之前一直使用的是命令行,但是又觉得如果连控制台都还没有动手实践过会不会有点low
1、安装dashboard
参阅官网的安装方法,https://github.com/kubernetes/dashboard,安装很简单,如果慢可以使用其它的镜像网站,我这里使用的是mirrorgooglecontainers/kubernetes-dashboard-amd64,然后重新打了k8s.gcr.io/kubernetes-dashboard-amd64的tag
2、暴露服务
root@ubuntu-kubeadm-master:~# cat dash-board.yaml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
这里使用的是nodeport的方式,重点是spec.type里和metadata.namespace一定要注明,暴露后即可查看相应的暴露端口,当然自己也可以指定在30000-32767之间的端口
root@ubuntu-kubeadm-master:~# kubectl get svc -n kube-system -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 10d k8s-app=kube-dns
kubernetes-dashboard NodePort 10.108.214.161 <none> 443:31912/TCP 10d k8s-app=kubernetes-dashboard
即可在集群内任一节点使用https的访问方式进行指定端口的访问
这里使用令牌的方式登录
3、关于令牌的获取首先需要创建一个dashboardadmin,然后使用集群层级的管理员解决将其进行绑定,这里使用yaml的方式
root@ubuntu-kubeadm-master:~# cat k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
4、创建后即可看到相应的密钥
root@ubuntu-kubeadm-master:~# kubectl get secret -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-gf5m7 kubernetes.io/service-account-token 3 10d
bootstrap-signer-token-nwflq kubernetes.io/service-account-token 3 10d
certificate-controller-token-4jbjc kubernetes.io/service-account-token 3 10d
clusterrole-aggregation-controller-token-ck2fl kubernetes.io/service-account-token 3 10d
coredns-token-676g5 kubernetes.io/service-account-token 3 10d
cronjob-controller-token-q8g58 kubernetes.io/service-account-token 3 10d
daemon-set-controller-token-rl5qp kubernetes.io/service-account-token 3 10d
dashboard-admin-token-95mjj kubernetes.io/service-account-token 3 26s 《---- 这里
5、将里面的token复制贴到网页上即可
root@ubuntu-kubeadm-master:~# kubectl describe secret dashboard-admin-token-95mjj -n kube-system
Name: dashboard-admin-token-95mjj
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 178237ba-6db5-11e9-b6ab-000c299c4717
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOTVtamoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTc4MjM3YmEtNmRiNS0xMWU5LWI2YWItMDAwYzI5OWM0NzE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Tv9_dOSeFfEo4TeNsu0j1-kEbjo6aU3EXj2IID5-gOyRrdypxsjpM8GSgHrod2Nm9JD75hRaZnS39xhIqzOE8NNpumhZuP6TZ-1l3Op3Me96VWVFus2Qi6GzHN28MKHhhRs1VgY9ALBNoAjRLxSvGSoOSbdB8x66z81ErreN02eYQumy-l-KX-eYDEmz3ggGPYqAE3KA0WdB8JaSy7WRuVAtNy3SJtYRbfilVQ-Jn33cnGpv3gkp4YqhpjzvUwzo2DpW-kKQuUL_Y6oZee_bn3Rj4Nv64FMVHDbBnobH3yKaHSRei5SRHZ2LxPlt8HNhSi473gofgeO2SdxEH-KPNg
6、将token这一段复制进网页完成登录
所有评论(0)