K8S-Demo集群实践15:部署Kubernetes Dashboard
一、下载并修改部署文件 dashboard.yaml
[root@master1 ~]# mkdir -p /opt/install/dashboard
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
[root@master1 dashboard]# cp recommended.yaml dashboard-recommended.yaml
[root@master1 dashboard]# mv recommended.yaml dashboard.yaml
[root@master1 dashboard]# vi dashboard.yaml
[root@master1 dashboard]# diff dashboard.yaml dashboard-recommended.yaml
40d39
< type: NodePort
44d42
< nodePort: 30443
- 国内容器镜像地址https://codechina.csdn.net/mirrors/kubernetes/dashboard?utm_source=csdn_github_accelerator
- yaml文件地址https://codechina.csdn.net/mirrors/kubernetes/dashboard/-/raw/master/aio/deploy/recommended.yaml
二、部署 Dashboard
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# kubectl apply -f dashboard.yaml
三、查看 Dashboard 运行状态
[root@master1 ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-766d4dcb65-cb4pc 1/1 Running 0 59m
pod/kubernetes-dashboard-858c74b8b4-j6xwt 1/1 Running 0 59m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.8.81.54 <none> 8000/TCP 59m
service/kubernetes-dashboard ClusterIP 10.8.234.157 <none> 443/TCP 59m
[root@master1 ~]# kubectl -n kubernetes-dashboard get sa
NAME SECRETS AGE
default 1 43h
kubernetes-dashboard 1 43h
[root@master1 ~]# kubectl -n kubernetes-dashboard get secrets
NAME TYPE DATA AGE
default-token-4sm7m kubernetes.io/service-account-token 3 43h
kubernetes-dashboard-certs Opaque 0 43h
kubernetes-dashboard-csrf Opaque 1 43h
kubernetes-dashboard-key-holder Opaque 2 43h
kubernetes-dashboard-token-dtgqg kubernetes.io/service-account-token 3 43h
四、创建登录Dashboard的token和kubeconfig配置文件
- 登录Dashboard 有两种方式,token 和 kubeconfig文件,参见后面的登录页面
- 创建登录Token
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# kubectl create sa dashboard-admin -n kube-system
[root@master1 dashboard]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[root@master1 dashboard]# ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
[root@master1 dashboard]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}')
[root@master1 dashboard]# echo ${DASHBOARD_LOGIN_TOKEN}
eyJhbGciOiJSUzI1NiIsImtpZCI6IlY4ZHpxdXhfVFIzNW1YOU5CZkRTTDgzc0EwMlhJVjd3ZnhzR3dRaWtMTWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOWRuaDkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMmJhZmJlYzMtNmYxYS00MjQxLThmZGItNzNmODJjMDhmNTEwIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.zwa8yCZ2ey5oADM8rjNqJV3-Is82odjHSir93pIh9FDes9q6J4LVY7W4r6hYiWXwv6S79Qs_iNSPhR2kWmK-eGlRnFLCggSHHH6BA_FPOFeuaDwOBkZKUPXZ85I78H3tOc6XdxvTwzSg9t4hhktKs6pJpDBC2Tr3yqKNa5TAZd_9DefjyG1OpjrVvtpFEo18uyNUdBIx9TbjyMAPGBUmGL1SP4729muO1PZGjCEKk6Wz3mMHkeVHC9F16wmMKl3SOAweu6l6DZs4eherWN8Vke69ll2d6ekkp2JFUNOdtvSGA_KYf_PHzNvG_GVYzuBFYUxVEzU5EV11WBvZwVzmaw
- 创建使用 token的 KubeConfig 文件
[root@master1 ~]# cd/opt/install/dashboard
[root@master1 dashboard]# kubectl config set-cluster k8s-demo \
--certificate-authority=/etc/kubernetes/cert/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=dashboard.kubeconfig
# 设置客户端认证参数,使用上面创建的 Token
[root@master1 dashboard]# kubectl config set-credentials dashboard_user_admin \
--token=${DASHBOARD_LOGIN_TOKEN} \
--kubeconfig=dashboard.kubeconfig
# 设置上下文参数
[root@master1 dashboard]# kubectl config set-context default \
--cluster=k8s-demo \
--user=dashboard_user_admin \
--kubeconfig=dashboard.kubeconfig
[root@master1 dashboard]# kubectl config use-context default --kubeconfig=dashboard.kubeconfig
- 从服务器下载 dashboard.kubeconfig 到本地
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# sz dashboard.kubeconfig
五、访问并测试Dashboard
- 从v1.7开始,dashboard只允许通过https访问,如果使用kube proxy则必须监听localhost或127.0.0.1,不满足这些条件的登录访问,在登录成功后浏览器不跳转,始终停在登录界面
- 对于NodePort没有这个限制,但是仅建议在开发环境中使用,需要通过Pod所在的Node的IP地址访问。
- 如果开始没有修改yaml文件,可以通过命令行修改
[root@master1 ~]# kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard \
-p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
[root@master1 ~]# ss -lp | grep 30443
tcp LISTEN 0 128 *:30443 *:* users:(("kube-proxy",pid=1055,fd=8))
- 也可以通过 port forward访问dashboard
[root@master1 ~]# kubectl port-forward -n kubernetes-dashboard svc/kubernetes-dashboard 4443:443 --address 0.0.0.0
- 访问地址 https://192.168.66.10:30443,这里IP地址可以换成任何节点的IP
- 粘贴Token或者选择kubeconfig文件登录,登录后,可以看到如下界面
- 往下滚动页面,可以看到每个Pod的CPU、内存利用信息
附专栏链接
K8S-Demo集群实践00:搭建镜像仓库Harbor+安全扫描
K8S-Demo集群实践01:准备VMware虚拟机模板
K8S-Demo集群实践02:准备VMware虚拟机3台Master+3台Node
K8S-Demo集群实践03:准备集群各组件间HTTPS通讯需要的x509证书
K8S-Demo集群实践04:部署etcd三节点高可用集群
K8S-Demo集群实践05:安装kubectl并配置集群管理员账户
K8S-Demo集群实践06:部署kube-apiserver到master节点(3个无状态实例)
K8S-Demo集群实践07:kube-apiserver高可用方案
K8S-Demo集群实践08:部署高可用kube-controller-manager集群
K8S-Demo集群实践09:部署高可用kube-scheduler集群
K8S-Demo集群实践10:部署ipvs模式的kube-proxy组件
K8S-Demo集群实践11:部署ipvs模式的kube-kubelet组件
K8S-Demo集群实践12:部署Calico网络
K8S-Demo集群实践13:部署集群CoreDNS
K8S-Demo集群实践14:部署集群监控服务Metrics Server
K8S-Demo集群实践15:部署Kubernetes Dashboard
K8S-Demo集群实践16:部署Kube-Prometheus
K8S-Demo集群实践17:部署私有云盘owncloud(10.6版本)
K8S-Demo集群实践18:构建宇宙中第一个基础容器镜像
- 先用起来,通过操作实践认识k8s,积累多了自然就理解了
- 把理解的知识分享出来,自造福田,自得福缘
- 追求简单,容易使人理解,知识的上下文也是知识的一部分,例如版本,时间等
- 欢迎留言交流,也可以提出问题,一般在周末回复和完善文档
- Jason@vip.qq.com 2021-1-28