背景说明
解决方案
文件下载
https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
默认镜像
[root@cka-master dashboard]# cat kubernetes-recommended.yaml |grep image
image: kubernetesui/dashboard:v2.5.1
imagePullPolicy: Always
image: kubernetesui/metrics-scraper:v1.0.7
[root@cka-master dashboard]#
为了后续安装更加顺利,所有节点提前pull需要使用的镜像
[root@cka-master dashboard]# docker pull kubernetesui/dashboard:v2.5.1
v2.5.1: Pulling from kubernetesui/dashboard
d1d01ae59b08: Pull complete
a25bff2a339f: Pull complete
Digest: sha256:cc746e7a0b1eec0db01cbabbb6386b23d7af97e79fa9e36bb883a95b7eb96fe2
Status: Downloaded newer image for kubernetesui/dashboard:v2.5.1
docker.io/kubernetesui/dashboard:v2.5.1
[root@cka-master dashboard]#
[root@cka-master dashboard]# docker pull kubernetesui/metrics-scraper:v1.0.7
v1.0.7: Pulling from kubernetesui/metrics-scraper
18dd5eddb60d: Pull complete
1930c20668a8: Pull complete
Digest: sha256:36d5b3f60e1a144cc5ada820910535074bdf5cf73fb70d1ff1681537eef4e172
Status: Downloaded newer image for kubernetesui/metrics-scraper:v1.0.7
docker.io/kubernetesui/metrics-scraper:v1.0.7
[root@cka-master dashboard]#
配置应用
[root@cka-master dashboard]# kubectl apply -f kubernetes-recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@cka-master dashboard]#
资源查看
[root@cka-master dashboard]# kubectl get ns
NAME STATUS AGE
default Active 35h
kube-node-lease Active 35h
kube-public Active 35h
kube-system Active 35h
kubernetes-dashboard Active 3m34s
[root@cka-master dashboard]#
[root@cka-master dashboard]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.96.194.186 <none> 8000/TCP 4m29s
kubernetes-dashboard ClusterIP 10.96.164.75 <none> 443/TCP 4m30s
[root@cka-master dashboard]#
[root@cka-master dashboard]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-c45b7869d-p5jkh 1/1 Running 0 5m2s
kubernetes-dashboard-79b5779bf4-d8swb 1/1 Running 0 5m2s
[root@cka-master dashboard]#
节点端口
默认情况下SVC的网络类型为ClusterIP,为了便于访问修改为NodePort
[root@cka-master dashboard]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
service/kubernetes-dashboard edited
默认使用的是vim编辑器,使用:wq编辑保存退出即可
在spec节点下修改 type: ClusterIP为type: NodePort
查看节点端口为31866
[root@cka-master dashboard]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.96.194.186 <none> 8000/TCP 13m
kubernetes-dashboard NodePort 10.96.164.75 <none> 443:31866/TCP 13m
[root@cka-master dashboard]#
看板访问
打开浏览器访问:https://192.168.184.128:31866/
获取令牌
查看Secret
[root@cka-master dashboard]# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-d78wj kubernetes.io/service-account-token 3 22m
kubernetes-dashboard-certs Opaque 0 22m
kubernetes-dashboard-csrf Opaque 1 22m
kubernetes-dashboard-key-holder Opaque 2 22m
kubernetes-dashboard-token-nkpcj kubernetes.io/service-account-token 3 22m
[root@cka-master dashboard]#
default-token-d78wj这个为默认的命名空间的secret
[root@cka-master dashboard]# kubectl describe secrets kubernetes-dashboard-token-nkpcj -n kubernetes-dashboard
Name: kubernetes-dashboard-token-nkpcj
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 322764e6-8734-4774-9f6e-e2e1039a280c
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InV1N3FiZC04UDRIa1dWRW43S05fNEhpbXNzQ05Vb3JVQ0VVVGhCeGVfb28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ua3BjaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjMyMjc2NGU2LTg3MzQtNDc3NC05ZjZlLWUyZTEwMzlhMjgwYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.2GiB8c-xgQljWscGUp_kOf2apQBX3QKJwgJxN6ugdVUgkKDJQiQQHHADUdSg1XlwV8JbfwtSL-q7rrNdESH7DdiODKF4Q1jeG_hA99LWLtSazFfZlggxzgZEshsJ4JrY5VhIGDe-yrNyieBRifx5oHBCpGpoWV7oN5wXRqcTfXasELz6P0QTprnrYIUQUD1-RACwHslKh-RTavazZq9e_sS6MX2ifxyGeEHQwzVH_R-qX9B2JQn6ophN2P9vPjTxiMqCYiY1wVXWs4V8Nn_0yRzTsZu3Hz-__3Wy_22kReaQMACHngnCWWmdVZcOxnLVmhXT8qJpad7m07ZnbBBJiw
[root@cka-master dashboard]#
保留令牌
eyJhbGciOiJSUzI1NiIsImtpZCI6InV1N3FiZC04UDRIa1dWRW43S05fNEhpbXNzQ05Vb3JVQ0VVVGhCeGVfb28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ua3BjaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjMyMjc2NGU2LTg3MzQtNDc3NC05ZjZlLWUyZTEwMzlhMjgwYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.2GiB8c-xgQljWscGUp_kOf2apQBX3QKJwgJxN6ugdVUgkKDJQiQQHHADUdSg1XlwV8JbfwtSL-q7rrNdESH7DdiODKF4Q1jeG_hA99LWLtSazFfZlggxzgZEshsJ4JrY5VhIGDe-yrNyieBRifx5oHBCpGpoWV7oN5wXRqcTfXasELz6P0QTprnrYIUQUD1-RACwHslKh-RTavazZq9e_sS6MX2ifxyGeEHQwzVH_R-qX9B2JQn6ophN2P9vPjTxiMqCYiY1wVXWs4V8Nn_0yRzTsZu3Hz-__3Wy_22kReaQMACHngnCWWmdVZcOxnLVmhXT8qJpad7m07ZnbBBJiw
令牌登录
浏览器访问https://192.168.184.128:31866/#/login填入token
权限提升
默认登录右上角有报错信息
切换命名空间发现并不是全部
查看文件中Deployment为的kubernetes-dashboard配置节serviceAccountName: kubernetes-dashboard
[root@cka-master dashboard]# kubectl create clusterrolebinding kubernetes-dashboard-clusterbingding --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-clusterbingding created
[root@cka-master dashboard]#