官网:https://github.com/kubernetes/dashboard/releases/tag/v2.7.0
1、查看dashboard版本兼容性
Kubernetes version | 1.22 | 1.23 | 1.24 | 1.25 |
Compatibility | ? | ? | ? | ✓ |
2、拉取yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
3、修改yanl文件开放访问端口
加上 type: NodePort 和 nodePort: 30003
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30003 selector: k8s-app: kubernetes-dashboard
4、部署dashboard
kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
5、查看pod信息
kubectl get pod -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dashboard-metrics-scraper-5cb4f4bb9c-v5kxq 1/1 Running 0 4h7m 10.244.65.223 k8s167 <none> <none> kubernetes-dashboard-6967859bff-hrsmg 1/1 Running 0 4h7m 10.244.120.176 k8s166 <none> <none>
6、浏览器访问
7、创建用户
官网地址:dashboard/docs/user/access-control/creating-sample-user.md at master · kubernetes/dashboard · GitHub
admin-user.yml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: name: admin-user namespace: kubernetes-dashboard annotations: kubernetes.io/service-account.name: "admin-user" type: kubernetes.io/service-account-token
创建用户
kubectl apply -f admin-user.yml
serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created secret/admin-user created
8、用户token
方法一:
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA
方法二:
kubectl describe serviceaccounts -n kubernetes-dashboard admin-user| grep Tokens
Tokens: admin-user
kubectl -n kubernetes-dashboard describe secrets admin-user
Name: admin-user Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: af21a25e-ecdd-40d8-a904-223bf0ad83d9 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA
选择Token 用这个Token即可登录