Dashboard安装
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
# 修改node为NodePort模式
kubectl patch svc -n kube-system kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'
# 查看服务(得知dashboard运行在30972端口)
kubectl get svc -n kube-system
# --- 输出 ---
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 7h40m
kubernetes-dashboard NodePort 10.111.77.210 <none> 443:30972/TCP 3h42m
# --- 输出 ---
# 查看dashboard运行在哪个node(得知dashboard运行在192.168.20.4)
kubectl get pods -A -o wide
# --- 输出 ---
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-fb8b8dccf-rn8kd 1/1 Running 0 7h43m 10.244.0.2 master <none> <none>
kube-system coredns-fb8b8dccf-slwr4 1/1 Running 0 7h43m 10.244.0.3 master <none> <none>
kube-system etcd-master 1/1 Running 0 7h42m 192.168.20.5 master <none> <none>
kube-system kube-apiserver-master 1/1 Running 0 7h42m 192.168.20.5 master <none> <none>
kube-system kube-controller-manager-master 1/1 Running 0 7h42m 192.168.20.5 master <none> <none>
kube-system kube-flannel-ds-amd64-l8c7c 1/1 Running 0 7h3m 192.168.20.5 master <none> <none>
kube-system kube-flannel-ds-amd64-lcmxw 1/1 Running 1 6h50m 192.168.20.4 node1 <none> <none>
kube-system kube-flannel-ds-amd64-pqnln 1/1 Running 1 6h5m 192.168.20.3 node2 <none> <none>
kube-system kube-proxy-4kcqb 1/1 Running 0 7h43m 192.168.20.5 master <none> <none>
kube-system kube-proxy-jcqjd 1/1 Running 0 6h5m 192.168.20.3 node2 <none> <none>
kube-system kube-proxy-vm9sj 1/1 Running 0 6h50m 192.168.20.4 node1 <none> <none>
kube-system kube-scheduler-master 1/1 Running 0 7h42m 192.168.20.5 master <none> <none>
kube-system kubernetes-dashboard-5f7b999d65-2ltmv 1/1 Running 0 3h45m 10.244.1.2 node1 <none> <none>
# --- 输出 ---
# 如果无法变成Running状态,可以使用以下命令排错
journalctl -f -u kubelet # 只看当前的kubelet进程日志,要到dashboard所在的node执行
### 若提示拉取镜像失败,无法翻墙的可以使用以下方法预先拉取镜像
### 请在kubernetes-dashboard的节点上操作:
docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
根据上面的信息可以得知dashboard的ip和端口,使用火狐浏览器访问https://192.168.20.4:30972(必须使用**https**,所以会提示不安全,火狐浏览器可以添加例外,谷歌浏览器不行。)
# 创建dashboard管理用户
kubectl create serviceaccount dashboard-admin -n kube-system
# 绑定用户为集群管理用户
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 生成tocken
kubectl describe secret -n kube-system dashboard-admin-token
# --- 输出如下 ---
Name: dashboard-admin-token-pb78x
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 166aeb8d-604e-11e9-80d6-080027d8332b
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcGI3OHgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTY2YWViOGQtNjA0ZS0xMWU5LTgwZDYtMDgwMDI3ZDgzMzJiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.WYV8iBXsGikehSknd4QKbbwVSHn5K0NF1DYi4JHL-wyHtLusuEFeP89s19iC_yXu_5nOsC0h4E3Q19C7XfkGtm37WwMdsJqFjzL2VjVs5NaOUGAeXAVcuHdx0Hrzo3MCu6e1t27KWxGEFwEQv0FNhHwJ9pBmEkJz5fLyGzNOmJqYh2bifL4hrtbnCduWXR4wdnNwtGvcnafGsEvl-QkYpH1h5GRc9A2qZoSKJC90LW-kIRB_0elhwqCg-UM2a0b9cOlbgbZAEseIb3gSHpxLomkziHEjYadBA5bhmSdlArRGQs3DhMcp9pFWarXZEKR5wtxrRdam5mJykXnxA-qwNg
# ------
使用生成的tocken就可以登录dashboard了。
