安装

  1. # 安装Dashboard
  2. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
  3. # 检查状态
  4. kubectl get pods -n kubernetes-dashboard
  5. # 打开访问
  6. kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$'
  7. # 测试访问
  8. https:10.0.0.70:8081
  9. #能看到页面即可

配置

  1. # 编辑dashboard服务文件
  2. # 将底部ClusterIP改为NodePort
  3. kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
  4. # 在port下一行加入
  5. nodePort: 30099

登录

使用Token

1. 配置管理员用户

vi admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

2. 角色绑定认证

vi admin-user-role-binding.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

3. 获取token

# 获取token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

4.使用token登录

使用config文件

1. 创建服务账户

kubectl create serviceaccount wizard -n kubernetes-dashboard --dry-run -o yaml > wizard-user.yml

2. 创建集群

kubectl config  set-cluster wizard --server="https://10.0.0.70:6443" --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true --kubeconfig=./wizard.conf

3. 获取token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep wizard | awk '{print $1}')
# 将获取的token赋值给token
token=

4. 将token导入认证文件

kubectl config set-credentials wizard --token=$token --kubeconfig=./wizard.conf

5. 将用户和集群信息导入认证文件,生成上下文

kubectl config set-context wizard@wizard --cluster=wizard --user=wizard --kubeconfig=./wizard.conf

6. 应用上下文导入文件

kubectk config use-context wizard@wizard --kubeconfig=./wizard.conf

到这一步,可以将wizard.conf文件导出了,此时,使用文件已经可以成功登入dashboard。但是这个服务账号没有任何权限,无法获取资源,所以进去看到的应该是空白,下一步,应该按照需求赋予这个服务账号权限

7. 绑定权限用户

# 绑定只拥有默认名称空间的管理员账户
kubectl create rolebinding wizard-rolebinding --clusterrole=admin --serviceaccount=kubernetes-dashboard:wizard --dry-run -o yaml > wizard-rolebinding.yml
# 绑定集群管理员账户(全部权限)
kubectl create clusterrolebinding wizard-clusterrolebinding --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:wizard --dry-run -o yaml > wizard-clusterrolebinding.yml