1LWJmM2EtZTM4ZGM2YjNhNjllIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZCJ9.jtfxCRhdxuM_mpFPpd_rkTcYItmy1LRT9UzLQ8LJwTM9fJjMjax6xl6ew_HYe7QuwcZ9JiVIbThhJeKZra2Y2tMs01zzBPGvMBpsI6544FEIfqaJtS-CmiMlEobFWSwC7n4XcWFN61GqPC1FokdOYx8vOad4oXr6gQmM_iCkcRWJzFMhjBeyxGNB7beQPumTNZFkORYKeVcPYH5c3DxWT6HlFZWN6pE_Bbds_vU0v3tX0oWFE4Ej0hlGb2AiA8B1X8ujhvpvhM9JAQvHg3H4N6oUpVrSwFN-xKd1i4Rpbf0MvU7Gis0i8wju0LTF_e3zMLU8fHB7BiT4B4zZiRANdg

我们将生成的token复制到登陆界面,登陆即可:
在这里插入图片描述
这里切换namespace到kube-system了。

ps: 上海疫情啥时候结束啊!

举报

相关推荐

0 条评论