kubernetes部署dashboard

原创 Eugene Huang 2025-07-29

227

kubernetes官方提供的可视化界面
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
部署和访问 Kubernetes 仪表板（Dashboard） | Kubernetes

当前使用程序版本

helm:v3.18.4
k8s:v1.23.6
dashboard:7.13.0

安装

基于 Helm 的安装：前提[[安装Helm]]

# 添加 kubernetes-dashboard 仓库
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# 使用 kubernetes-dashboard Chart 部署名为 `kubernetes-dashboard` 的 Helm Release
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

错误

[root@k8s-master hello-world]# kubectl logs kubernetes-dashboard-kong-96874686b-tbl4q -n kubernetes-dashboard
Error: could not prepare Kong prefix at /kong_prefix: nginx configuration is invalid (exit code 1):
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /kong_prefix/nginx.conf:7
nginx: the configuration file /kong_prefix/nginx.conf syntax is ok
nginx: [emerg] bind() to [::1]:8444 failed (99: Cannot assign requested address)
nginx: configuration file /kong_prefix/nginx.conf test failed

IPv6 地址绑定失败,可能没有启用 IPv6，或 Docker/Kubernetes 网络不支持 IPv6，或 ::1 本地回环地址不可用
强制使用 IPv4

helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard --set kong.env.proxy_listen="0.0.0.0:8443 http2 ssl" --set kong.env.admin_listen="0.0.0.0:8443 http2 ssl"

# 修改配置
kubectl edit svc kubernetes-dashboard-kong-proxy -n kubernetes-dashboard
# type: ClusterIP 改为 type: NodePort
# 指定类型，如果没有制定类型那么默认为 ClusterIP， ClusterIP 是无法在集群外部访问的，
# 所以我们需要修改一下这个Service的type NodePort

# 查看dashboard组件是否运行
kubectl get pod -n kubernetes-dashboard

# 查看放行端口
[root@k8s-master kubernetes-dashboard]# kubectl get svc -A |grep kubernetes-dashboard
kubernetes-dashboard   kubernetes-dashboard-api               ClusterIP      10.102.10.156    <none>        8000/TCP                        40m
kubernetes-dashboard   kubernetes-dashboard-auth              ClusterIP      10.104.239.42    <none>        8000/TCP                        40m
kubernetes-dashboard   kubernetes-dashboard-kong-proxy        NodePort       10.100.208.187   <none>        443:32004/TCP                   40m
kubernetes-dashboard   kubernetes-dashboard-metrics-scraper   ClusterIP      10.110.232.103   <none>        8000/TCP                        40m
kubernetes-dashboard   kubernetes-dashboard-web               ClusterIP      10.97.89.68      <none>        8000/TCP                        40m

获取访问令牌

[root@k8s-master kubernetes-dashboard]# kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard-kong-token
kubernetes-dashboard-kong-token-cjzrs              kubernetes.io/service-account-token   3      45m
[root@k8s-master kubernetes-dashboard]# kubectl get secret kubernetes-dashboard-kong-token-cjzrs -n kubernetes-dashboard
NAME                                    TYPE                                  DATA   AGE
kubernetes-dashboard-kong-token-cjzrs   kubernetes.io/service-account-token   3      45m
[root@k8s-master kubernetes-dashboard]# kubectl describe secret kubernetes-dashboard-kong-token-cjzrs -n kubernetes-dashboard
Name:         kubernetes-dashboard-kong-token-cjzrs
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard-kong
              kubernetes.io/service-account.uid: bab18c93-e22f-4100-899e-84822d79f324

