kubernetes1.14部署kube-dashboard1.10.1:

方式一：
部署dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml
vim kubernetes-dashboard.yaml
#kind: Role 修改kind: ClusterRole 和 #kind: RoleBinding 修改爲kind: ClusterRoleBinding 和# kind: Role kind: ClusterRole
image修改爲：image: registry.cn-hangzhou.aliyuncs.com/wzz/kubernetes-dashboard-amd64:v1.10.0
type: NodePort 新增加這一條
ports:

• port: 443

默認dashboard只能本機訪問,
確定以前是否開啓proxy, 8001端口沒有被佔用，如果有執行如下：
kill -9 42039 ###kill 掉默認的 192.168.40.146:8001 用 #nohup kubectl proxy & 命令啓動；這樣就可以啓動如下命令
然後執行下邊命令啓動
開啓代理 - kubectl proxy --address='192.168.40.146' --accept-hosts='^*$' &
查看：kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard |grep token | awk '{print $1}')
查看token： kubectl get secret -n kube-system | grep dashboard 和 kubectl describe secret kubernetes-dashboard-admin

kube-dashboard部署後遇到錯誤：頁面報紅錯誤：
persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list resource "persistentvolumeclaims" in API group "" in the namespace "default"
解決方法如下：
kubectl create clusterrolebinding test:kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

方式二：
部署
下載如下三個文件：https://github.com/gjmzj/kubeasz/tree/master/manifests/dashboard

部署dashboard 主yaml配置文件

$ kubectl apply -f /etc/ansible/manifests/dashboard/kubernetes-dashboard.yaml

創建可讀可寫 admin Service Account

$ kubectl apply -f /etc/ansible/manifests/dashboard/admin-user-sa-rbac.yaml

創建只讀 read Service Account

$ kubectl apply -f /etc/ansible/manifests/dashboard/read-user-sa-rbac.yaml

修改vim /etc/kubernetes/manifests/kube-apiserver.yaml

• --anonymous-auth=false #增加一行，增加後不需要重啓服務，自動會重啓

驗證

查看pod 運行狀態

kubectl get pod -n kube-system | grep dashboard
kubernetes-dashboard-7c74685c48-9qdpn 1/1 Running 0 22s

查看dashboard service

kubectl get svc -n kube-system|grep dashboard
kubernetes-dashboard NodePort 10.68.219.38 <none> 443:24108/TCP 53s

查看集羣服務

kubectl cluster-info|grep dashboard
kubernetes-dashboard is running at https://192.168.1.1:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

查看pod 運行日誌

kubectl logs kubernetes-dashboard-7c74685c48-9qdpn -n kube-system

生成證書供本地瀏覽器使用：

生成client-certificate-data

grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt

生成client-key-data

grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

生成p12

openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

谷歌瀏覽器導入證書：
備註把上一步驟的kubecfg.p12 文件導入證書後需要重啓瀏覽器：