dashboard 安装（基本认证，用户名、密码登录）

注意：支持版本 k8s v1.19.0之前（不包含19）

下载路径

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

官方文档

https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

一、书写密码文件

[root@master yml]# cat /etc/kubernetes/pki/basic_auth_file 
admin,admin,1

二、修改api的yml

[root@master yml]# cat /etc/kubernetes/manifests/kube-apiserver.yaml 
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.33.79:6443
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --advertise-address=192.168.33.79
    - --allow-privileged=true
    - --authorization-mode=Node,RBAC
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
    - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
    - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
    - --etcd-servers=https://127.0.0.1:2379
    - --insecure-port=0
    - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
    - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
    - --requestheader-allowed-names=front-proxy-client
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --requestheader-extra-headers-prefix=X-Remote-Extra-
    - --requestheader-group-headers=X-Remote-Group
    - --requestheader-username-headers=X-Remote-User
    - --secure-port=6443
    - --service-account-key-file=/etc/kubernetes/pki/sa.pub
    - --service-cluster-ip-range=10.96.0.0/12
    - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
    - --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
    - --basic-auth-file=/etc/kubernetes/pki/basic_auth_file #新添加内容

三、查看集群是否重启

[root@master yml]# kubectl get pod -n kube-system
NAME                             READY   STATUS    RESTARTS   AGE
coredns-7ff77c879f-bgntv         1/1     Running   1          2d
coredns-7ff77c879f-qkx52         1/1     Running   1          2d
etcd-master                      1/1     Running   1          2d
kube-apiserver-master            1/1     Running   0          32h
kube-controller-manager-master   1/1     Running   1          32h
kube-flannel-ds-h7h2m            1/1     Running   1          2d
kube-flannel-ds-njz9k            1/1     Running   1          2d
kube-proxy-2q2c4                 1/1     Running   2          2d
kube-proxy-fz276                 1/1     Running   1          2d
kube-scheduler-master            1/1     Running   0          32h

四、绑定集群角色

kubectl create clusterrolebinding login-on-dashboard-with-cluster-admin --clusterrole=cluster-admin --user=admin

五、查看集群绑定信息

[root@master yml]# kubectl get clusterrolebinding login-on-dashboard-with-cluster-admin
NAME                                    ROLE                        AGE
login-on-dashboard-with-cluster-admin   ClusterRole/cluster-admin   31h

六、修改recommended.yaml文件

 args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            - --token-ttl=21600 #新添加
            - --authentication-mode=basic #新添加

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

---

七、启动dashboard

[root@master yml]# kubectl create -f recommended.yaml 

八、登录查看