helm 安装kubernetes-dashboard
k8s的包管理管路
https://helm.sh/zh/docs/community/developers/
https://github.com/helm/helm
安装kubernetes dashboard
本地需要先搭建k8s集群
kubernetes系列(十七) - 通过helm安装dashboard详细教程 提供了helm install 的具体命令
安装helm
直接源码安装
$ git clone https://github.com/helm/helm.git
$ cd helm
$ make
$ cp /bin/helm /usr/local/bin/
$ helm version
安装dashboard
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
https_proxy=http://192.168.1.14:9910 helm pull kubernetes-dashboard/kubernetes-dashboard
helm pull 和helm install 我的机器上执行都有问题,这里直接通过代理把安装包下载到本地
tar -zxvf helm-v3.4.1-linux-amd64.tar.gz
cd kubernetes-dashboard
helm install 安装
helm install -f values.yaml --namespace kube-system kubernetes-dashboard .
此次安装会创建一个role和serviceaccounts, 名称都为kubernetes-dashboard
[root@control-plane kubernetes-dashboard]# k get sa -n kube-system kubernetes-dashboard
NAME SECRETS AGE
kubernetes-dashboard 1 52m
[root@control-plane kubernetes-dashboard]# k get role -n kube-system kubernetes-dashboard
NAME CREATED AT
kubernetes-dashboard 2021-05-05T13:10:59Z
dashboard默认的serviceaccouts是没有权限查询集群的信息的,需要创建一个clusterrolebinding 到cluster-admin
创建dashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
namespace: kube-system
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
创建绑定关系kubectl apply -f dashboard-admin.yaml
另外一个问题是dashboard默认是以集群ip对外服务的,我用的是虚拟机,需要将dashboard生成的service改成NodePort类型
kubectl edit svc kubernetes-dashboard -n kube-system
将spec.type 改成NodePort即可
[root@control-plane kubernetes-dashboard]# k get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 99m
kubernetes-dashboard NodePort 10.98.200.159 <none> 443:31644/TCP 67m
打开浏览器输入http://nodeip:31644 ,需要验证登录,选择token
[root@control-plane kubernetes-dashboard]# kubectl get secret -n kube-system | grep kubernetes-dashboard-token
kubernetes-dashboard-token-9ms4n kubernetes.io/service-account-token 3 69m
[root@control-plane kubernetes-dashboard]# k describe secret -n kube-system kubernetes-dashboard-token-9ms4n
Name: kubernetes-dashboard-token-9ms4n
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: b485b065-49f0-451c-aabf-7e9959371b97
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlpOaFZucUVwX01iQ0J4ajlWWV91aXdOcHF4UzdJay1fYWdSbTRndWJSOFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi05bXM0biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI0ODViMDY1LTQ5ZjAtNDUxYy1hYWJmLTdlOTk1OTM3MWI5NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.tmQSiIKWd2-Fu2Nx0850halBG5RI9dhdn5miyS2dcKk_egfmEL11SvG8Li1YsScRx37WAcL5uvaoN_yNr-DcGyg2V5PYjz_1IB4AlW45qo-Klh6x7XLwXRkvJ2UkWy6zOYDP0v7BCiCSOjjK8uF9C0MPpPtNMwKXOEzxamAZP0urpDcspWdbKg3TNpNPSRM6p6Q0gLcV0PIlDPCDVWuewVV8LcO8bGzHS56tZ384NTyvD6xYJuoTEPr6QdBjllmWQ-pymIkXQ9fAZbEfMsggjESftc-kQVQZv4-qK1jfizpQmH_meCShI-m0idE4t5EaGrwa3EOmjh8NgQVR9QsuKg
粘贴token字段对应值到浏览器即可登录