安装 Kubernetes-dashboard 按照 kubernetes-dashboard 介绍安装好 dashboard
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
权限相关资源创建 kubernetes-dashboard 需要较大的权限才能够访问所有资源,所以我们可以创建一个 admin-user 的 ServiceAccount 来获取对应的 token
创建 ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
创建 ServiceAccount
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
获取 ServiceAccount Token
~/k8s/dashboard 🐶 kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-c65l2 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: eb3181df-61b3-41c3-a6da-0f29ecab95c0 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIZCI6IklZJc3RnNW9EMllSSEQ2Y3EzNTJ1OHNzxdasdashZUUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWM2NWwyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlYjMxODFkZi02MWIzLTQxYzMtYTZkYS0wZjI5ZWNhYjk1YzAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.HsYC2cZfRWm4Aatd98oHvk9aKGKKL_9QIT7zKVlWm6PcU0wKMIOo5hiqC_JLi2RgCg3xfgPUYKbJZtBIXJOVWEEJY8u5i7AK4tE1Rmks9jEbGIgi8QTeCfp3pCtMYk59e4PdJ4WHd36pQGKHdMQTcrHL_8DyrQHotd6eGFAue1pzjCI5l8n0j0j_Oa53pVLAtkL1hrb_O-z8H6SxnxhODcJ2y8SzS7tvRbL1OHCqfscIbSvnZi-virt4jygeJfTypYTkDNxP6zBG3sUP-XG17z30iIdEanawix8s0hmkddV5rgrUB8OK_l94qTv_99korGV3Z355Gt-8pd8vJEWM2whhdddd
对外暴露 dashboard 访问域名 使用 ingress-nginx 将 dashboard 服务对外暴露。先按照 官网介绍 安装 nginx-ingress-controller。
检查 deployments
~/blog/posts 🐶 k get deployments.apps -n ingress-nginx NAME READY UP-TO-DATE AVAILABLE AGE nginx-ingress-controller 1/1 1 1 20d
检查 ingress-nginx-svc ,可以知道 http 被映射到了 30834 端口,https 被映射到了 30467 端口
~/blog/posts 🐶 k get svc -n ingress-nginx NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx NodePort 10.106.96.52 <none> 80:30834/TCP,443:30467/TCP 20d
查看 dashboard 对应的 svc,我们需要与 ingress-nginx 绑定的 svc 是 kubernetes-dashboard
~/blog/posts 🐶 k get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.110.5.232 <none> 8000/TCP 20d kubernetes-dashboard ClusterIP 10.104.2.41 <none> 443/TCP 20d
创建 ingress 规则
apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: HTTPS name: ingress-dashboard namespace: kubernetes-dashboard spec: rules: - host: k8s.chenjiandongx.com http: paths: - backend: serviceName: kubernetes-dashboard servicePort: 443 path: /
噢,别忘了将 k8s.chenjiandongx.com 这个域名写到本地 host 🐶
$ vim /etc/hosts + 192.168.2.12 k8s.chenjiandongx.com
使用 Token 访问 https://k8s.chenjiandongx.com:30467