wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
添加type: NodePort,暴露Dashboard服务。注意这里只添加行type: NodePort和nodePort: 30001便可,其余配置不用改,大概位置在末尾的Dashboard Service的spec中,参考以下。node
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
因为网络缘由,配置文件中的k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
镜像没法下载,因此须要进行如下操做提早下载好git
docker pull siriuszg/kubernetes-dashboard-amd64:v1.8.3
docker tag siriuszg/kubernetes-dashboard-amd64:v1.8.3 k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
kubectl create -f kubernetes-dashboard.yaml
编写配置文件github
vim kubernetes-dashboard-admin.rbac.yaml
--- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard-admin labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard-admin namespace: kube-system
建立帐户管理web
kubectl create -f kubernetes-dashboard-admin.rbac.yaml
$ kubectl -n kube-system get pods -o wide|grep dashboard|awk '{print $7}'
172.16.136.201
这时使用上面获取的IP加上咱们配置的端口就能够访问了,例如docker
172.16.136.201:30001
须要注意的是若是使用了ssl证书须要使用https://172.16.136.201:30001进行访问vim
页面上有两种登陆方式,这时咱们使用token的方式登陆。token的获取方式以下。api
在master节点执行bash
$kubectl -n kube-system get secret | grep kubernetes-dashboard-admin|awk '{print "secret/"$1}'|xargs kubectl describe -n kube-system|grep token:|awk -F : '{print $2}'|xargs echo
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi1qYm0ycCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijg5ZmFiOGFmLTNjYzEtMTFlOC1iODQ4LTAwMGMyOTQwYWRiYSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.YS-ZklZ8fbkDp3tuOxFHyhiflXtCGDY0C5C3PYU1ot7YFCGA67_vDKY55OiE36sZNGNhWEmK52Yak7SrFZ75KwyMbM7TK69SGLftFiMedsUCfuUpBPB-Fc4beaxMuWWqVcHOs892VfE6I85xhhYLv_xD6t8x2DcJ1Cl6c5UVg_GBw13cSVaSA7asMpVuSj8MdOQcBNIUaRaxY04PDvZDWIN8Cqud9yDNkueFeuqP3DN_rN0FzLGg0Lqv3Q-fm4hKcIiiVi6E9J-i_T8QCsoKE36wEWg3hJdUTmzBufew2YrbPH4f0Aezq-OeKT8-x89vQwkbj1vttiVVtluTTX53TQ
上面获取到的就是token了,复制到登陆页就能够登陆了网络