Service Mesh服务网格技术探究---VMWare+k8s集群+Istio系列：k8s集群之kubernetes-dashboard安装

　　一、安装kubernetes-dashboard

　　安装dashboard需要先下载recommended.yaml文件，如果下载的时候报错，请参考前文在hosts文件里配置github的地址。

　　执行以下命令下载文件

[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
--2021-09-17 14:07:51--  https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 199.232.28.133, 199.232.96.133, 185.199.108.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.28.133|:443... connected.
HTTP request sent, awaiting response... Read error (Success.) in headers.
Retrying.

--2021-09-17 14:08:33--  (try: 2)  https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.28.133|:443... failed: Connection refused.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.96.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7543 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’

recommended.yaml                        100%[============================================================================>]   7.37K  --.-KB/s    in 0s

2021-09-17 14:08:55 (16.6 MB/s) - ‘recommended.yaml’ saved [7543/7543]

　　修改recommended.yaml文件，在spec中增加如下配置：

[root@k8s-master ~]# vim recommended.yaml

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort ##################添加这个配置   
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000   ################添加这个配置
  selector:
    k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1

　　以上配置增加完成之后执行如下命令，创建pod，并查看dashboard的状态。

[root@k8s-master ~]# kubectl create -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@k8s-master ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.102.62.153   <none>        8000/TCP        12s
kubernetes-dashboard        NodePort    10.110.179.54   <none>        443:30000/TCP   12s
[root@k8s-master ~]#

　　此时可以用浏览器访问https://192.168.186.132:30000/#/login，如下图：

 　　    二、创建登录token

　　这里有Token和Kubeconfig两种登录方式，我采用的是第一种方式，以下是生成token的步骤：

　　1：创建token

[root@k8s-master ~]# kubectl create sa dashboard-admin -n kube-system
serviceaccount/dashboard-admin created

　　2：授权token访问权限

[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

　　3：获取token

[root@k8s-master ~]# ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
[root@k8s-master ~]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}')
[root@k8s-master ~]# echo ${DASHBOARD_LOGIN_TOKEN}
eyJhbGciOiJSUzI1NiIsImirtyuioptpZCI6Ik45QXZnWVB4a011Q25I8V1dKOEdFWHM2blJJaU5sQTNRR2wyanN6WExQSzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZ2cydm4iLCJpordWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTlmZDUwNzItNTlhNi00NTcwLThkMTMtOTg0OTBhOTA4MDM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50O9iuhbmt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.42l75va-u1HYxOOey8obrxID8YdXwx3jwqrycFZUHZ8gmj0uYSHPmXHm3mt1iM15S_nZmMjaZZPbeUxmhf2D_khsG29t6_RaEad19YnWU4V5ibc9qHOCz2RtFEfh_S3rhcePJ5grP30NPZ1c6-4qKyAvgwLuwhSnphebkMLi-q5ELul4dl3t7yzyFjUphq1KZOvJQD-U3njdY8XCPwxQIKO7Ymi6m0Tm2a2dldXbaQPfCCgCdFumCJ7TfEJLFwK8CW3dAuzUQ6jKYneOgt2Jb0EaUGvFoZqcDRd96J_-K7F4rKZtmwEPsltRtz71i7_5_84b8smZnwJZj409hPDJfw
[root@k8s-master ~]# 

　　4：登录

　　用上一步生成的token登录dashboard

 　　登录后的页面如图：

　　三、常用的token命令

　　1、查看token

[root@k8s-master ~]# kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
en5aq7.2fnljgjetdr3ou5w   20h         2021-09-18T02:57:34Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

　　2、创建token

[root@k8s-master ~]# kubeadm token create

　　3、删除token

[root@k8s-master ~]# kubeadm token delete tokenxxxxxxxxxxxxxxxx

　　4、获取node节点加入集群的token

kubeadm token create --print-join-command

　　kuberneters-dashboard安装完成，接下来开始安装node节点及加入k8s集群。

　　~~~未完待续