kubeadm搭建单master-多node节点k8s集群 (5)

1）部署yaml文件并查看

[root@k8s-master1 ~]# kubectl apply -f kubernetes-dashboard.yaml [root@k8s-master1 ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-7445d59dfd-rks7c 1/1 Running 0 115s kubernetes-dashboard-54f5b6dc4b-mnnd2 1/1 Running 0 115s # 查看dashboard前端的service [root@k8s-master1 ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.111.106.98 <none> 8000/TCP 3m2s kubernetes-dashboard ClusterIP 10.98.164.1 <none> 443/TCP 3m2s

2）修改service type类型变成NodePort

# 把type: ClusterIP变成 type: NodePort，保存退出即可 [root@k8s-master1 ~]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard [root@k8s-master1 ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.111.106.98 <none> 8000/TCP 6m1s kubernetes-dashboard NodePort 10.98.164.1 <none> 443:30379/TCP 6m1s

3）浏览器访问

上面可看到service类型是NodePort，访问任何一个工作节点ip: 30379端口即可访问kubernetes dashboard，在浏览器(使用火狐浏览器)访问如下地址:
https://192.168.40.180:30379

3.2、通过token访问dashboard # 1.创建管理员token，具有查看任何空间的权限，可以管理所有资源对象 [root@k8s-master1 ~]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard # 2.查看kubernetes-dashboard名称空间下的secret [root@k8s-master1 ~]# kubectl get secret -n kubernetes-dashboard NAME TYPE DATA AGE default-token-fppc9 kubernetes.io/service-account-token 3 19m kubernetes-dashboard-certs Opaque 0 19m kubernetes-dashboard-csrf Opaque 1 19m kubernetes-dashboard-key-holder Opaque 2 19m kubernetes-dashboard-token-bzx6g kubernetes.io/service-account-token 3 19m # 3.找到对应的带有token的kubernetes-dashboard-token-bzx6g [root@k8s-master1 ~]# kubectl describe secret kubernetes-dashboard-token-bzx6g -n kubernetes-dashboard ... token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImRTYUlhaUZXeFBzeHpjcmNXS1p6WENybDRsVXkyVGN3ZUJWRjZnNWVNYjgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ieng2ZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI3MjFkYzkxLWI0M2YtNDc5YS1hMjJmLTZlYjhjNTE0ZTllNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.ZndeWZWYY7c-vFir6uVaTxR-EZ5MIZByGgLIoBAtxYQebhYVtCxNIPhnrNBLcmcmdbfmuqWEU9M5T-zpSEX5aAPKhuJNo-zpKW9N-COhuLXPDjcesct5XmBFeL6Duc322TRm-4aQto6ZUJ4dkT-KRwhS1EzGZ5VZoz_m4pi-f_dFWNLEnrd25qPswAdIHVkAPe28WtJkLIjfoGmTd0hGfu9_uz0rOzQn5MoV-hRPtvVd4ziIeC9ETwKKVp14RlakV3r2Y0ZDxOqlNhI4PAlwbBOoqbpa3WHLTuuh0Fm0jAdZdKVGhS1T6N1kcC0_BTWsq0caK21FVyyjGka60YvKIg # 4.通过token访问dashboard

