helm 安装kubernetes-dashboard

k8s的包管理管路

https://helm.sh/zh/docs/community/developers/
https://github.com/helm/helm

安装kubernetes dashboard

本地需要先搭建k8s集群

kubernetes系列(十七) - 通过helm安装dashboard详细教程 提供了helm install 的具体命令

csdn

安装helm

直接源码安装

$ git clone https://github.com/helm/helm.git
$ cd helm
$ make

$ cp /bin/helm /usr/local/bin/

$ helm version

安装dashboard

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
https_proxy=http://192.168.1.14:9910 helm pull kubernetes-dashboard/kubernetes-dashboard

helm pull 和helm install 我的机器上执行都有问题,这里直接通过代理把安装包下载到本地

tar -zxvf helm-v3.4.1-linux-amd64.tar.gz
cd kubernetes-dashboard

helm install 安装

helm install -f values.yaml --namespace kube-system kubernetes-dashboard .

此次安装会创建一个role和serviceaccounts, 名称都为kubernetes-dashboard

[root@control-plane kubernetes-dashboard]# k get sa -n kube-system kubernetes-dashboard
NAME                   SECRETS   AGE
kubernetes-dashboard   1         52m

[root@control-plane kubernetes-dashboard]# k get role -n kube-system kubernetes-dashboard
NAME                   CREATED AT
kubernetes-dashboard   2021-05-05T13:10:59Z

dashboard默认的serviceaccouts是没有权限查询集群的信息的,需要创建一个clusterrolebinding 到cluster-admin

创建dashboard-admin.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin

创建绑定关系kubectl apply -f dashboard-admin.yaml

另外一个问题是dashboard默认是以集群ip对外服务的,我用的是虚拟机,需要将dashboard生成的service改成NodePort类型

kubectl edit svc kubernetes-dashboard -n kube-system

将spec.type 改成NodePort即可

[root@control-plane kubernetes-dashboard]# k get svc -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP   99m
kubernetes-dashboard   NodePort    10.98.200.159   <none>        443:31644/TCP            67m

打开浏览器输入http://nodeip:31644 ,需要验证登录,选择token

[root@control-plane kubernetes-dashboard]# kubectl get secret -n kube-system | grep kubernetes-dashboard-token
kubernetes-dashboard-token-9ms4n                 kubernetes.io/service-account-token   3      69m

[root@control-plane kubernetes-dashboard]# k describe secret -n kube-system kubernetes-dashboard-token-9ms4n
Name:         kubernetes-dashboard-token-9ms4n
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: b485b065-49f0-451c-aabf-7e9959371b97

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlpOaFZucUVwX01iQ0J4ajlWWV91aXdOcHF4UzdJay1fYWdSbTRndWJSOFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi05bXM0biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI0ODViMDY1LTQ5ZjAtNDUxYy1hYWJmLTdlOTk1OTM3MWI5NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.tmQSiIKWd2-Fu2Nx0850halBG5RI9dhdn5miyS2dcKk_egfmEL11SvG8Li1YsScRx37WAcL5uvaoN_yNr-DcGyg2V5PYjz_1IB4AlW45qo-Klh6x7XLwXRkvJ2UkWy6zOYDP0v7BCiCSOjjK8uF9C0MPpPtNMwKXOEzxamAZP0urpDcspWdbKg3TNpNPSRM6p6Q0gLcV0PIlDPCDVWuewVV8LcO8bGzHS56tZ384NTyvD6xYJuoTEPr6QdBjllmWQ-pymIkXQ9fAZbEfMsggjESftc-kQVQZv4-qK1jfizpQmH_meCShI-m0idE4t5EaGrwa3EOmjh8NgQVR9QsuKg

粘贴token字段对应值到浏览器即可登录

QQ浏览器截图20210505222140.png

posted @ 2021-05-05 22:29  yihailin  阅读(566)  评论(0编辑  收藏  举报