乐趣区

关于kubernetes:K8S-笔记-部署-k8s-dashboard

1. 配置 /etc/hosts

间接拜访 yaml 下载地址会失败,配置本地 host 解析即可。
如下 4 个本地解析任选其一:
185.199.108.133 raw.githubusercontent.com
185.199.109.133 raw.githubusercontent.com
185.199.110.133 raw.githubusercontent.com
185.199.111.133 raw.githubusercontent.com

2. 下载 yaml

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

3. 批改 yaml

需注意 k8s 和 dashboard 的版本匹配问题,例如:dashboard v2.5.0 实用 kubernetes v1.23,metrics-scraper v1.0.7
兼容性参考:https://github.com/kubernetes…
3.1 命名空间默认为 kubernetes-dashboard,将其批改为 kube-system

[root@k8s-master k8s-install]# sed -i '/namespace/ s/kubernetes-dashboard/kube-system/g' recommended.yaml

3.2 NodePort 形式:为了便于本地拜访,批改 yaml 文件,将 service 改为 NodePort 类型,同时端口设置为 31260(大略位于 40 行和 44 行)

[root@k8s-master k8s-install]# vim recommended.yaml
...
30 ---
 31 
 32 kind: Service
 33 apiVersion: v1
 34 metadata:
 35   labels:
 36     k8s-app: kubernetes-dashboard
 37   name: kubernetes-dashboard
 38   namespace: kube-system
 39 spec:
 40   type: NodePort   #减少 type: NodePort
 41   ports:
 42     - port: 443
 43       targetPort: 8443
 44       nodePort: 31260  #减少 nodePort: 31260
 45   selector:
 46     k8s-app: kubernetes-dashboard
 47 
 48 ---

4. 创立 dashboard pod

[root@k8s-master k8s-install]# kubectl create -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

【审慎执行】若 kubernetes-dashboard.yaml 配置文件内容批改,通过执行如下命令,将原配置删除,从新执行 kubectl create 创立容器

kubectl delete -f kubernetes-dashboard.yaml

查看 kubernetes-dashboard 的 Pod 的状态为 running 阐明 dashboard 曾经部署胜利:

[root@k8s-master k8s-install]# kubectl get pod --namespace=kube-system -o wide | grep dashboard
dashboard-metrics-scraper-799d786dbf-msmz4   1/1     Running   0          62s     10.244.2.3       k8s-slave1   <none>           <none>
kubernetes-dashboard-56d4dc85cb-dhqks        1/1     Running   0          62s     10.244.1.3       k8s-slave2   <none>           <none>

Dashboard 会在 kube-system namespace 中创立本人的 Deployment 和 Service:

[root@k8s-master k8s-install]# kubectl get deployment kubernetes-dashboard --namespace=kube-system
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1/1     1            1           92s

[root@k8s-master k8s-install]# kubectl get service kubernetes-dashboard --namespace=kube-system
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.101.107.48   <none>        443:31260/TCP   110s

查看 dashboard 的服务端口
查看 service,TYPE 类型曾经变为 NodePort,端口为 31620

[root@k8s-master k8s-install]# kubectl get service -n kube-system | grep dashboard
dashboard-metrics-scraper   ClusterIP   10.103.244.133   <none>        8000/TCP                 3m28s
kubernetes-dashboard        NodePort    10.101.107.48    <none>        443:31260/TCP            3m29s

[root@k8s-master k8s-install]# kubectl get services --all-namespaces | grep dashboard
kube-system   dashboard-metrics-scraper   ClusterIP   10.103.244.133   <none>        8000/TCP                 2m53s
kube-system   kubernetes-dashboard        NodePort    10.101.107.48    <none>        443:31260/TCP            2m54s

查看 dashboard 运行在那台机器下面

[root@k8s-master k8s-install]# kubectl get pods -n kube-system -o wide | grep dashboard
dashboard-metrics-scraper-799d786dbf-msmz4   1/1     Running   0          5m      10.244.2.3       k8s-slave1   <none>           <none>
kubernetes-dashboard-56d4dc85cb-dhqks        1/1     Running   0          5m      10.244.1.3       k8s-slave2   <none>           <none>

5. 拜访 dashboard

https://192.168.100.20:31260/

Dashboard 反对 Kubeconfig 和 Token 两种认证形式,这里抉择 Token 认证形式登录:
浏览器中的 Token 先空着,不要往下点,接下来制作 token。

创立登录用户。官网参考文档:
https://github.com/kubernetes…

创立 dashboard-adminuser.yaml(创立用户):

[root@k8s-master k8s-install]# vim dashboard-adminuser.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

[root@k8s-master k8s-install]# kubectl create -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

阐明:
下面创立了一个叫 admin-user 的服务账号,并放在 kube-system 命名空间下,并将 cluster-admin 角色绑定到 admin-user 账户,这样 admin-user 账户就有了管理员的权限。默认状况下,kubeadm 创立集群时曾经创立了 cluster-admin 角色,间接绑定即可。

查看 admin-user 账户的 token

[root@k8s-master k8s-install]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-fxdmh
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 7d9e7d8a-e033-4258-a814-68e78eefafaa

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlRtcmtMa01qeHVrOTV0VmhJLWUyOVZUTDV1aDhJWmx2X1RSZVFRSnFySzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWZ4ZG1oIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3ZDllN2Q4YS1lMDMzLTQyNTgtYTgxNC02OGU3OGVlZmFmYWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.TOoLhT-8MB7eBLs3jtLzsW5EjiJFZJ_8Iv9X4JQe93_qZ6ABhYQSuVlaUeZ9MUfm7Xboahe118_ND52Zby-woBx3x7EoS7bKdwVQqXvH0rPnOedLtKqA6uV90fQUfha6Hc3_4QsMbOXQYr717V7-ChBNO27JRY4Y-kOFa_eqjCiQDecnFEJ37_Z-2vWpIdWjRBX-vmCxtKNKp4LysFYirpKfNnuigHk4oQgpeovXdtTvDw6bD9o5dhUNfeTWL5yfrxZPNggvL6xqS_n_M8reCmEIW0xYU5_hZAHgRUXymuLGM4hsBO1Z8uLk6o5n_dScKxxoU7X46zm6KzM4fnrO4A

把获取到的 Token 复制到登录界面的 Token 输入框中即可登录 dashboard。

6. 应用 Dashboard

Dashboard 界面构造分为三个大的区域:

  • 顶部操作区,在这里用户能够搜寻集群中的资源、创立资源或退出。
  • 右边导航菜单,通过导航菜单能够查看和治理集群中的各种资源。菜单项依照资源的层级分为两类:Cluster 级别的资源,Namespace 级别的资源,默认显示的是 default Namespace,能够进行切换
  • 两头主体区,在导航菜单中点击了某类资源,两头主体区就会显示该资源所有实例,比方点击 Pods。
退出移动版