dashboard
helm 安装 dashboard
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard
record ...
root@l2:~# helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --version 5.11.0
NAME: kubernetes-dashboard
LAST DEPLOYED: Sun May 29 22:36:09 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************
Get the Kubernetes Dashboard URL by running:
export POD_NAME=$(kubectl get pods -n default -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=kubernetes-dashboard" -o jsonpath="{.items[0].metadata.name}")
echo https://127.0.0.1:8443/
kubectl -n default port-forward $POD_NAME 8443:8443
配置转发
第一种方式
使用 port-forward 转发
kubectl -n default port-forward $POD_NAME 30443:8443 --address 0.0.0.0
第二种方式
调整 service kubernetes-dashboard
从 ClusterIP 转化为 NodePort
kubectl edit service kubernetes-dashboard
apiVersion: v1
kind: Service
metadata:
...
spec:
ports:
- name: https
...
nodePort: 30443
...
type: NodePort
获取登录密钥
kubectl describe secret $(kubectl get secret | grep kubernetes-dashboard-token | awk '{print $1}')
配置 nginx 转发
注意 proxy_pass 的协议是 https
server {
listen 443 ssl http2;
server_name kubernetes.jansora.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/nginx/certs/lets-encrypt-jansora.com/jansora.com.cer;
ssl_certificate_key /etc/nginx/certs/lets-encrypt-jansora.com/jansora.com.key;
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://10.0.4.10:30443;
}
}
喜闻悦见
等等. 还需要配置 dashboard 权限
否则页面是空的
namespace 默认是 default 请根据实际的填写
vim /etc/kubernetes/conf/dashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: default
kubectl apply -f /etc/kubernetes/conf/dashboard-admin.yaml