当前位置: 代码迷 >> 综合 >> How to build a kubernetes dashboard system step by step
  详细解决方案

How to build a kubernetes dashboard system step by step

热度:20   发布时间:2023-12-14 23:31:56.0

概述

??很多小伙伴在搭建kubernetes-dashboard环境的过程中遇到了很多问题,今天,肥子哥在这里给大家介绍一下如何搭建kubernetes-dashboard环境。

??要搭建kubernetes-dashboard环境,首先要做的就是准备好kubernetes环境,如何搭建kubernetes环境,小伙伴们可以阅读我之前的文章《How to manage kubernetes on Centos 7, Part I》来完成相关工作。在这里,为了给大家做演示,我们准备了三台已经配置好kubernetes环境的主机,大致配置如下,我们的演示将基于这个环境展开。

Node Hostname IP OS CPU RAM
Master xtwj89 192.168.3.89 CentOS 7 2 4G
Worker xtwj90 192.168.3.90 CentOS 7 2 4G
Worker xtwj91 192.168.3.91 CentOS 7 2 4G

??搭建kubernetes-dashboard环境有如下几个难点,只要大家顺顺当当闯过几关,基本上大功也就算告成了。

  • 远程访问问题

??kubernetes设计者为了安全起见,默认情况下,对kubernetes系统的访问默认情况下只能在其所在的主机进行,然后借助代理完成远程访问。很多小伙伴们对这个不是很习惯,那么有没有办法破解这个难题呢?其实,也是有的,我们需要将名称为kubernetes-dashboard的服务的type参数修改为NodePort。

  • 访问账号问题

??通常情况下,在分布式系统中,为了实现对不同访问者的鉴权工作,一种方式是通过用户名-密码方式进行,另一种方式是通过token方式进行。显然,用户名-密码方式在系统安全方面存在很多安全隐患,通常是不建议使用的,但是做为管理员,我们又需要用户名-密码方式对kubernetes-board进行访问。这个时候,为了方便期间,我们需要创建一个管理员用户并为其分配相应的角色。

  • 数据证书问题

??我们知道,http协议是以明文方式传递信息的,这在分布式系统中是存在极大的安全隐患的,所以kubernetes在设计之初,就抛弃了http协议而采用了https协议。https协议是安全的http协议,信息传递是以密文方式传递的。

Installation

??下面这段安装脚本是kubernetes-dashboard的github官网给出的。

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml

特别说明,https://raw.githubusercontent.com/是https://github.com/的别名,两者是等效的。

其中,recommended.yaml内容如下:

# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {
    }serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.4ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {
    }

查看pod

[root@xtwj89 ~]# kubectl get pods -n kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE     IP           NODE     NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-6b4884c9d5-m59g4   1/1     Running   0          6d22h   10.244.1.5   xtwj91   <none>           <none>
kubernetes-dashboard-7b544877d5-24g74        1/1     Running   0          39m     10.244.1.7   xtwj91   <none>           <none>
[root@xtwj89 ~]# 

为了方便我们的演示工作,这里我们通过如下脚本对上述安装脚本完成的工作做如下调整。

[root@xtwj89 ~]# kubectl edit services kubernetes-dashboard -n kubernetes-dashboard

重新配置kubernetes-dashboard service

执行如上命令的时候,将会打开名称为kubernetes-dashboard的service以方便我们进行编辑。

apiVersion: v1
kind: Service
metadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}creationTimestamp: "2020-05-22T10:05:14Z"labels:k8s-app: kubernetes-dashboardmanagedFields:- apiVersion: v1fieldsType: FieldsV1fieldsV1:f:metadata:f:annotations:.: {
    }f:kubectl.kubernetes.io/last-applied-configuration: {
    }f:labels:.: {
    }f:k8s-app: {
    }f:spec:f:externalTrafficPolicy: {
    }f:ports:.: {
    }k:{
    "port":443,"protocol":"TCP"}:.: {
    }f:port: {
    }f:protocol: {
    }f:targetPort: {
    }f:selector:.: {
    }f:k8s-app: {
    }f:sessionAffinity: {
    }f:type: {
    }manager: kubectloperation: Updatetime: "2020-05-26T10:59:39Z"name: kubernetes-dashboardnamespace: kubernetes-dashboardresourceVersion: "1058264"selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboarduid: f9e5e378-1900-4f7a-b6af-6da8b8e5e98d
spec:clusterIP: 10.110.68.68externalTrafficPolicy: Clusterports:- nodePort: 30634port: 443protocol: TCPtargetPort: 8443selector:k8s-app: kubernetes-dashboardsessionAffinity: Nonetype: ClusterIP
status:loadBalancer: {
    }

