如何在 Ubuntu 上使用 Kubernetes Dashboard

Prerequisites: Ensure Kubernetes Cluster is Installed
Before using Kubernetes Dashboard, you need a running Kubernetes cluster on Ubuntu. If you haven’t set one up, use kubeadm to initialize a cluster (replace 10.244.0.0/16 with your desired pod network CIDR):

sudo kubeadm init --pod-network-cidr=10.244.0.0/16

Follow the output to configure kubectl (copy /etc/kubernetes/admin.conf to ~/.kube/config) and install a network plugin (e.g., Flannel):

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Verify nodes are ready:

kubectl get nodes

Ensure the cluster status is Ready before proceeding.

Step 1: Deploy Kubernetes Dashboard
Use the official YAML manifest to deploy the Dashboard. For newer versions (≥2.7.0), run:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

This creates resources in the kubernetes-dashboard namespace (check with kubectl get pods -n kubernetes-dashboard). Wait for all pods to be Running (may take a few minutes).

Step 2: Configure Access Permissions
To access the Dashboard, create a ServiceAccount with cluster-admin privileges:

# Create a ServiceAccount
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard

# Bind it to the cluster-admin role
kubectl create clusterrolebinding dashboard-admin \
  --clusterrole=cluster-admin \
  --serviceaccount=kubernetes-dashboard:dashboard-admin

This grants the account full control over the cluster.

Step 3: Obtain Access Token
Generate a token for authenticating with the Dashboard. For long-term use (e.g., 1 year), run:

kubectl create token dashboard-admin -n kubernetes-dashboard --duration=87600h > dashboard-token.txt

View the token:

cat dashboard-token.txt

Copy the token—you’ll need it to log in.

Step 4: Access the Dashboard
Start the Kubernetes proxy to securely expose the Dashboard locally:

kubectl proxy

Open your browser and navigate to:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Click Token on the login page and paste the token from Step 3. You’ll gain access to the Dashboard.

Optional: Configure External/Long-Term Access

• NodePort Service: Expose the Dashboard on a node port (e.g., 30443) for external access:

  cat <<EOF | kubectl apply -f -
  apiVersion: v1
  kind: Service
  metadata:
    name: kubernetes-dashboard-nodeport
    namespace: kubernetes-dashboard
  spec:
    type: NodePort
    ports:
      - port: 443
        targetPort: 8443
        nodePort: 30443
    selector:
      k8s-app: kubernetes-dashboard
  EOF
  

  Access via https://<your-ubuntu-ip>:30443 (replace <your-ubuntu-ip> with your server’s public IP).

• Ingress Controller: For HTTPS access, deploy an Ingress resource (requires an Ingress controller like Nginx). This provides a domain-based URL and automatic TLS termination.

Basic Usage of Kubernetes Dashboard
Once logged in, you can:

• View cluster resources (Pods, Deployments, Services, Nodes).
• Create/edit resources (e.g., deploy a sample app via YAML).
• Monitor resource usage (CPU/memory) and logs.
• Scale workloads (adjust replica counts).
• Delete problematic resources.

The interface is intuitive—use the left sidebar to navigate between resource types.