Install and deploy dashboard
1. Check pod operation
kubectl get pods -A -o wide
Download the recommended.yaml file
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
Modify the recommended.yaml file
vim recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30000 × increase
selector:
k8s-app: kubernetes-dashboard
#Because many browsers cannot use the automatically generated certificates, we create and comment out the kubernetes dashboard certs object declaration
Modify image address
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
kubectl apply -f recommended.yaml
Create certificate
mkdir dashboard-certs
cd dashboard-certs/
#Create namespace
kubectl create namespace kubernetes-dashboard
# Establish key file
openssl genrsa -out dashboard.key 2048
#Certificate request
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#Self signed certificate
openssl x509 -req -days 36000 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#Create kubernetes dashboard certs object
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboardDelete namespace:
[root@k8s-master dashboard-certs]# kubectl get ns | grep kubernetes kubernetes-dashboard Active 10h [root@k8s-master dashboard-certs]# kubectl delete ns kubernetes-dashboard namespace "kubernetes-dashboard" deleted [root@k8s-master dashboard-certs]# kubectl get ns | grep kubernetes [root@k8s-master dashboard-certs]# kubectl get pods -A -o wide
5. Install dashboard
kubectl create -f ~/recommended.yaml
[root@k8s-master dashboard-certs]# kubectl create -f ~/recommended.yaml
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
Error from server (AlreadyExists): error when creating "/root/recommended.yaml": namespaces "kubernetes-dashboard" already exists
Error from server (AlreadyExists): error when creating "/root/recommended.yaml": secrets "kubernetes-dashboard-certs" already exists
Note: this may be reported as follows.
Error from server (AlreadyExists): error when creating "./recommended.yaml": namespaces "kubernetes-dashboard" already exists
This is because we created the certificate when we created it kubernetes-dashboard Namespace, so ignore this error message directly.6. View the installation results
[root@k8s-master dashboard-certs]# kubectl get pods -A -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default nginx-deployment-7789b77975-m85sx 1/1 Running 0 166m 10.244.2.7 k8s-node02 <none> <none>
default nginx-deployment-7789b77975-n5zpc 1/1 Running 0 155m 10.244.1.2 k8s-node01 <none> <none>
kube-system coredns-66bff467f8-4pzqn 1/1 Running 2 20h 10.244.0.7 k8s-master <none> <none>
kube-system coredns-66bff467f8-bw2b4 1/1 Running 2 20h 10.244.0.6 k8s-master <none> <none>
kube-system etcd-k8s-master 1/1 Running 3 20h 192.168.253.167 k8s-master <none> <none>
kube-system kube-apiserver-k8s-master 1/1 Running 2 20h 192.168.253.167 k8s-master <none> <none>
kube-system kube-controller-manager-k8s-master 1/1 Running 2 20h 192.168.253.167 k8s-master <none> <none>
kube-system kube-flannel-ds-amd64-k92bk 1/1 Running 9 19h 192.168.253.169 k8s-node02 <none> <none>
kube-system kube-flannel-ds-amd64-kf7j7 1/1 Running 2 20h 192.168.253.167 k8s-master <none> <none>
kube-system kube-flannel-ds-amd64-kmg7d 1/1 Running 1 19h 192.168.253.168 k8s-node01 <none> <none>
kube-system kube-proxy-4hjbl 1/1 Running 1 19h 192.168.253.168 k8s-node01 <none> <none>
kube-system kube-proxy-g2hlg 1/1 Running 2 20h 192.168.253.167 k8s-master <none> <none>
kube-system kube-proxy-kfvgx 1/1 Running 1 19h 192.168.253.169 k8s-node02 <none> <none>
kube-system kube-scheduler-k8s-master 1/1 Running 2 20h 192.168.253.167 k8s-master <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-mj8qr 0/1 ContainerCreating 0 84s <none> k8s-node02 <none> <none>
kubernetes-dashboard kubernetes-dashboard-7b544877d5-72spd 0/1 ContainerCreating 0 87s <none> k8s-node02 <none> <none>
[root@k8s-master dashboard-certs]# kubectl get service -n kubernetes-dashboard -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper NodePort 10.111.221.30 <none> 8000:30000/TCP 2m1s k8s-app=dashboard-metrics-scraper
kubernetes-dashboard ClusterIP 10.105.134.250 <none> 443/TCP 2m7s k8s-app=kubernetes-dashboard
7. Create dashboard administrator
Create the dashboard-admin.yaml file.
vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
After saving and exiting, execute the following command to create an administrator.
kubectl create -f ./dashboard-admin.yaml
8. Assign permissions to users
Create the dashboard-admin-bind-cluster-role.yaml file.
vim dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
9. View and copy user Token
Execute the following command at the command line.