我们对上述内容第54行spec.type的值做调整,将其更改为NodePort,然后保存。

查看service

[root@xtwj89 ~]# kubectl get services -n kubernetes-dashboard -o wide
NAME                        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE     SELECTOR
dashboard-metrics-scraper   ClusterIP   10.99.44.183   <none>        8000/TCP        6d22h   k8s-app=dashboard-metrics-scraper
kubernetes-dashboard        NodePort    10.110.68.68   <none>        443:30634/TCP   6d22h   k8s-app=kubernetes-dashboard
[root@xtwj89 ~]# 

我们可以看到名称为kubernetes-dashboard的service对外暴露的端口号是30634,后续我们要用它来访问kubernetes-dashboard服务。

创建可登录账号

[root@xtwj89 ~]# ll .tmp/
total 5800
drwxr-xr-x  3 root root     315 May 29 16:33 .
dr-xr-x---. 6 root root     212 May 29 16:42 ..
-rw-r--r--  1 root root     270 May 29 16:32 admin-clusterrolebinding.yaml
-rw-r--r--  1 root root      90 May 25 11:07 admin-user.yaml
-rw-r--r--  1 root root    7552 May 21 15:17 recommended.yaml
[root@xtwj89 ~]# cat .tmp/admin-user.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:name: admin-usernamespace: kube-system
[root@xtwj89 ~]# cat .tmp/admin-clusterrolebinding.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: admin-user
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: admin-usernamespace: kubernetes-dashboard
[root@xtwj89 ~]# 

大家可以看到,我这里已经根据需要准备好了上述两个文件。接下来,我们使用如下命令应用它们。

[root@xtwj89 .tmp]# kubectl apply -f admin-user.yaml 
[root@xtwj89 .tmp]# kubectl apply -f admin-clusterrolebinding.yaml 

生成数字证书

[root@xtwj89 ~]# mkdir -p .kubernetes
[root@xtwj89 ~]# cd .kubernetes/
[root@xtwj89 .kubernetes]# ll
total 0
drwxr-xr-x  2 root root   6 May 29 16:09 .
dr-xr-x---. 8 root root 231 May 29 16:09 ..
[root@xtwj89 .kubernetes]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
..........+++
...................+++
e is 65537 (0x10001)
[root@xtwj89 .kubernetes]# ll
total 4
drwxr-xr-x  2 root root   27 May 29 16:10 .
dr-xr-x---. 8 root root  243 May 29 16:10 ..
-rw-r--r--  1 root root 1679 May 29 16:10 dashboard.key
[root@xtwj89 .kubernetes]# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.3.89'
[root@xtwj89 .kubernetes]# ll
total 8
drwxr-xr-x  2 root root   48 May 29 16:14 .
dr-xr-x---. 8 root root  243 May 29 16:10 ..
-rw-r--r--  1 root root  895 May 29 16:14 dashboard.csr
-rw-r--r--  1 root root 1679 May 29 16:10 dashboard.key
[root@xtwj89 .kubernetes]# openssl x509 -req -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt 
Signature ok
subject=/CN=192.168.3.89
Getting Private key
[root@xtwj89 .kubernetes]# ll
total 12
drwxr-xr-x  2 root root   69 May 29 16:15 .
dr-xr-x---. 8 root root  243 May 29 16:10 ..
-rw-r--r--  1 root root  985 May 29 16:15 dashboard.crt
-rw-r--r--  1 root root  895 May 29 16:14 dashboard.csr
-rw-r--r--  1 root root 1679 May 29 16:10 dashboard.key
[root@xtwj89 .kubernetes]# kubectl get secrets -n kubernetes-dashboard 
NAME                               TYPE                                  DATA   AGE
admin-user-token-h7gft             kubernetes.io/service-account-token   3      3d1h
default-token-mv96f                kubernetes.io/service-account-token   3      6d22h
kubernetes-dashboard-certs         Opaque                                0      6d22h
kubernetes-dashboard-csrf          Opaque                                1      6d22h
kubernetes-dashboard-key-holder    Opaque                                2      6d22h
kubernetes-dashboard-token-r5xmb   kubernetes.io/service-account-token   3      6d22h
[root@xtwj89 .kubernetes]# kubectl delete secrets kubernetes-dashboard-certs -n kubernetes-dashboard 
secret "kubernetes-dashboard-certs" deleted
[root@xtwj89 .kubernetes]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created
[root@xtwj89 .kubernetes]#

