K8S 部署dashboard v2.7.0
官网:https://github.com/kubernetes/dashboard/releases/tag/v2.7.0
1、查看dashboard版本兼容性
| Kubernetes version | 1.22 | 1.23 | 1.24 | 1.25 |
| Compatibility | ? | ? | ? | ✓ |
2、拉取yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
3、修改yanl文件开放访问端口
加上 type: NodePort 和 nodePort: 30003
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30003 selector: k8s-app: kubernetes-dashboard
4、部署dashboard
kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
5、查看pod信息
kubectl get pod -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dashboard-metrics-scraper-5cb4f4bb9c-v5kxq 1/1 Running 0 4h7m 10.244.65.223 k8s167 <none> <none> kubernetes-dashboard-6967859bff-hrsmg 1/1 Running 0 4h7m 10.244.120.176 k8s166 <none> <none>
6、浏览器访问
7、创建用户
官网地址:dashboard/docs/user/access-control/creating-sample-user.md at master · kubernetes/dashboard · GitHub
admin-user.yml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: name: admin-user namespace: kubernetes-dashboard annotations: kubernetes.io/service-account.name: "admin-user" type: kubernetes.io/service-account-token
创建用户
kubectl apply -f admin-user.yml
serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created secret/admin-user created
8、用户token
方法一:
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA
方法二:
kubectl describe serviceaccounts -n kubernetes-dashboard admin-user| grep Tokens
Tokens: admin-user
kubectl -n kubernetes-dashboard describe secrets admin-user
Name: admin-user Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: af21a25e-ecdd-40d8-a904-223bf0ad83d9 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA
选择Token 用这个Token即可登录
9、kubeconfig
经过测试发现 这种登录 页面比用Token 登录的慢
准备kubeconfig文件
cp /root/.kube/config /tmp/kubeconfig
kubeconfig文件新增token
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1EY3hPVEEyTlRBeU5Wb1hEVE16TURjeE5qQTJOVEF5TlZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDRICnRucUVGNTdUZFRUdFQ3Sk8rVWxOaFg2MHJnbno2d1l6T3FXUXphSDJMc3BGajh4Y2xVWVd5ZXBleTRlK3RmekgKNUFiUERhcG91dkpHcmI2MjZicm1DWlZCRHg5TGJXZnpSTFpZMUYxVmFwOXZoME1LL0VkYzlNYWZTRUtMSXdrYQpyVDNUNUUwcW5ObGFUTEczVTYyWHZmNzNRN2JSbUprS3dLREEvZHBVOFRiaHAwMnJkeTcvK1ZnMlF4b1ZIR05TCkZMdzBsUHJvQ0RYSUlQUUo2cnRTTVBkNEU1LzBpVUNUM1Vtb0ViMm42eUJCbmxoRGY2Mnl6ZVFNMmVmc2NWMlYKUUFvSnRpdjNpaE53QkFtcHVaa0U0bHk4RlV3Wk50dG9BekthelFnK2ZHdFA4OWZaU09MdGFZdFVobVBvL1RESQo3MzFzYi92VzlzbzB0UUZVL2Y4Q0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZJNnQyL3o1ZWM2ZXVHOW5GRHNEUFp6NEpCcDBNