Kubernetes搭建dashboard控制面板

dashboard 安装

  • 执行一下命令安装dashborad

    kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/alternative.yaml

创建用户

  • 创建服务账户:

    创建下面的文件:

    #admin-user.yml
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: admin-user
      namespace: kube-system

    执行以下命令进行创建

    kubectl create -f admin-user.yaml
  • 绑定用户角色

    创建下面的文件:

    # admin-user-role-binding.yaml
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: admin-user
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: admin-user
      namespace: kube-system

    执行一下命令进行创建

    kubectl create -f  admin-user-role-binding.yaml
  • 获取用户登录token

    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

    注:dashboard登录提示401是因为复制token时有换行符,注意删除。

映射dashboard端口

  • 执行一下命令修改dashborad的配置

    kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

    参考一下配置文件修改

    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        kubectl.kubernetes.io/last-applied-configuration: |
          {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
      creationTimestamp: "2020-05-13T06:58:09Z"
      labels:
        k8s-app: kubernetes-dashboard
      managedFields:
      - apiVersion: v1
        fieldsType: FieldsV1
        fieldsV1:
          f:metadata:
            f:annotations:
              .: {}
              f:kubectl.kubernetes.io/last-applied-configuration: {}
            f:labels:
              .: {}
              f:k8s-app: {}
          f:spec:
            f:externalTrafficPolicy: {}
            f:ports:
              .: {}
              k:{"port":443,"protocol":"TCP"}:
                .: {}
                f:nodePort: {}
                f:port: {}
                f:protocol: {}
                f:targetPort: {}
            f:selector:
              .: {}
              f:k8s-app: {}
            f:sessionAffinity: {}
            f:type: {}
        manager: kubectl
        operation: Update
        time: "2020-05-13T08:28:36Z"
      name: kubernetes-dashboard
      namespace: kubernetes-dashboard
      resourceVersion: "17517"
      selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
      uid: ccbfd5fb-d362-45d6-8d84-2f9a46db253b
    spec:
      clusterIP: 10.96.97.28
      externalTrafficPolicy: Cluster
      ports:
      - nodePort: 30008 #此处添加需要暴露的端口,注意:api-server默认允许开放30000-32767之间的端口
        port: 443
        protocol: TCP
        targetPort: 8443
      selector:
        k8s-app: kubernetes-dashboard
      sessionAffinity: None
      type: NodePort #此处从ClusterIp改为NodePort
    status:
      loadBalancer: {}
  • 检查服务状态

    执行以下命令

    kubectl -n kubernetes-dashboard get service kubernetes-dashboard

    如下列输出为正常:

    NAME                   TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
    kubernetes-dashboard   NodePort   10.96.97.28   <none>        443:30008/TCP   108m

    此时即可通过https://NodeIp:NodePort/ui 来访问dashborad了