部署Dashboard

下载配置文件

[root@k8s-master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

默认Dashboard只能集群内部访问，修改Service为NodePort类型，暴露到外部：

[root@k8s-master1 ~]# vim recommended.yaml 


apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
type: NodePort
selector:
k8s-app: kubernetes-dashboard

创建dashboard

[root@k8s-master1 ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看pod

[root@k8s-master1 ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-694557449d-4wk25 1/1 Running 0 54s
pod/kubernetes-dashboard-9774cc786-8dk7b 1/1 Running 0 54s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.0.0.236 <none> 8000/TCP 54s
service/kubernetes-dashboard NodePort 10.0.0.98 <none> 443:30001/TCP 54s

访问地址：https://NodeIP:30001

创建service account并绑定默认cluster-admin管理员集群角色：

[root@k8s-master1 ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master1 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master1 ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-lk2xv
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: f106b2c3-518d-421c-a63f-57143ffb33b6

Type: kubernetes.io/service-account-token

Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjZLNEhWUTE2eVc5Zl93VkJpXzNYM29iYXlBT0F6TmNmZE9kWE9yTEdQQ3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbGsyeHYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZjEwNmIyYzMtNTE4ZC00MjFjLWE2M2YtNTcxNDNmZmIzM2I2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.IQB77qsGMMAgvi4SKRmBoJorCgHuNMyPA3A1UeFn8VYyUFmUTqcLxrDS4JQJdIShUDIj6l54qabAGQfDELOXAB6i4oqPW-9HgIkexI6sU0Mg8etAC1k6PtQr2cFHCte2ceQHDVXbgl5gJtPPeXEI0xRjXQ_mBdZeexWrh_TeLfkHQ5xfCtm5-Xf3KiZDqxSgZ_PgaFOxwD_GQUqdB-eoh2c66fGbUA84TAB_CVMKqPUyIL9CggesdKIUvj6UIFOqtWhiuYVDD0d0CMbrw0C5r70wwo1XSO7nfLO_BAVYMWqPX3A-6QXLNa8hwPbSSJ3ld_fWAO2usyYUVJ90Wk6GbQ
ca.crt: 1359 bytes
namespace: 11 bytes

使用输出的token登录Dashboard。

https://10.10.1.39:30001/