基本环境
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
rocky9-1 Ready control-plane 2d21h v1.28.2 192.168.100.21 <none> Rocky Linux 9.2 (Blue Onyx) 5.14.0-284.30.1.el9_2.x86_64 containerd://1.6.24
rocky9-2 Ready <none> 2d21h v1.28.2 192.168.100.22 <none> Rocky Linux 9.2 (Blue Onyx) 5.14.0-284.30.1.el9_2.x86_64 containerd://1.6.24
rocky9-3 Ready <none> 2d21h v1.28.2 192.168.100.23 <none> Rocky Linux 9.2 (Blue Onyx) 5.14.0-284.30.1.el9_2.x86_64 containerd://1.6.24
安装步骤
安装软件
[root@rocky9-1 k8s]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
检查Pod状态
[root@rocky9-1 k8s]# k get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default mypod 1/1 Running 0 54m
kube-flannel kube-flannel-ds-5hhr7 1/1 Running 0 2d19h
kube-flannel kube-flannel-ds-jsw6l 1/1 Running 0 2d19h
kube-flannel kube-flannel-ds-qcjnx 1/1 Running 0 2d19h
kube-system coredns-5dd5756b68-bscgh 1/1 Running 0 2d20h
kube-system coredns-5dd5756b68-lgl54 1/1 Running 0 2d20h
kube-system etcd-rocky9-1 1/1 Running 1 2d20h
kube-system kube-apiserver-rocky9-1 1/1 Running 1 2d20h
kube-system kube-controller-manager-rocky9-1 1/1 Running 1 2d20h
kube-system kube-proxy-7sc8l 1/1 Running 0 2d19h
kube-system kube-proxy-jfb45 1/1 Running 0 2d19h
kube-system kube-proxy-t49dk 1/1 Running 0 2d20h
kube-system kube-scheduler-rocky9-1 1/1 Running 1 2d20h
kubernetes-dashboard dashboard-metrics-scraper-5657497c4c-gzf89 1/1 Running 0 34s
kubernetes-dashboard kubernetes-dashboard-78f87ddfc-nd5tb 1/1 Running 0 34s
配置远端访问
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
创建SA
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
创建ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
获得Token
方式#1 Getting a Bearer Token for ServiceAccount
kubectl -n kubernetes-dashboard create token admin-user
方式#2 Getting a long-lived Bearer Token for ServiceAccount
创建secret
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
获得Token
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
使用端口转发启用UI界面
[root@rocky9-1 dashboard]# kubectl port-forward --namespace kubernetes-dashboard service/kubernetes-dashboard 10443:443 --address 0.0.0.0
Forwarding from 0.0.0.0:10443 -> 8443
Handling connection for 10443
Handling connection for 10443
填入Token
登录后界面
参考文档
https://segmentfault.com/a/1190000023130407
- Kubernetes Dashboard 20231112kubernetes dashboard 20231112 kubernetes-dashboard kubernetes dashboard kubernetes dashboard ingress kubernetes kubernetes-dashboard serviceaccount kubernetes-dashboard kubernetes dashboard基础 kubernetes dashboard基础k3s kubernetes-dashboard kubernetes dashboard mac kubernetes dashboard界面 仪表 kubernetes dashboard时间