关于kubernetes:K8S-笔记-部署-k8s-dashboard

1. 配置 /etc/hosts

间接拜访 yaml 下载地址会失败，配置本地 host 解析即可。
如下 4 个本地解析任选其一：
185.199.108.133 raw.githubusercontent.com
185.199.109.133 raw.githubusercontent.com
185.199.110.133 raw.githubusercontent.com
185.199.111.133 raw.githubusercontent.com

2. 下载 yaml

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

3. 批改 yaml

需注意 k8s 和 dashboard 的版本匹配问题，例如： dashboard v2.5.0 实用 kubernetes v1.23，metrics-scraper v1.0.7
兼容性参考：https://github.com/kubernetes...
3.1 命名空间默认为 kubernetes-dashboard，将其批改为 kube-system

[root@k8s-master k8s-install]# sed -i '/namespace/ s/kubernetes-dashboard/kube-system/g' recommended.yaml

3.2 NodePort 形式：为了便于本地拜访，批改 yaml 文件，将 service 改为 NodePort 类型，同时端口设置为 31260（大略位于 40 行和 44 行）

[root@k8s-master k8s-install]# vim recommended.yaml...30 --- 31  32 kind: Service 33 apiVersion: v1 34 metadata: 35   labels: 36     k8s-app: kubernetes-dashboard 37   name: kubernetes-dashboard 38   namespace: kube-system 39 spec: 40   type: NodePort   #减少type: NodePort 41   ports: 42     - port: 443 43       targetPort: 8443 44       nodePort: 31260  #减少nodePort: 31260 45   selector: 46     k8s-app: kubernetes-dashboard 47  48 ---

4. 创立 dashboard pod

[root@k8s-master k8s-install]# kubectl create -f recommended.yamlnamespace/kubernetes-dashboard createdserviceaccount/kubernetes-dashboard createdservice/kubernetes-dashboard createdsecret/kubernetes-dashboard-certs createdsecret/kubernetes-dashboard-csrf createdsecret/kubernetes-dashboard-key-holder createdconfigmap/kubernetes-dashboard-settings createdrole.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrole.rbac.authorization.k8s.io/kubernetes-dashboard createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createddeployment.apps/kubernetes-dashboard createdservice/dashboard-metrics-scraper createddeployment.apps/dashboard-metrics-scraper created

【审慎执行】若 kubernetes-dashboard.yaml 配置文件内容批改，通过执行如下命令，将原配置删除，从新执行 kubectl create 创立容器

kubectl delete -f kubernetes-dashboard.yaml

查看 kubernetes-dashboard 的 Pod 的状态为 running 阐明 dashboard 曾经部署胜利：

[root@k8s-master k8s-install]# kubectl get pod --namespace=kube-system -o wide | grep dashboarddashboard-metrics-scraper-799d786dbf-msmz4   1/1     Running   0          62s     10.244.2.3       k8s-slave1   <none>           <none>kubernetes-dashboard-56d4dc85cb-dhqks        1/1     Running   0          62s     10.244.1.3       k8s-slave2   <none>           <none>

Dashboard 会在 kube-system namespace 中创立本人的 Deployment 和 Service：

[root@k8s-master k8s-install]# kubectl get deployment kubernetes-dashboard --namespace=kube-systemNAME                   READY   UP-TO-DATE   AVAILABLE   AGEkubernetes-dashboard   1/1     1            1           92s[root@k8s-master k8s-install]# kubectl get service kubernetes-dashboard --namespace=kube-systemNAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGEkubernetes-dashboard   NodePort   10.101.107.48   <none>        443:31260/TCP   110s

查看 dashboard 的服务端口
查看 service，TYPE 类型曾经变为 NodePort，端口为 31620

[root@k8s-master k8s-install]# kubectl get service -n kube-system | grep dashboarddashboard-metrics-scraper   ClusterIP   10.103.244.133   <none>        8000/TCP                 3m28skubernetes-dashboard        NodePort    10.101.107.48    <none>        443:31260/TCP            3m29s[root@k8s-master k8s-install]# kubectl get services --all-namespaces | grep dashboardkube-system   dashboard-metrics-scraper   ClusterIP   10.103.244.133   <none>        8000/TCP                 2m53skube-system   kubernetes-dashboard        NodePort    10.101.107.48    <none>        443:31260/TCP            2m54s

查看dashboard运行在那台机器下面

[root@k8s-master k8s-install]# kubectl get pods -n kube-system -o wide | grep dashboarddashboard-metrics-scraper-799d786dbf-msmz4   1/1     Running   0          5m      10.244.2.3       k8s-slave1   <none>           <none>kubernetes-dashboard-56d4dc85cb-dhqks        1/1     Running   0          5m      10.244.1.3       k8s-slave2   <none>           <none>

5. 拜访 dashboard

https://192.168.100.20:31260/

Dashboard 反对 Kubeconfig 和 Token 两种认证形式，这里抉择Token认证形式登录：
浏览器中的 Token 先空着，不要往下点，接下来制作 token 。

创立登录用户。官网参考文档：
https://github.com/kubernetes...

创立 dashboard-adminuser.yaml（创立用户）：

[root@k8s-master k8s-install]# vim dashboard-adminuser.yaml---apiVersion: v1kind: ServiceAccountmetadata:  name: admin-user  namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: admin-userroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: cluster-adminsubjects:- kind: ServiceAccount  name: admin-user  namespace: kube-system[root@k8s-master k8s-install]# kubectl create -f dashboard-adminuser.yamlserviceaccount/admin-user createdclusterrolebinding.rbac.authorization.k8s.io/admin-user created

阐明：
下面创立了一个叫 admin-user 的服务账号，并放在 kube-system 命名空间下，并将 cluster-admin 角色绑定到 admin-user 账户，这样 admin-user 账户就有了管理员的权限。默认状况下，kubeadm 创立集群时曾经创立了 cluster-admin 角色，间接绑定即可。

查看 admin-user 账户的 token

[root@k8s-master k8s-install]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')Name:         admin-user-token-fxdmhNamespace:    kube-systemLabels:       <none>Annotations:  kubernetes.io/service-account.name: admin-user              kubernetes.io/service-account.uid: 7d9e7d8a-e033-4258-a814-68e78eefafaaType:  kubernetes.io/service-account-tokenData====ca.crt:     1099 bytesnamespace:  11 bytestoken:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlRtcmtMa01qeHVrOTV0VmhJLWUyOVZUTDV1aDhJWmx2X1RSZVFRSnFySzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWZ4ZG1oIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3ZDllN2Q4YS1lMDMzLTQyNTgtYTgxNC02OGU3OGVlZmFmYWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.TOoLhT-8MB7eBLs3jtLzsW5EjiJFZJ_8Iv9X4JQe93_qZ6ABhYQSuVlaUeZ9MUfm7Xboahe118_ND52Zby-woBx3x7EoS7bKdwVQqXvH0rPnOedLtKqA6uV90fQUfha6Hc3_4QsMbOXQYr717V7-ChBNO27JRY4Y-kOFa_eqjCiQDecnFEJ37_Z-2vWpIdWjRBX-vmCxtKNKp4LysFYirpKfNnuigHk4oQgpeovXdtTvDw6bD9o5dhUNfeTWL5yfrxZPNggvL6xqS_n_M8reCmEIW0xYU5_hZAHgRUXymuLGM4hsBO1Z8uLk6o5n_dScKxxoU7X46zm6KzM4fnrO4A

把获取到的 Token 复制到登录界面的 Token 输入框中即可登录 dashboard 。

6. 应用Dashboard

Dashboard 界面构造分为三个大的区域：

• 顶部操作区，在这里用户能够搜寻集群中的资源、创立资源或退出。
• 右边导航菜单，通过导航菜单能够查看和治理集群中的各种资源。菜单项依照资源的层级分为两类：Cluster 级别的资源 ，Namespace 级别的资源 ，默认显示的是 default Namespace，能够进行切换
• 两头主体区，在导航菜单中点击了某类资源，两头主体区就会显示该资源所有实例，比方点击 Pods。