利用kubernetes 安装 Kubernetes Dashboard
最近再次学习下k8s,版本已经升级到1.17了,准备部署一下,以下是官方地址
https://github.com/kubernetes/dashboard
接着往下面看
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc2/aio/deploy/recommended.yaml
[root@master01 ~]# kubectl get pods --all-namespaces|grep kubernetes-dashboard kubernetes-dashboard-head dashboard-metrics-scraper-head-7cc7d9bb4b-77snh 1/1 Running 0 39m kubernetes-dashboard-head kubernetes-dashboard-head-5c87564c95-45r85 1/1 Running 0 39m kubernetes-dashboard dashboard-metrics-scraper-6cd59dd9c7-tbh2h 1/1 Running 0 20h kubernetes-dashboard kubernetes-dashboard-5b9d976b79-7clvr 1/1 Running 0 20h
已经很愉快的跑起来了,我们要怎么访问呢?
[root@master01 ~]# kubectl proxy --address 0.0.0.0
Starting to serve on [::]:8001
报了这个错
然后跟了一下官方的issue
https://github.com/kubernetes/dashboard/issues/4466
好像说的是跨域的问题
[root@master01 ~]# kubectl proxy --address 0.0.0.0 --accept-hosts .*
Starting to serve on [::]:8001
然后再试一下
Error trying to reach service: 'dial tcp 10.244.0.2:8443: i/o timeout'
又出现了这个坑
https://github.com/kubernetes/dashboard/issues/3038
kubectl --namespace=kube-system port-forward <kubernetes-dashboard-podname> 8443
说可以这样干一下
先查了一下 pods
[root@master01 ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-6cd59dd9c7-tbh2h 1/1 Running 0 21h kubernetes-dashboard-5b9d976b79-7clvr 1/1 Running 0 21h
[root@master01 ~]# kubectl -n kubernetes-dashboard get pod -o name | grep dashboard pod/dashboard-metrics-scraper-6cd59dd9c7-tbh2h pod/kubernetes-dashboard-5b9d976b79-7clvr [root@master01 ~]# kubectl --namespace=kubernetes-dashboard port-forward pod/kubernetes-dashboard-5b9d976b79-7clvr 8443 Forwarding from 127.0.0.1:8443 -> 8443 Forwarding from [::1]:8443 -> 8443
然后就很愉快的打开了
然后创建仿问权限
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
[root@master01 dashboard]# cat dashboard-adminuser.yaml --- apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
[root@master01 dashboard]# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user unchanged
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
[root@master01 dashboard]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-z2nbj Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: ca96b412-5bb8-4ee1-9b3e-19fef3134126 Type: kubernetes.io/service-account-token Data ==== token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ink5TmlycUZScGxOV2doWUYwMHNodHpXZ1VFanBOM0JQMC1rb25fYTlZVWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXoybmJqIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjYTk2YjQxMi01YmI4LTRlZTEtOWIzZS0xOWZlZjMxMzQxMjYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Usw-xM52c6dFX1K8j_voXnvSGFDsjiWi2CHn0cXrKIjwi6cops9cycEI_CX0OIoj9tau_Yn2Lm7Gzyqx-FW_gGWkhMZS6hkh5CjByD21c_7iCvprKHLahl6_fy-96rIBLc1UxYXJp1uaCu9opE157TbDOq9ob5kR-bF7t93U9XZZxz4OolYl-ir1OmfZxCkjjUmmsXps1IYUx1tcnWONbV-HXis7LGA3UfVxVxKhEo-Jr2lishF3TSuvxdLB0j5HvGDawaVnXMP_IeULis_uuDfaTftU28Eb35-12XkTeONTwkyxZQxPHllM--d1iBdNf1V-PFpGECGfb4kXutVQ5Q ca.crt: 1387 bytes namespace: 20 bytes
