1. 配置 /etc/hosts
间接拜访 yaml 下载地址会失败,配置本地 host 解析即可。
如下 4 个本地解析任选其一:
185.199.108.133 raw.githubusercontent.com
185.199.109.133 raw.githubusercontent.com
185.199.110.133 raw.githubusercontent.com
185.199.111.133 raw.githubusercontent.com
2. 下载 yaml
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
3. 批改 yaml
需注意 k8s 和 dashboard 的版本匹配问题,例如:dashboard v2.5.0 实用 kubernetes v1.23,metrics-scraper v1.0.7
兼容性参考:https://github.com/kubernetes…
3.1 命名空间默认为 kubernetes-dashboard,将其批改为 kube-system
[root@k8s-master k8s-install]# sed -i '/namespace/ s/kubernetes-dashboard/kube-system/g' recommended.yaml
3.2 NodePort 形式:为了便于本地拜访,批改 yaml 文件,将 service 改为 NodePort 类型,同时端口设置为 31260(大略位于 40 行和 44 行)
[root@k8s-master k8s-install]# vim recommended.yaml
...
30 ---
31
32 kind: Service
33 apiVersion: v1
34 metadata:
35 labels:
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38 namespace: kube-system
39 spec:
40 type: NodePort #减少 type: NodePort
41 ports:
42 - port: 443
43 targetPort: 8443
44 nodePort: 31260 #减少 nodePort: 31260
45 selector:
46 k8s-app: kubernetes-dashboard
47
48 ---
4. 创立 dashboard pod
[root@k8s-master k8s-install]# kubectl create -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
【审慎执行】
若 kubernetes-dashboard.yaml 配置文件内容批改,通过执行如下命令,将原配置删除,从新执行 kubectl create 创立容器
kubectl delete -f kubernetes-dashboard.yaml
查看 kubernetes-dashboard 的 Pod 的状态为 running 阐明 dashboard 曾经部署胜利:
[root@k8s-master k8s-install]# kubectl get pod --namespace=kube-system -o wide | grep dashboard
dashboard-metrics-scraper-799d786dbf-msmz4 1/1 Running 0 62s 10.244.2.3 k8s-slave1 <none> <none>
kubernetes-dashboard-56d4dc85cb-dhqks 1/1 Running 0 62s 10.244.1.3 k8s-slave2 <none> <none>
Dashboard 会在 kube-system namespace 中创立本人的 Deployment 和 Service:
[root@k8s-master k8s-install]# kubectl get deployment kubernetes-dashboard --namespace=kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1/1 1 1 92s
[root@k8s-master k8s-install]# kubectl get service kubernetes-dashboard --namespace=kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.101.107.48 <none> 443:31260/TCP 110s
查看 dashboard 的服务端口
查看 service,TYPE 类型曾经变为 NodePort,端口为 31620
[root@k8s-master k8s-install]# kubectl get service -n kube-system | grep dashboard
dashboard-metrics-scraper ClusterIP 10.103.244.133 <none> 8000/TCP 3m28s
kubernetes-dashboard NodePort 10.101.107.48 <none> 443:31260/TCP 3m29s
[root@k8s-master k8s-install]# kubectl get services --all-namespaces | grep dashboard
kube-system dashboard-metrics-scraper ClusterIP 10.103.244.133 <none> 8000/TCP 2m53s
kube-system kubernetes-dashboard NodePort 10.101.107.48 <none> 443:31260/TCP 2m54s
查看 dashboard 运行在那台机器下面
[root@k8s-master k8s-install]# kubectl get pods -n kube-system -o wide | grep dashboard
dashboard-metrics-scraper-799d786dbf-msmz4 1/1 Running 0 5m 10.244.2.3 k8s-slave1 <none> <none>
kubernetes-dashboard-56d4dc85cb-dhqks 1/1 Running 0 5m 10.244.1.3 k8s-slave2 <none> <none>
5. 拜访 dashboard
https://192.168.100.20:31260/
Dashboard 反对 Kubeconfig 和 Token 两种认证形式,这里抉择 Token 认证形式登录:
浏览器中的 Token 先空着,不要往下点,接下来制作 token。
创立登录用户。官网参考文档:
https://github.com/kubernetes…
创立 dashboard-adminuser.yaml(创立用户):
[root@k8s-master k8s-install]# vim dashboard-adminuser.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
[root@k8s-master k8s-install]# kubectl create -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
阐明:
下面创立了一个叫 admin-user 的服务账号,并放在 kube-system 命名空间下,并将 cluster-admin 角色绑定到 admin-user 账户,这样 admin-user 账户就有了管理员的权限。默认状况下,kubeadm 创立集群时曾经创立了 cluster-admin 角色,间接绑定即可。
查看 admin-user 账户的 token
[root@k8s-master k8s-install]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-fxdmh
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 7d9e7d8a-e033-4258-a814-68e78eefafaa
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlRtcmtMa01qeHVrOTV0VmhJLWUyOVZUTDV1aDhJWmx2X1RSZVFRSnFySzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWZ4ZG1oIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3ZDllN2Q4YS1lMDMzLTQyNTgtYTgxNC02OGU3OGVlZmFmYWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.TOoLhT-8MB7eBLs3jtLzsW5EjiJFZJ_8Iv9X4JQe93_qZ6ABhYQSuVlaUeZ9MUfm7Xboahe118_ND52Zby-woBx3x7EoS7bKdwVQqXvH0rPnOedLtKqA6uV90fQUfha6Hc3_4QsMbOXQYr717V7-ChBNO27JRY4Y-kOFa_eqjCiQDecnFEJ37_Z-2vWpIdWjRBX-vmCxtKNKp4LysFYirpKfNnuigHk4oQgpeovXdtTvDw6bD9o5dhUNfeTWL5yfrxZPNggvL6xqS_n_M8reCmEIW0xYU5_hZAHgRUXymuLGM4hsBO1Z8uLk6o5n_dScKxxoU7X46zm6KzM4fnrO4A
把获取到的 Token 复制到登录界面的 Token 输入框中即可登录 dashboard。
6. 应用 Dashboard
Dashboard 界面构造分为三个大的区域:
- 顶部操作区,在这里用户能够搜寻集群中的资源、创立资源或退出。
- 右边导航菜单,通过导航菜单能够查看和治理集群中的各种资源。菜单项依照资源的层级分为两类:Cluster 级别的资源,Namespace 级别的资源,默认显示的是 default Namespace,能够进行切换
- 两头主体区,在导航菜单中点击了某类资源,两头主体区就会显示该资源所有实例,比方点击 Pods。