3 月 072020
下载Dashboard组件编排文件
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml [centos@k8s-01 ~]$ curl -O https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 7059 100 7059 0 0 43862 0 --:--:-- --:--:-- --:--:-- 44118 [centos@k8s-01 ~]$ [centos@k8s-01 ~]$ kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [centos@k8s-01 ~]$
使用命令行代理工具Proxy以访问Web控制台
默认访问URL地址(服务监听 127.0.0.1:8001)
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
将端口监听在0.0.0.0以提供外部访问
nohup kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$' &
访问页面
创建验证令牌
[centos@k8s-01 ~]$ vi dashboard-adminuser.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard [centos@k8s-01 ~]$ kubectl apply -f dashboard-adminuser.yaml clusterrolebinding.rbac.authorization.k8s.io/admin-user created [centos@k8s-01 ~]$
查找生成的令牌信息
[centos@k8s-01 ~]$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') Name: default-token-qmwrz Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: default kubernetes.io/service-account.uid: 80e30596-8d5a-423e-b980-6444f11f42ae Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjkwcDA3TnY5TG5NQzQ2eTJ4bXNOM0ctNlpnc1Ezcjl0aXdrcVp0R01LdEEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXFtd3J6Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4MGUzMDU5Ni04ZDVhLTQyM2UtYjk4MC02NDQ0ZjExZjQyYWUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6ZGVmYXVsdCJ9.gS9XEJpbm1LEU4lnWnLsnheQSw2-AWYLzzURAmiylAC3lp0eFhXqXApKhWY4jNQPyslMVsXzsUwXKcIoTAEx44MHd29kW7v3RmTul2o3imA3BlVuu5O0vZHaovXGrwar3UDfx9qZfqB4O2arjHTxvNJ5JXsY8ZsPIpCo4ZAF6cZnsANcTf_d2oajZKt8GruFtMMH6to4z-7yAS7r06gUX4WxQUjir3lPFB--_TBdqWamvK97EmhpGndWVUYZsdkd9649SFQM9k31ht2-3ZpcZVgYU0lX_WswIOiEJjhrQnrxPainvdIGQZyrpyG-zbqvTWSbP32JPUWtgLxM-92OaA Name: kubernetes-dashboard-certs Namespace: kubernetes-dashboard Labels: k8s-app=kubernetes-dashboard Annotations: Type: Opaque Data ==== Name: kubernetes-dashboard-csrf Namespace: kubernetes-dashboard Labels: k8s-app=kubernetes-dashboard Annotations: Type: Opaque Data ==== csrf: 256 bytes Name: kubernetes-dashboard-key-holder Namespace: kubernetes-dashboard Labels: <none> Annotations: <none> Type: Opaque Data ==== pub: 459 bytes priv: 1679 bytes Name: kubernetes-dashboard-token-j49z9 Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: kubernetes-dashboard kubernetes.io/service-account.uid: 5a61cd25-243e-405a-8dc5-70e0c005a6a1 Type: kubernetes.io/service-account-token Data ==== token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjkwcDA3TnY5TG5NQzQ2eTJ4bXNOM0ctNlpnc1Ezcjl0aXdrcVp0R01LdEEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1qNDl6OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjVhNjFjZDI1LTI0M2UtNDA1YS04ZGM1LTcwZTBjMDA1YTZhMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.BUg5yeCa9e0R1zC1DJWMSk8ZhskqeMm-ygOnn-sP9evcZEam5yQlthpqxOG5aoFMhaippnOpGcvNnCt0GwyNMRwKbBLG-6DgDPVpgoF5LfY3V1sun6DcFuBTBLdXdBM5iuVlv1c0Mhs8PvyAJenzCshrd4JAUgVzsUK8umWZf_cUlLqCCvimGlYOzpK-cMUepVanegxpiYOZrmEZZYzztpRIYTX9wWE1jzSUDndebbuJIcKILsMa25lSvFjBJDgBvwfVyQ1gRt9AOZu5oWhqgtRc3HJbJv5bAv5p_laoVuJLdiW2k2ZQZp07ZfeBAxz5Lmg-56icjOEaYr_AcdMu5g ca.crt: 1025 bytes namespace: 20 bytes [centos@k8s-01 ~]$
配置SecureCRT端口转发