K8S 部署dashboard v2.7.0

发布时间 2023-08-14 15:00:41作者: 买定灬离手

官网:https://github.com/kubernetes/dashboard/releases/tag/v2.7.0

1、查看dashboard版本兼容性

Kubernetes version 1.22 1.23 1.24 1.25
Compatibility ? ? ?

2、拉取yaml文件

wget  https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

3、修改yanl文件开放访问端口

加上 type: NodePort   和    nodePort: 30003

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30003
  selector:
    k8s-app: kubernetes-dashboard

4、部署dashboard

kubectl apply -f  recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

5、查看pod信息

kubectl get pod -n kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE    IP               NODE     NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-5cb4f4bb9c-v5kxq   1/1     Running   0          4h7m   10.244.65.223    k8s167   <none>           <none>
kubernetes-dashboard-6967859bff-hrsmg        1/1     Running   0          4h7m   10.244.120.176   k8s166   <none>           <none>

6、浏览器访问

https://ip:30003

 

7、创建用户

官网地址:dashboard/docs/user/access-control/creating-sample-user.md at master · kubernetes/dashboard · GitHub

admin-user.yml 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: v1
kind: Secret
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: "admin-user"   
type: kubernetes.io/service-account-token 

创建用户

kubectl apply -f admin-user.yml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
secret/admin-user created

 

8、用户token

方法一:

kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA

方法二:

查看sa资源的Tokens名称
kubectl describe serviceaccounts -n kubernetes-dashboard  admin-user| grep Tokens
Tokens:              admin-user
根据上一步的token名称的查看token值
kubectl -n kubernetes-dashboard  describe secrets  admin-user
Name:         admin-user
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: af21a25e-ecdd-40d8-a904-223bf0ad83d9

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA

选择Token 用这个Token即可登录