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSmNYaVBsVlJQM3pZNDJBa1VobQpSR2tPZFJoMW9pN1FzT1BiQTMwRjI2T0wyUmU4blcvbSszQ3lkak5iRG54TFltYXF1d0t1WEo5Si9lVGpUYms2ClRlRlVqaUt3Q25DVG85bkpTakRGWGhLY0FPUGQwZytLN3F1dnhVaVpvUVNnQ0lOcnAxNDI4VE1YYVV5WWRxVDAKQjk0Vmt6TzZtRjEyeXFuTFR0cCtKOXdHVmQ1bEV2MFJWYnZPUmVON1NtTGMrSlJncHFaYTlIbDd1SjVlenJ0TQp6UE1sY0g2dnhTeUlmcmxTelFMWTM0YkFxVVFWQW44anA5NWVQaUtTWHNFQVR0Rk5NWVJjdEI1d3krQUR0cno5Cit1YnJ6UkdZNGRicVo2N2xLUGU0TDh4YmRNWmIzSE0vZGwrNWloMVdIeW80Q2lmUlRodkE1anBGWUp6UWY3WUcKQkVFPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://192.168.0.165:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubernetes-admin name: kubernetes-admin@kubernetes current-context: kubernetes-admin@kubernetes kind: Config preferences: {} users: - name: kubernetes-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJY0t4eS9HeHpiZUl3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBM01Ua3dOalV3TWpWYUZ3MHlOREEzTVRnd05qVXdNalphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXQxRjZvSEptd1BWRUNHU0UKUkQvQlNRSmJWVnZ1a3dwaEpaUzdQQjlJTUtxYmNMUG9ZUElGUDBFanNqejJNUWx0MVMxOXZ4bDE0MStOVWlnbwpOdEV2NzZJTE1SQW5PclRwME8zV3hHTk1SRnRRYmY5eUV3TUp6N0hWT3FYWGVDSldrSmlwK3N5eXVRdXJLN08xCm1yRERDcmZOUVIzRXlPcytFTURpVnkvVlNRb01tOHJnajN2Y2RnY3FhTjlPM1lrYm93b1EvaDBvVktWT3RJa2UKY0xkYi80cTVVRlJqOFJsak1WVmxJbGxDU3lLYWhObTRRSDJ5WE01aml3b1A3UHRNNjdqazZCNG9oTjBFMVppTwptdUw1UE9VOGV3QjBZVHZyWS8xRE5UQ3p0UzNnSTgvOEY4RHBER2k0a2JTTVIraU9vQWZIT1VqeTdBbnd6cXo4CmtuK2Vad0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTT3JkdjgrWG5PbnJodlp4UTdBejJjK0NRYQpkREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBb2NaMW9FWlIrNVJRcGdQZnROcWJyeTR0TEdQdDFUTVpvd0pMCjNiUEtnMllQSjVuVkxKZTFrQnJRYVhXNTlTU0JZeC8yNWxieUxJV2dSd0h5YXBjSjZRRm9JMDlSaW1ZdEFPcVAKU3YrTFovNGJYdmZSZFBzVlppZ1d2ZjlkaURDK3hpQzlxYjRLcGFzZ1BMY0RlS1A0VUxPTEowekFIdkN2OHkwZQphZGFPbEs0T2RuUE9CaUpvVzUvakROWG1xK050YmVvMEpjc1diQXBOS3NtNDlqSzZnTUhtS2dJQ1VHNWJ1M3doCmRxbUVXTzhIMjI2MlZrSWlaSUQ2VHRrQVdZZnNXc0trd1NsUFk2czlFMmwvZ2N5alpVRjR5MHFKRWpWUno1T2oKRithS2kzeWFPU3JJK09xb1plOGVYOUlDbXdDTHFML2VnQXkxVjlZczJPN0tHVlFIRnc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdDFGNm9ISm13UFZFQ0dTRVJEL0JTUUpiVlZ2dWt3cGhKWlM3UEI5SU1LcWJjTFBvCllQSUZQMEVqc2p6Mk1RbHQxUzE5dnhsMTQxK05VaWdvTnRFdjc2SUxNUkFuT3JUcDBPM1d4R05NUkZ0UWJmOXkKRXdNSno3SFZPcVhYZUNKV2tKaXArc3l5dVF1cks3TzFtckREQ3JmTlFSM0V5T3MrRU1EaVZ5L1ZTUW9NbThyZwpqM3ZjZGdjcWFOOU8zWWtib3dvUS9oMG9WS1ZPdElrZWNMZGIvNHE1VUZSajhSbGpNVlZsSWxsQ1N5S2FoTm00ClFIMnlYTTVqaXdvUDdQdE02N2prNkI0b2hOMEUxWmlPbXVMNVBPVThld0IwWVR2clkvMUROVEN6dFMzZ0k4LzgKRjhEcERHaTRrYlNNUitpT29BZkhPVWp5N0Fud3pxejhrbitlWndJREFRQUJBb0lCQVFDZHRvUzRpeFBxQ0ZqSwptNmZMaThvL2hMNk5GbldQbll0c3FLUFpHdFNod2ZYUEpZalQ5d1Fhb25FU2hDNE9qQjBwSFdVa3hzUE1wVVZSCkhHbFVsKzRVelNXeHhVTHEyQUNkRmpJQ2JhZU0yNzY3azl4UmpQaWc3azhUa09CcVk2aHo2Rk85Q09UdUhLTGMKQzFVL1M3blJlOFlqc25lOW45MmF6a2NzV1dPMjNIQ2JWNy9jb0hmSncvWkVRYURFeFJoQVFIWUhwK3RDVzBGbQpOTm05Q2RKWnZTRldVbDBvVWdjdjk3ZnoyWmtMTTQ4ZEVxN0R6Y0xEdGNmdFFZbFVBR3JqQ1p5bkFUM3FaK1ZpCnNzK3V5V2hMblgrS0hsRVZEWGtoL3N3VVpyeFlxTmNzK1hNcFg5cnljWXJLNHYxdXhUem9WWWd6V3VrZ28rcjEKT0VObk5JMUpBb0dCQU5QNytsTnFRN3dkQlJHcVBINldpTXRXeHB1NGV5elFXVHRCNDdZWTV5VkhPTEFTczJYQQpFU1lnN1ZMUnlCS2EwMzZYMit4K0k0S3lvTXFiNDF5cWVmMFozQ3dSMXZUbEpCSDhVTnpqZWcwTVk5NXVjdjc0Ckd4M2hTNk05ZFBta1JmNThvL3ozTFhRYzdhN0tRNitkMmIxTnVPRTU2SEovMnphRzh5Ujl0Y1p6QW9HQkFOMWgKd24wbkNLMXowZnR1VndWZTVka0VJSmlIQ1g2T0tUdjJ6QkxjbzdVTWdxMUNmMTFmYzc5dWtkN2Z6TVA4eENaQwo1VzdhRUhUOVYzbVZMVTd4T1hja1U2ZHVVNk5hNW5uV0FXdkw1bkRnbDFRVzFTZWd0ODBiM1IzbUR2ZDM0WExRCmI3NHY0dFd2V3N2QmJpNkR4VGc1L2hQSzFLZm9ZVGZzNVExUGVSYzlBb0dBYVZQVERtMUhXSW1Hd2o4MnJhTTQKTnVoWDZIbWlZaUxubzBUYTB0ak95THY1azZySERuQi9WTldaZGNRY1Ivbzd5YlBFcDE0SllPQkdla1U0bEF0MApiMmpROStpcFNLY3Q0KzNkYzlObkNtSzBvSWw2Zyt0YzlkekNpMHAyKzY4K3cvTEVQR1hJWk9BV3pQbGM1ajVsCk9PVU1Ub1JLVmRIblp0Rm9zQ0h5RnJjQ2dZRUFxZzkyLy8wRVJYbzdUQkl1OXdrM044WmI0OCtZRTRmUlZTYjUKRFdSQXZjdW1kc0ltWk92MlZvL3hybXZ0T0lEcmpSakdkcWs5Q3lHeUdNdm55a1MwQ0RuM3FSNnZVVVY2MXd6Mgplb0JmdlVaSitXYXd4NGhHcVdGR01ybVB0YnA1aldGZzlaQ0RoL0wwcEtFcXFzQyt0N3FVMjA5c25LOStQeC9UCnRLM2dMMkVDZ1lFQWhWQUdpMDJhOHFiaXJkVmRsTVlUWEhva1JnSzUwbVh3S296TS93RWgwT0J3VGJJcnE5U3oKQnhSSm00ZXhwYTl3bWpGMTNxYllsTTFnb1RvMHE0N0pGbEdaZStSeGhwb0F3THgwcys1R3ErSVJHVGprQndxMAo1RHVyNlVtN25qYyttR2NvRDBsWDEvNEF5NHV3dzExZFNhSjRWL041N0dCNHJiVUVRRnlpUGZjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLOUptaWRfRmo4RF93LUlYSWdRSXN0TmlxckxWOXgtb1dqWXhjSml3WmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjIxYTI1ZS1lY2RkLTQwZDgtYTkwNC0yMjNiZjBhZDgzZDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Fb5C58nb5N4c5b-6yk47oaH43WuiTblCwbKHRYOPVmZw9ZG6oziFhXlqYnwzhIP-RS7duOi_w4T9HR0XlyajV6hV_qPb9zlJJc3hFPsp75PvWlUFwCSIpVAPadDDMpJVjzocXwhwyeaTD2Zd2foKCjLrqMWMauSwMpH86hL2Y4aWYjJo1U23w2XJPVFZeqp0c3AZHIukuvmgRzmOjFsvG7cD_tzidoHA3itfrKKdod6FAm19Xk5QD7i6x4tj5rIzz86ph4DD8kqWTuoVid4_20cL0YT386n599lNQahCbw81MKJYVBIBmy0sSEQgunoYwjqtaZi7iPduLK4wqKgSjA
然后把这个文件传到桌面
yum -y install lrzsz
sz kubeconfig
在浏览器中选择 Kubeconfig 选择刚才传到桌面的文件
