方式一:
部署dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml
vim kubernetes-dashboard.yaml
#kind: Role 修改kind: ClusterRole 和 #kind: RoleBinding 修改爲kind: ClusterRoleBinding 和# kind: Role kind: ClusterRole
image修改爲:image: registry.cn-hangzhou.aliyuncs.com/wzz/kubernetes-dashboard-amd64:v1.10.0
type: NodePort 新增加這一條
ports:
- port: 443
默認dashboard只能本機訪問,
確定以前是否開啓proxy, 8001端口沒有被佔用,如果有執行如下:
kill -9 42039 ###kill 掉默認的 192.168.40.146:8001 用 #nohup kubectl proxy & 命令啓動;這樣就可以啓動如下命令
然後執行下邊命令啓動
開啓代理 - kubectl proxy --address='192.168.40.146' --accept-hosts='^*$' &
查看:kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard |grep token | awk '{print $1}')
查看token: kubectl get secret -n kube-system | grep dashboard 和 kubectl describe secret kubernetes-dashboard-admin
kube-dashboard部署後遇到錯誤:頁面報紅錯誤:
persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list resource "persistentvolumeclaims" in API group "" in the namespace "default"
解決方法如下:
kubectl create clusterrolebinding test:kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
方式二:
部署
下載如下三個文件:https://github.com/gjmzj/kubeasz/tree/master/manifests/dashboard
部署dashboard 主yaml配置文件
$ kubectl apply -f /etc/ansible/manifests/dashboard/kubernetes-dashboard.yaml
創建可讀可寫 admin Service Account
$ kubectl apply -f /etc/ansible/manifests/dashboard/admin-user-sa-rbac.yaml
創建只讀 read Service Account
$ kubectl apply -f /etc/ansible/manifests/dashboard/read-user-sa-rbac.yaml
修改vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --anonymous-auth=false #增加一行,增加後不需要重啓服務,自動會重啓
驗證
查看pod 運行狀態
kubectl get pod -n kube-system | grep dashboard
kubernetes-dashboard-7c74685c48-9qdpn 1/1 Running 0 22s
查看dashboard service
kubectl get svc -n kube-system|grep dashboard
kubernetes-dashboard NodePort 10.68.219.38 <none> 443:24108/TCP 53s
查看集羣服務
kubectl cluster-info|grep dashboard
kubernetes-dashboard is running at https://192.168.1.1:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
查看pod 運行日誌
kubectl logs kubernetes-dashboard-7c74685c48-9qdpn -n kube-system
生成證書供本地瀏覽器使用:
生成client-certificate-data
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
生成client-key-data
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
生成p12
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
谷歌瀏覽器導入證書:
備註把上一步驟的kubecfg.p12 文件導入證書後需要重啓瀏覽器: