Skip to main content

安装部署 Kubernetes Dashboard

以下是安装部署 Kubernetes Dashboard 的详细步骤:

1. 部署 Kubernetes Dashboard

# 部署最新版 Dashboard (兼容 Kubernetes v1.22+)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

2. 创建管理员服务账户

创建文件 dashboard-adminuser.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

应用配置:

kubectl apply -f dashboard-adminuser.yaml

3. 获取访问令牌

kubectl -n kubernetes-dashboard create token admin-user

复制输出的令牌(Token),用于登录。

4. 访问 Dashboard

方式一:端口转发(临时测试)

kubectl proxy

访问地址:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

方式二:NodePort 暴露服务(生产慎用)

修改服务类型:

kubectl -n kubernetes-dashboard patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'

获取端口:

kubectl -n kubernetes-dashboard get svc

访问地址:
https://<节点IP>:<NodePort>

5. 登录 Dashboard

  1. 选择 Token 登录方式
  2. 粘贴步骤3获取的令牌
  3. 点击登录

6. 安全建议(生产环境必做)

启用 HTTPS Ingress

示例 Ingress 配置:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - dashboard.example.com
    secretName: dashboard-tls
  rules:
  - host: dashboard.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

限制访问IP

kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard

添加 spec.loadBalancerSourceRanges 字段指定允许的IP。

7. 卸载 Dashboard

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl delete -f dashboard-adminuser.yaml

常见问题解决

问题1:Token 无效

检查令牌是否过期(默认有效期2小时),重新生成:

kubectl -n kubernetes-dashboard create token admin-user --duration=24h  # 延长有效期

问题2:无法访问

检查防火墙规则:

sudo ufw allow 6443/tcp  # 如果使用NodePort,替换为实际端口

问题3:证书错误

浏览器添加例外,或使用自签名证书:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout dashboard.key -out dashboard.crt -subj "/CN=dashboard.example.com"
kubectl -n kubernetes-dashboard create secret tls dashboard-tls --key=dashboard.key --cert=dashboard.crt

总结

操作 命令
启动 Minikube minikube start --driver=<driver>
自动部署 Dashboard minikube dashboard(推荐)
手动部署 Dashboard kubectl apply -f ... + kubectl proxy
获取 Token kubectl -n kubernetes-dashboard create token admin-user
删除 Dashboard(插件) minikube addons disable dashboard
删除 Dashboard(手动) kubectl delete -f ... + 清理 ServiceAccount/ClusterRoleBinding

现在你可以轻松在 Minikube 上部署和管理 Kubernetes Dashboard 了! 🚀

Back to top