kubernets (二) dashboard的搭建
官网 https://github.com/kubernetes/dashboard下载yaml文件wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml然后部署该文件kubectl apply -f recommended.yaml至此部署完毕了,但是还不能在集群
·
官网 https://github.com/kubernetes/dashboard
下载yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
然后部署该文件
kubectl apply -f recommended.yaml
至此部署完毕了,但是还不能在集群外访问到,
[root@k8s-master ~]# kubectl -n kubernetes-dashboard get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.106.154.29 <none> 8000/TCP 49m
kubernetes-dashboard ClusterIP 10.96.197.126 <none> 443/TCP 49m
修改service类型,把ClusterIP改为NodePort,集群外可以访问
[root@k8s-master ~]# kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard
spec:
clusterIP: 10.96.197.126
externalTrafficPolicy: Cluster
ports:
- nodePort: 32406
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort ##改为NodePort
status:
loadBalancer: {}
查看service端口
[root@k8s-master ~]# kubectl -n kubernetes-dashboard get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.106.154.29 <none> 8000/TCP 52m
kubernetes-dashboard NodePort 10.96.197.126 <none> 443:32406/TCP 52m
浏览器输入
https://:
可以看到展示页面
需要token,别担心,这个token已经在yaml文件中创建好了
[root@k8s-master ~]# kubectl -n kubernetes-dashboard get secrets
NAME TYPE DATA AGE
default-token-rrrj9 kubernetes.io/service-account-token 3 59m
kubernetes-dashboard-certs Opaque 0 59m
kubernetes-dashboard-csrf Opaque 1 59m
kubernetes-dashboard-key-holder Opaque 2 59m
kubernetes-dashboard-token-km4vm kubernetes.io/service-account-token 3 59m
最后一个就是token,我们查看一下
[root@k8s-master ~]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-km4vm
Name: kubernetes-dashboard-token-km4vm
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: f9ef74ad-f861-437e-87cf-c8598434dc14
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjA3TjZVTldZSDdhVGxqUUd3YmEtVzZHS2VQT1lScUlNN3ZDODBubnhITFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1rbTR2bSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImY5ZWY3NGFkLWY4NjEtNDM3ZS04N2NmLWM4NTk4NDM0ZGMxNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.aVbc0nS3ENB-hiVYUngTz5w6bXV2oU7h82WvM_mk1GGlKOc9fR2sJjGEySv8b60MB7-CPUCyrk1qJXqxiRX9TjK_n1gaEJ2GnevudZ996jD5nuBNIo_ZL9F2rsjEOijZUQd23JmLzptM-UzJ-vTZxIzsuVind1zoXypJmQaVpFqsahP0QHpo78yS7W3zVRxS8ZHmubaLgMIU0edLqB_tUQ_n7UgpKQD3BPJsoGieW4q4fyJ6w5k47GPqyk2Lc2G2gu7-c8gC83ja3QFBHfs5kOz2HJYNsifWOwRdDqFobah-JwgrzCytFIpD5GPthZV1FcdMob3Kca6TsB8bS7aIHA
好的 得到token了
输入登陆框看看。
发现什么都没有,会报错
configmaps is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "configmaps" in API group "" at the cluster scope
这明显就是权限的问题,修改下权限就行了,找到yaml文件中新建的ClusterRole,
[root@k8s-master ~]# kubectl get clusterrole|grep kubernetes-dashboard
kubernetes-dashboard 2020-07-29T01:41:22Z
编辑ClusterRole
[root@k8s-master ~]# kubectl edit clusterrole kubernetes-dashboard
把原来的rules替换为
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: ["","apps"]
resources: ["pods", "nodes","namespaces","secrets","persistentvolumeclaims","replicasets","deployments","events"]
verbs: ["get", "list", "watch"]
然后刷新页面,
大功告成!
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)