3.3、通过kubeconfig文件访问dashboard # 1、创建cluster集群 [root@k8s-master1 ~]# cd /etc/kubernetes/pki [root@k8s-master1 pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.40.180:6443" --embed-certs=true --kubeconfig=http://www.likecs.com/root/dashboard-admin.conf # 2、创建credentials：需要使用上面的kubernetes-dashboard-token-bzx6g对应的token信息 [root@k8s-master1 pki]# DEF_NS_ADMIN_TOKEN=$(kubectl get secret kubernetes-dashboard-token-bzx6g -n kubernetes-dashboard -o jsonpath={.data.token}|base64 -d) [root@k8s-master1 pki]# echo $DEF_NS_ADMIN_TOKEN eyJhbGciOiJSUzI1NiIsImtpZCI6ImRTYUlhaUZXeFBzeHpjcmNXS1p6WENybDRsVXkyVGN3ZUJWRjZnNWVNYjgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ieng2ZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI3MjFkYzkxLWI0M2YtNDc5YS1hMjJmLTZlYjhjNTE0ZTllNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.ZndeWZWYY7c-vFir6uVaTxR-EZ5MIZByGgLIoBAtxYQebhYVtCxNIPhnrNBLcmcmdbfmuqWEU9M5T-zpSEX5aAPKhuJNo-zpKW9N-COhuLXPDjcesct5XmBFeL6Duc322TRm-4aQto6ZUJ4dkT-KRwhS1EzGZ5VZoz_m4pi-f_dFWNLEnrd25qPswAdIHVkAPe28WtJkLIjfoGmTd0hGfu9_uz0rOzQn5MoV-hRPtvVd4ziIeC9ETwKKVp14RlakV3r2Y0ZDxOqlNhI4PAlwbBOoqbpa3WHLTuuh0Fm0jAdZdKVGhS1T6N1kcC0_BTWsq0caK21FVyyjGka60YvKIg [root@k8s-master1 pki]# kubectl config set-credentials dashboard-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=http://www.likecs.com/root/dashboard-admin.conf # 3、创建context [root@k8s-master1 pki]# kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=http://www.likecs.com/root/dashboard-admin.conf # 4、切换context的current-context是dashboard-admin@kubernetes [root@k8s-master1 pki]# kubectl config use-context dashboard-admin@kubernetes --kubeconfig=http://www.likecs.com/root/dashboard-admin.conf # 5、查看生成的文件dashboard-admin.conf [root@k8s-master1 pki]# cat /root/dashboard-admin.conf apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EY3dPREV5TWpJeE5Gb1hEVE14TURjd05qRXlNakl4TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmU3CnRYdTBaRk1RUnZRcGtUVExxN1dEdnFBeDIwblkxSUR1WHlGWmR6VElsREtYWGFpTjdUNFp4dnVKdWRETFJjdk8KcFFHTjlQR0d5bTM2b05GRWo2RDVhek9xWGJJTHp4N2IrODRQV1VnTFhSd1IvYzRReG8vYzNYNmZLWFJucnVaeApVN1BJMDViVzlzeUVrVk1kM3ZpT25iQnVYTDBpNDViRGlzVHlZNUdRZGZTK3c3eGVxTWVoclV6N04vMUtlV2JLCkF0ZnZkUXJWUTlDT3hFVGcwRWRjbUt5R0RDc0JrVUhLY3BQZ1RidXVuUGZ2bm1yWWRsNWtlZmFHMWkzR1ZPY1oKdWhVQVpCck4xaWNocUsrV0Q2a3NTLzQwLzg3Nlg3WlQyeFNPbVJxTUQyVGlHQzJvWlRhclRQOE9VUVFqc0ZkdwplNUNlaEFXKzZHS3BCOTd6KzJFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCN2JxeGV1WFdYUVg5UDhJenRCbS9sWVRHS3hNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDUGN1dUdLa1QwemdRa0x4S2JrTU9pbGQ2akYvNENyYklEaG5SeDk4dEkya1EvNzVXbQpaNURoeldnKytrcUdoQUVSZXFoMVd4MXNHV0RTaG41elJScmNNT1BOOVBmdVpJcmVUUUllL0tuZDdTMXZyNUxGCk80NlE5QXEwVlZYSU5kMEdZcmJPNURpaTdBc2Ewc0FwSk16RzZoRHZPYlFCRGh3RURxa3VkM2tlZ0xuNUZXTUwKdUZoU2Voa1F4VWxUOVJoRkhzemZxVnBsTGVpN05uT1dxR0xIOHhTSFdacTV3aFI1a1laYUpJblM0L1gwZVdnKwpGNXM0WWpVWWZHOHRNQTZLNTR6eFVJSnM0Nnd2ek9yOEVwUWlKLzh1SnhnM052aFpBZG1oTVMvRTNLTmF5TCtoClU0a2NNcUlxWUYyYzBqY1BJK0wxeHU4WkVHMCtXaWY0N2tYSAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== server: https://192.168.40.180:6443 name: kubernetes contexts: - context: cluster: kubernetes user: dashboard-admin name: dashboard-admin@kubernetes current-context: dashboard-admin@kubernetes kind: Config preferences: {} users: - name: dashboard-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImRTYUlhaUZXeFBzeHpjcmNXS1p6WENybDRsVXkyVGN3ZUJWRjZnNWVNYjgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ieng2ZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI3MjFkYzkxLWI0M2YtNDc5YS1hMjJmLTZlYjhjNTE0ZTllNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.ZndeWZWYY7c-vFir6uVaTxR-EZ5MIZByGgLIoBAtxYQebhYVtCxNIPhnrNBLcmcmdbfmuqWEU9M5T-zpSEX5aAPKhuJNo-zpKW9N-COhuLXPDjcesct5XmBFeL6Duc322TRm-4aQto6ZUJ4dkT-KRwhS1EzGZ5VZoz_m4pi-f_dFWNLEnrd25qPswAdIHVkAPe28WtJkLIjfoGmTd0hGfu9_uz0rOzQn5MoV-hRPtvVd4ziIeC9ETwKKVp14RlakV3r2Y0ZDxOqlNhI4PAlwbBOoqbpa3WHLTuuh0Fm0jAdZdKVGhS1T6N1kcC0_BTWsq0caK21FVyyjGka60YvKIg # 6、把dashboard-admin.conf复制到桌面，浏览器访问时使用kubeconfig认证，把dashboard-admin.conf导入到web界面，就可以登陆了