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
The specific implementation is as follows.
[root@k8s-master dashboard-certs]# kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-bind-cluster-role created
[root@k8s-master dashboard-certs]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-dpbz5
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 00d333aa-e3fd-455d-b81d-20d7c9de136e
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Inh3RGxrbUZCakp3RHBvSkg0QkVaVnRZNEgxalFSdlZsQXZXUEh6bHlUR3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZHBiejUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDBkMzMzYWEtZTNmZC00NTVkLWI4MWQtMjBkN2M5ZGUxMzZlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.aJYmXtzuLkr1SvcoxCfisPBDFbWium6qVHL6qsLkqdRS7WYr54cQm20H6Vr1wLr-1QE3g0fENYpLv7SVVEmvXxy5MemWSmJ-gzDGhWnwvMkCnuX3kFOuJL7VLzwwNf31MuO458y8os34BKnfYc3N8Sk4SuyzRhYy3rCJ9lIGa46-bGsSMTtbzWxp1uwOvaec3cG2gmoJjzh7nInNqpNg-G3sD6q8kfiWVUeS1utfjvpw_yECSxL9yz86XgZxopdn7iCODeTYZGzQfy1qKEaHUgwuO0jLgreTPNdsq1BPh6ld2W0b2KloFOqqMJAc5BmX5npCj3fNDOS_QgoWzy4WDA
ca.crt: 1025 bytes
namespace: 20 bytes
[root@k8s-master ~]# kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21h
default nginx-deployment LoadBalancer 10.102.49.213 <pending> 80:32682/TCP 3h55m
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 21h
kubernetes-dashboard dashboard-metrics-scraper NodePort 10.111.221.30 <none> 8000:30000/TCP 73m
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.105.134.250 <none> 443/TCP 74m
View the dashboard interface and open the link in the browser https://192.168.253.167:30000 , as shown below.
Here, we choose the Token mode to log in and enter the Token obtained from the command line, as shown below.
Click login to enter the dashboard, as shown below.
At this point, dashboard 2.0.0 is installed successfully.
https://www.processon.com/view/link/5ac64532e4b00dc8a02f05eb?spm=a2c4e.10696291.0.0.6ec019a4bYSFIw#map
[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-755f66f567-vbvzc 1/1 Running 0 119m
kubernetes-dashboard-77f89d4675-48zp7 1/1 Running 0 92m
kubernetes-dashboard-77f89d4675-6r87x 0/1 CrashLoopBackOff 23 109m
kubernetes-dashboard-77f89d4675-xv6bq 0/1 CrashLoopBackOff 20 119m
[root@k8s-master ~]# kubeclt delete pod kubernetes-dashboard-77f89d4675-6r87x
-bash: kubeclt: command not found
[root@k8s-master ~]# kubectl delete pod kubernetes-dashboard-77f89d4675-6r87x
Error from server (NotFound): pods "kubernetes-dashboard-77f89d4675-6r87x" not found
[root@k8s-master ~]# kubectl delete pod kubernetes-dashboard-77f89d4675-6r87x -n kubernetes-dashboard
pod "kubernetes-dashboard-77f89d4675-6r87x" deleted
[root@k8s-master ~]# kubectl delete pod kubernetes-dashboard-77f89d4675-xv6bq -n kubernetes-dashboard
pod "kubernetes-dashboard-77f89d4675-xv6bq" deleted
[root@k8s-master ~]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-755f66f567-vbvzc 1/1 Running 0 124m
kubernetes-dashboard-77f89d4675-48zp7 1/1 Running 0 98m
kubernetes-dashboard-77f89d4675-s55ct 1/1 Running 1 70s
kubernetes-dashboard-77f89d4675-wbbr9 1/1 Running 0 32s