这个时候,数字证书已经创建好了,但是还没有被启用,我们接下来,应用上述数字证书。

[root@xtwj89 .kubernetes]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-m59g4   1/1     Running   0          6d22h
kubernetes-dashboard-7b544877d5-447h6        1/1     Running   0          6d22h
[root@xtwj89 .kubernetes]# kubectl delete pods kubernetes-dashboard-7b544877d5-447h6 -n kubernetes-dashboard 
pod "kubernetes-dashboard-7b544877d5-447h6" deleted
[root@xtwj89 .kubernetes]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS              RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-m59g4   1/1     Running             0          6d22h
kubernetes-dashboard-7b544877d5-24g74        0/1     ContainerCreating   0          10s
[root@xtwj89 .kubernetes]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-m59g4   1/1     Running   0          6d22h
kubernetes-dashboard-7b544877d5-24g74        1/1     Running   0          25s
[root@xtwj89 .kubernetes]# kubectl get pod -n kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE     IP           NODE     NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-6b4884c9d5-m59g4   1/1     Running   0          6d22h   10.244.1.5   xtwj91   <none>           <none>
kubernetes-dashboard-7b544877d5-24g74        1/1     Running   0          48s     10.244.1.7   xtwj91   <none>           <none>
[root@xtwj89 .kubernetes]#

##获取token

[root@xtwj89 .tmp]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-h7gft
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-userkubernetes.io/service-account.uid: 51fc9eb3-7a0a-4969-b0aa-e60f1af745a9Type:  kubernetes.io/service-account-tokenData
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InJzSm9SRnhhdzE5U0YxVkc4ZlpPME04NlAtakhMdFF4LXFoUG5jV1dPclkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWg3Z2Z0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1MWZjOWViMy03YTBhLTQ5NjktYjBhYS1lNjBmMWFmNzQ1YTkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.KuE4b_DbvxnuEnfs7aw3w_cdVxlMmQcW19fXbnYjIvw9Dqkz-YHSryR7F5k095oiVwV6sS4FNUsV4Vrz5Ms_xH7qaILyzYceQ1mFqAnH93fT9L3UAoJEfL2yXfs3YnJ79zHS5h56TZBAZD2FrHiASq63OKEjJGGa7yP--7F4jsgyRQJBp3t1c2MoKCTPAweN12zrd_Ulnr9XcHGzagoGpUr-Ot4d6zhpuqjAn-BqAnacOQnBBGELc44ollsCe9u3f_VXrTY5B3XTJsfpzbfnTNxXtIZidjXL-yuFgAaGfaNz5qUdHrs_zH5DteAPpicbNz0xgo6sTpW6G0mmluajtA
ca.crt:     1025 bytes
namespace:  20 bytes
[root@xtwj89 .tmp]#

接下来,我们用curl验证一下,有没有问题。

lwk@qwfys:~$ curl -k https://192.168.3.89:30634/#/overview?namespace=default -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InJzSm9SRnhhdzE5U0YxVkc4ZlpPME04NlAtakhMdFF4LXFoUG5jV1dPclkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWg3Z2Z0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1MWZjOWViMy03YTBhLTQ5NjktYjBhYS1lNjBmMWFmNzQ1YTkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.KuE4b_DbvxnuEnfs7aw3w_cdVxlMmQcW19fXbnYjIvw9Dqkz-YHSryR7F5k095oiVwV6sS4FNUsV4Vrz5Ms_xH7qaILyzYceQ1mFqAnH93fT9L3UAoJEfL2yXfs3YnJ79zHS5h56TZBAZD2FrHiASq63OKEjJGGa7yP--7F4jsgyRQJBp3t1c2MoKCTPAweN12zrd_Ulnr9XcHGzagoGpUr-Ot4d6zhpuqjAn-BqAnacOQnBBGELc44ollsCe9u3f_VXrTY5B3XTJsfpzbfnTNxXtIZidjXL-yuFgAaGfaNz5qUdHrs_zH5DteAPpicbNz0xgo6sTpW6G0mmluajtA'"
<!--
Copyright 2017 The Kubernetes Authors.Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--><!doctype html>
<html lang="en"><head><meta charset="utf-8"><title>Kubernetes Dashboard</title><link rel="icon"type="image/png"href="assets/images/kubernetes-logo.png" /><meta name="viewport"content="width=device-width">
<link rel="stylesheet" href="styles.3aaa4ab96be3c2d1171f.css"></head><body><kd-root></kd-root>
<script src="runtime.3e2867321ef71252064e.js" defer></script><script src="polyfills-es5.1910457cb975981c7c1e.js" nomodule defer></script><script src="polyfills.bb3dd165d9bd7b05eaad.js" defer></script><script src="scripts.363381cc645c813a9215.js" defer></script><script src="main.70a20d3fe94c2e87dc2b.js" defer></script></body></html>
lwk@qwfys:~$ 

我们可以看到服务是可以访问通的。

下面我们用浏览器访问

在这里插入图片描述
选择Token,在文本框“输入 Token *”中填写上此前我们给出的获取到的token,然后点击“登录”按钮,即可以进入kubernetes-dashboard界面,如下所示。
在这里插入图片描述

Reference

  • https://github.com/kubernetes/dashboard/
  • Creating sample user
  • Web基础配置篇(十七): Kubernetes dashboard安装配置
  相关解决方案