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InQtUWpUUjRYeDZEM3hUeXZzTndEVXpxak1yb3dPdmR2M2ZOckMzdEVka1EifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1rb25nLXRva2VuLWNqenJzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imt1YmVybmV0ZXMtZGFzaGJvYXJkLWtvbmciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYWIxOGM5My1lMjJmLTQxMDAtODk5ZS04NDgyMmQ3OWYzMjQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQta29uZyJ9.FiZvI1q6e3tnUlHPgit5vzPA3gMVeRpemFklxXzaCqDUPAZ-5c8gYZ6T4Gf4l1xbcwIxxXtOojaNXog8miiHnox02rm2leB_ZAk2flZjeFNtiMSo0Xbd0lYOPu-rQPlFZcKHLXTmFb79oXvcQRY0AU_rEneVqFfjhOqJB1A1onDjb0SHepwFGpVnVfAzzY7jWELcTHpQIRXSqfLTqRLC162P3P_lSZQyIje3erf4OOibQh8kP0dMd61Y_tmqYxzZXT9P3We7wTB-AzKZNkPnMvKUZgaMKpi2bcRhjWMCNzxmWMjOn6jpS6dXHlb1JJZsazLKgqdX5kvZdjD5U4J-3A

Pasted image 20250729001423.png

登录后获取不到数据，没有权限

services is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard-kong" cannot list resource "services" in API group "" in the namespace "default"

Pasted image 20250729001703.png

创建服务帐户
我们首先在命名空间 kubernetes-dashboard 中创建名为 admin-user 的服务帐户。

vim admin-user-sa.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f admin-user-sa.yaml

创建 ClusterRoleBinding

vim admin-user-crb.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f admin-user-crb.yaml

获取 ServiceAccount 的 Bearer Token

[root@k8s-master ~]# kubectl -n kubernetes-dashboard get secret 
NAME                                               TYPE                                  DATA   AGE
admin-user-token-qgzjs                             kubernetes.io/service-account-token   3      4m46s
default-token-kmmkb                                kubernetes.io/service-account-token   3      3h34m
kubernetes-dashboard-api-token-4pw6s               kubernetes.io/service-account-token   3      77m
kubernetes-dashboard-csrf                          Opaque                                1      77m
kubernetes-dashboard-kong-token-cjzrs              kubernetes.io/service-account-token   3      77m
kubernetes-dashboard-metrics-scraper-token-w8jrr   kubernetes.io/service-account-token   3      77m
kubernetes-dashboard-web-token-hjq74               kubernetes.io/service-account-token   3      77m
sh.helm.release.v1.kubernetes-dashboard.v1         helm.sh/release.v1                    1      77m
sh.helm.release.v1.kubernetes-dashboard.v2         helm.sh/release.v1                    1      75m
sh.helm.release.v1.kubernetes-dashboard.v3         helm.sh/release.v1                    1      43m
[root@k8s-master ~]# kubectl describe secret admin-user-token-qgzjs -n kubernetes-dashboard
Name:         admin-user-token-qgzjs
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 72ada0e6-fce8-48e5-bfe3-33ea98a1fe8b

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InQtUWpUUjRYeDZEM3hUeXZzTndEVXpxak1yb3dPdmR2M2ZOckMzdEVka1EifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXFnempzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3MmFkYTBlNi1mY2U4LTQ4ZTUtYmZlMy0zM2VhOThhMWZlOGIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.EzAgRwANnl7Qc7WUQm-BeD85wz_qkvdDNXJrV0cWZ0tsqRkp_rq67-o8baE0_LteFBR_PLPPj925J2EpBtCy1zYAse7V4R5SyBD3YZ4IhM3PxdFj-1hEN834Epq2fhoqG9HGLvdc-3iNqtg2beVUYMKp7G9nqcuBSZzFx1pWnCtiRzkFF8OR6aGJ8OZ22q1uj_TO5HpgDCU-v8ih94swjnFooqp1hW5LlnmWUzR-TKdF2HQdUVV-yMdHIi8K0ZB86ErimMhpHyAhuR3WUqwXUCEPRi08jqboRRE6bMP9KqnRbL4QwE12rBm1pKBFgMnXuYMFXFMDfKsuahgh9-ruCw

重新登陆
Pasted image 20250729004657.png

k8s kubernetes

「喜欢这篇文章，您的关注和赞赏是给作者最好的鼓励」

关注作者

kubernetes部署dashboard

当前使用程序版本

安装

评论