标签：

　　一、安置dashboard

　　首先参考官方文档：https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

　　官方的安置命令如下：

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

　　当有多个节点时，安置到非主节点时，会呈现一些问题。dashboard使用https去连接apiServer，由于证书问题会导致dial tcp 10.96.0.1:443: i/o timeout。

　　把recommended.yaml下载下来，改削一些配置：

　　

kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec:
　　　 # 增加nodeName，指定安置到主节点。kubernetes-node1为主节点名称 nodeName: kubernetes-node1 containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-beta8 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port

　　注释下面的一些配置

　　

volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "beta.kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master #tolerations: # - key: node-role.kubernetes.io/master # effect: NoSchedule

　　

serviceAccountName: kubernetes-dashboard nodeSelector: "beta.kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master #tolerations: # - key: node-role.kubernetes.io/master # effect: NoSchedule volumes:

　　然后执行

　

kubectl apply -f recommended.yaml

　　会自动下载对应的镜像，如果镜像下载掉败，可以去其他处所下载，然后打tag的方法，来安置

　　执行 

　　kubectl get pods -n kubernetes-dashboard

　　下面的状态为Running暗示安置告成了。

NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-745bd6bb57-gf4vn 1/1 Running 0 15m kubernetes-dashboard-7c8ff6ddc5-v8fck 1/1 Running 1 4h3m

二、创建账号

　　官方地点：https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

　　创建dashboard-adminuser.yaml，内容如下：

apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard

　　创建dashboard-adminuser-role-binding.yaml，内容如下：

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard

　　然后分袂执行:

　　

kubectl apply -f dashboard-adminuser.yaml kubectl apply -f dashboard-adminuser-role-binding.yaml

三、访谒

　　创建token

　　

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk ‘{print $1}‘)

　　功效如下：

Name: admin-user-token-v57nw Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 0303243c-4040-4a58-8a47-849ee9ba79c1 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ

　　

　　由于证书问题，我们使用代办代理的方法来访谒

　　在主节点执行：

　　

kubectl proxy --address=‘0.0.0.0‘

　　功效如下：

Starting to serve on [::]:8001

　　由于在虚拟机中，浏览器没法直接访谒，添加端口映射：

　　

　　然后访谒：

　　选择token，输入上面生成的token进行访谒

学习kubernetes——部署dashboard

标签：

原文地点：https://www.cnblogs.com/lilinwei340/p/12115469.html

，