1.查看dashborad被分配到哪一台服务器上

[root@gtj-test01 ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                           READY   STATUS    RESTARTS   AGE     IP             NODE                   NOMINATED NODE   READINESS GATES
default       nginx-65f88748fd-nxqdl                         1/1     Running   0          3h26m   10.244.1.2     gtj-test02.novalocal   <none>           <none>
kube-system   coredns-8686dcc4fd-k2hdq                       1/1     Running   0          3h51m   10.244.0.2     gtj-test01.novalocal   <none>           <none>
kube-system   coredns-8686dcc4fd-v65qk                       1/1     Running   0          3h51m   10.244.0.3     gtj-test01.novalocal   <none>           <none>
kube-system   etcd-gtj-test01.novalocal                      1/1     Running   1          3h50m   172.40.30.15   gtj-test01.novalocal   <none>           <none>
kube-system   kube-apiserver-gtj-test01.novalocal            1/1     Running   1          3h50m   172.40.30.15   gtj-test01.novalocal   <none>           <none>
kube-system   kube-controller-manager-gtj-test01.novalocal   1/1     Running   1          3h50m   172.40.30.15   gtj-test01.novalocal   <none>           <none>
kube-system   kube-flannel-ds-amd64-bzljv                    1/1     Running   0          3h32m   172.40.30.13   gtj-test02.novalocal   <none>           <none>
kube-system   kube-flannel-ds-amd64-jjvwm                    1/1     Running   3          3h27m   172.40.30.31   gtj-test03.novalocal   <none>           <none>
kube-system   kube-flannel-ds-amd64-wx9xg                    1/1     Running   0          3h46m   172.40.30.15   gtj-test01.novalocal   <none>           <none>
kube-system   kube-proxy-8cmqf                               1/1     Running   0          3h32m   172.40.30.13   gtj-test02.novalocal   <none>           <none>
kube-system   kube-proxy-dbhhx                               1/1     Running   1          3h51m   172.40.30.15   gtj-test01.novalocal   <none>           <none>
kube-system   kube-proxy-q972p                               1/1     Running   3          3h27m   172.40.30.31   gtj-test03.novalocal   <none>           <none>
kube-system   kube-scheduler-gtj-test01.novalocal            1/1     Running   1          3h50m   172.40.30.15   gtj-test01.novalocal   <none>           <none>
kube-system   kubernetes-dashboard-76f6bf8c57-clc4r          1/1     Running   3          3h19m   10.244.2.5     gtj-test03.novalocal   <none>           <none>

通过查看在gtj-test03.novalocal上

2.查看dashboard的集群内部IP

[root@gtj-test01 ~]# kubectl get services --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes             ClusterIP   10.1.0.1      <none>        443/TCP                  3h54m
default       nginx                  NodePort    10.1.30.230   <none>        80:30701/TCP             3h28m
kube-system   kube-dns               ClusterIP   10.1.0.10     <none>        53/UDP,53/TCP,9153/TCP   3h54m
kube-system   kubernetes-dashboard   NodePort    10.1.36.133   <none>        443:30001/TCP            3h21m

发现他的集群IP为10.1.36.133，因为flannel网络已经打通，然后在其他节点上telnet 这个ip 加对应端口，发现不通，，使用iptables -nL命令查看，Forward的策略是drop，然后通过命令iptables -P FORWARD ACCEPT没有效果。
然后通过查看资料发现，因为centos7等比较新的系统已经摒弃通过/etc/rc.local方式来执行开机脚本的方式。

3.更改docker的启动服务脚本

 vim /usr/lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT ##加入这句
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

然后重启docker。
问题解决。可以通过浏览器访问

[root@gtj-test01 ~]# telnet 172.40.30.31 30001
Trying 172.40.30.31...
Connected to 172.40.30.31.
Escape character is '^]'.