一、简介
Dashboard 是基于网页的 Kubernetes 用户界面。可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群本身及其附属资源。您可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源(如 Deployment,Job,DaemonSet 等等)。例如,可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
二、生成Dashboard
1、浏览器打开,复制dashboard清单
https://github.com/kubernetes/dashboard/blob/v2.1.0/aio/deploy/recommended.yaml
生成dashboard
[root@k8s-master-001 ~]# mkdir delopyment
[root@k8s-master-001 ~]# vi delopyment/kube-dashboard.yaml
文件如下:
kube-dashboard.yaml
三、查看镜像
[root@k8s-master-001 ~]# cat delopyment/kube-dashboard.yaml |grep image
image: kubernetesui/dashboard:v2.1.0
imagePullPolicy: Always
image: kubernetesui/metrics-scraper:v1.0.6
四、部署Dashboard
4.1、部署dashboard
[root@k8s-master-001 ~]# kubectl apply -f delopyment/kube-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
4.2、查看pod
[root@k8s-master-001 ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-79c5968bdc-q62h5 1/1 Running 0 106s
kubernetes-dashboard-7448ffc97b-7f7gg 1/1 Running 0 107s
五、修改对外服务端口
5.1、修改对外服务端口
[root@k8s-master-01 ~]# kubectl edit svc -n kubernetes-dashboard
将 type: ClusterIP 改为 type: NodePort
5.2、查看端口映射
[root@k8s-master-001 ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.106.254.133 <none> 8000/TCP 7m29s
kubernetes-dashboard NodePort 10.98.245.78 <none> 443:31424/TCP 7m29s
六、访问测试
访问:https://集群任意IP:端口 https://192.168.10.146:32500(记住替换为自己的IP地址)
七、获取Token
7.1、编写Token文件
[root@k8s-master-001 ~]# vi delopyment/token.yaml
token.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
7.2、部署Token
[root@k8s-master-001 ~]# kubectl apply -f delopyment/token.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
7.3、获取Token
[root@k8s-master-001 ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-fw57d
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: cdc1c4d5-0850-452b-9113-d6379c39c540
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InUtcnJJbUVBa201WEYwUmgwcmQwbzFQNG1KSzFTT2NtWHpXTC1ja2xRUmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWZ3NTdkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZGMxYzRkNS0wODUwLTQ1MmItOTExMy1kNjM3OWMzOWM1NDAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Sdsw9fg5DCkKEHexKbIwwPr4tm_RPvy18LuAIx2DMxNzviow_7ZAJAj91beaM3a-3WmDzS1Nz4hX2ne3tP_I9JMFttmDyUdjzY0uLBESO-c8JTeC6ZFX7erHL7e97s5M8nyBo4UoUcwPTnqZNr5-Eod41NmjHfs3xgteqK25lpIYhVYmVvQCSaXgnByQ2FXhj5rIjVbzetTxLHM5ZGflHpTL_c070D34feZ_0nYe66y-X4x6pU6C22dn5o551_wqA5iBbL2vRy7yswLbQeODQtt7NGTUnO7MGSbNn5e31kfp4fp9ldYKT3R8QwtgpGalX3Sm8MDaCGDro44wJnr_Hw
7.4、正常访问
输入Token,正常访问
八、Kubeconfig的方式方式登录
基于token的基础之上,进行以下操作:
8.1、查看刚才创建的Token
[root@k8s-master-001 ~]# kubectl -n kube-system get secret | grep admin-user
admin-user-token-lv7qr kubernetes.io/service-account-token 3 9m31s
8.2、查看Token的详细信息,会获取token
[root@k8s-master-001 ~]# kubectl describe secrets -n kube-system admin-user-token-lv7qr
Name: admin-user-token-lv7qr
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: e3c0c1f0-65a0-4588-bba2-58845639883c
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InUtckNQdnlZV3o1a3F6X3k1aUFsdjJydXBEZU1mbTRObUlmalV2dk0wOE0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWx2N3FyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlM2MwYzFmMC02NWEwLTQ1ODgtYmJhMi01ODg0NTYzOTg4M2MiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.jXhfXkADAXV6WWbDTAlEtnBhIlBVzzErCQMsdvufA67lptNlV_1GW6nIpm-hU5V9plRpascvpv7vi2f00jIGnhGbi3WNZQWB7ELVYUamcHxoZRbFc4BO8DTk2XtsxWfGnff5siqlsWYaUiBvsXkccsx7u93VrFpPgcYUfnRal1vp7Urir461KjincGsxD_aIsNbQZcYUz4ARuJ4EJpO5ZeMuQEfW4HhfoTO23Eku809RQnjosJ7bdGYS8TFotfrCQyqKxi2y3DI2jWA_2nrEXLTK1UPhRJJe5qJD-xXdTctz73ZZGQ1FobfA3p6nnmJZbvgLISHNuXiS044B9Nkj2A
8.3、将Token的信息生成一个变量
[root@k8s-master-001 ~]# DASH_TOKEN=$(kubectl get secrets -n kube-system admin-user-token-lv7qr -o jsonpath={.data.token} | base64 -d)
8.4、将k8s集群的配置信息写入到一个文件中,文件可自定义
[root@k8s-master-001 ~]# kubectl config set-cluster kubernets --server=192.168.13.113:6443 --kubeconfig=/root/.dashboard-admin.conf
Cluster "kubernets" set.
8.5、将Token的信息也写入到文件中(同一个文件)
[root@k8s-master-001 ~]# kubectl config set-credentials dashboard-admin --token=${DASH_TOKEN} --kubeconfig=/root/.dashboard-admin.conf
User "dashboard-admin" set.
8.6、将用户信息也写入文件中(同一个文件)
[root@k8s-master-001 ~]# kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/.dashboard-admin.conf
Context "dashboard-admin@kubernetes" created.
8.7、将上下文的配置信息也写入文件中(同一个文件)
[root@k8s-master-001 ~]# kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/.dashboard-admin.conf
Switched to context "dashboard-admin@kubernetes".
8.8、最后将配置信息导入到客户端本地
[root@k8s-master-001 ~]# sz /root/.dashboard-admin.conf
8.9、访问测试
参考:
https://blog.csdn.net/mushuangpanny/article/details/126944780
https://blog.csdn.net/qq_32202885/article/details/126231040
评论