Helm 安装 kubernetes dashboard

    dashboard

    helm 安装 dashboard

    helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard

    record ...

    root@l2:~# helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --version 5.11.0

NAME: kubernetes-dashboard
LAST DEPLOYED: Sun May 29 22:36:09 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************

Get the Kubernetes Dashboard URL by running:
  export POD_NAME=$(kubectl get pods -n default -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=kubernetes-dashboard" -o jsonpath="{.items[0].metadata.name}")
  echo https://127.0.0.1:8443/
  kubectl -n default port-forward $POD_NAME 8443:8443

    配置转发

    第一种方式

    使用 port-forward 转发

     kubectl -n default port-forward $POD_NAME 30443:8443 --address 0.0.0.0

    第二种方式

    调整 service kubernetes-dashboard
    从 ClusterIP 转化为 NodePort

    kubectl edit service kubernetes-dashboard

    apiVersion: v1
kind: Service
metadata:
  ...
spec:
  ports:
  - name: https
    ...
    nodePort: 30443  
  ... 
  type: NodePort

    获取登录密钥

    kubectl describe secret $(kubectl get secret  | grep kubernetes-dashboard-token | awk '{print $1}')

    配置 nginx 转发

    注意 proxy_pass 的协议是 https

    server {
    listen 443 ssl http2;
    server_name  kubernetes.jansora.com;

    ssl_protocols    TLSv1 TLSv1.1 TLSv1.2;
    ssl_certificate     /etc/nginx/certs/lets-encrypt-jansora.com/jansora.com.cer;
    ssl_certificate_key /etc/nginx/certs/lets-encrypt-jansora.com/jansora.com.key;

    location / {
          proxy_pass_header Server;
          proxy_set_header Host $http_host;
          proxy_redirect off;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Scheme $scheme;
          proxy_pass https://10.0.4.10:30443;
    }
}

    喜闻悦见

    image.png

    等等. 还需要配置 dashboard 权限

    否则页面是空的

    namespace 默认是 default 请根据实际的填写

    vim /etc/kubernetes/conf/dashboard-admin.yaml

    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: default

    kubectl apply -f /etc/kubernetes/conf/dashboard-admin.yaml

    评论栏