部署Kubernetes Dashboard

最新推荐文章于 2024-09-29 09:15:21 发布
最新推荐文章于 2024-09-29 09:15:21 发布
阅读量702 收藏 2
点赞数
分类专栏: k8s 文章标签: kubernetes dashboard docker
《署名-非商业性使用-禁止演绎 4.0 国际》许可协议 https://creativecommons.org/licenses/by-nc-nd/4.0/
本文链接:https://blog.csdn.net/omaidb/article/details/121746492
版权

部署Kubernetes Dashboard

下载Dashboard资源清单yaml文件

#  下载Dashboard资源清单
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

# 通过代理加速地址下载
wget https://ghproxy.com/https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

编辑Dashboard资源清单

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      # 暴露的端口30443
      nodePort: 30443
  selector:
    k8s-app: kubernetes-dashboard
# 以NodePort方式暴露端口
  type: NodePort

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # 允许 Dashboard 获取、更新和删除 Dashboard 专有机密.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # 允许仪表板获取和更新“kubernetes-dashboard-settings”配置映射。
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # 允许仪表板获取指标。
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # 允许 Metrics Scraper 从 Metrics 服务器获取指标
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.4.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # 取消以下行的注释以手动指定Kubernetes API server Host
            # 如果未指定,仪表板将尝试自动发现 API 服务器并连接
            # 仅当默认值不起作用时才取消注释。
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # 创建磁盘卷来存储执行日志
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # 如果 Dashboard 不得部署在 master 上,请配置以下容忍度
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.7
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # 如果 Dashboard 不得部署在 master 上,请修改以下容忍度
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

执行资源清单

# 执行Dashboard的资源清单
kubectl apply -f recommended.yaml

设置访问端口

如果没有修改yaml中的NodePort,此时可以通过命令行手动修改

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

# type: ClusterIP 改为 type: NodePort

访问Dashboard的url

访问: https://宿主机IP:端口      https://192.168.73.10:30443

创建访问账号,用户授权

# 创建用户
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard

# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin \
--serviceaccount=kubernetes-dashboard:dashboard-admin

资源清单方式创建用户,用户授权

#创建访问账号,准备一个yaml文件; vi dash.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
#  对象的名称
  name: dashboard-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kube-system

执行资源清单

# 执行资源清单
kubectl apply -f dash.yaml

获取token

# 获取用户token方法1
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/ {print $1}')

# 获取用户token方法2
kubectl -n kube-system get secret $(kubectl -n kube-system get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

将token粘贴到Dashboard中,即可访问

在这里插入图片描述

查看工作负载

在这里插入图片描述

识途老码
关注
专栏目录
有史以来最详细 安装部署Kubernetes Dashboard (补充解决官方出现的一些RBAC CERT等问题)
sinat_28371057的博客
01-02 600
安装部署Kubernetes Dashboard (补充解决官方出现的一些RBAC CERT等问题) 官方文档:https://github.com/kubernetes/dashboard 参考文章:https://kuboard.cn/install/install-k8s-dashboard.html# 前言 Kubernetes DashboardKubernetes 的官方 Web UI。使用 Kubernetes Dashboard,你可以: 向 Kubernetes 集群部
部署kubernetes Dashboard流程及错误
weixin_45898119的博客
08-05 953
部署kubernetes Dashboard流程及错误
用nginx缩短Kubernetes dashboard访问url
weixin_34198453的博客
08-10 358
用nginx缩短Kubernetes dashboard访问url [TOC] 1. 问题 Kubernetes dashboard以API Server方式访问的url很长,对纠结的人不大友好。所以想使用nginx来缩短它。我们现在使用的是自签证书,nginx作反向代理意味着后端也是https方式,而且需要客户端证书和CA证书来验证。否则nginx访问后面时也是报如下错误: { "kind"...
kubernetes(k8s)中部署dashboard可视化面板
小云的博客
10-28 6259
Web 界面 (Dashboard)Dashboard 是基于网页的 Kubernetes 用户界面。你可以使用 Dashboard 将容器应用部署Kubernetes 集群中,也可以...
k8s安装kubernetes dashboard
tearofthemyth的专栏
01-27 1493
文章目录GitHub地址一、安装k8s dashboard二、配置权限1.访问dashboard2.配置权限三、附件1.原版recommended.yaml2.修改后的recommended.yaml GitHub地址 k8s dashboard的GitHub地址可以点这里。 一、安装k8s dashboard 首先我们参考GitHub上的说明进行安装,只需执行下面的一行命令: $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/d
k8s部署dashboard
qq_34041723的博客
11-12 1290
一、部署dashboard的Web-UI界面! 官网地址:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ 1、下载yaml文件配置并执行 wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml #39行左右 新增type: NodePort 和 nodePort:31
Kubernetes Dashboard 设置用户密码登陆
weixin_33720956的博客
05-21 1615
Kubernetes Dashboard 设置用户密码登陆 标签(空格分隔): Kubernetes2019年05月20日 K8s 文档 K8s 1.13源码安装k8s dashboard token访问 仪表板是基于Web的Kubernetes用户界面。您可以使用仪表板将容器化应用程序部署Kubernetes集群,对容器化应用程序进行故障排除,并管理集群本身及其伴随资源。您可以使用仪表板来概...
Kubernetes Dashboard 部署.docx
08-06
### Kubernetes Dashboard 部署详解 #### 一、概述 Kubernetes Dashboard 是一款基于 Web 的图形界面工具,用于管理 Kubernetes 集群。通过 Dashboard,用户可以执行多种操作,包括但不限于部署应用程序、管理资源...
k3s 部署 kubernetes Dashboard
09-21
k3s是一个轻量级的Kubernetes发行版,可以用于部署Kubernetes Dashboard。下面是使用k3s部署Kubernetes Dashboard的步骤: 1. 安装k3s:使用以下命令安装k3s: ``` curl -sfL https://get.k3s.io | sh - ``` 2. ...
解决dashboard面板成功登陆后页面无反应
weixin_33885676的博客
04-04 4491
当搭建完dashboard页面进行登陆的时候页面没有反应,首先去查看http日志文件: [Thu Apr 04 17:39:35.792644 2019] [:error] [pid 17630] Could not process panel theme_preview: Dashboard with slug "developer" is not registered. [Thu Apr 04...
kubernetes部署Dashboard(可通过域名外网访问)
vampiresuper的专栏
12-20 4364
kubernetes 1.22中部署Dashboard,并可以通过域名在外网访问
kubernetes dashboard 授权/权限/角色绑定问题导致页面报错
rockstics的博客
02-16 7247
报错: namespaces is forbidden: User “system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard” cannot list resource “namespaces” in API group “” at the cluster scope system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard events is forbidden:
Grafana通过rest添加dashboard并访问url
乔的博客
04-23 8770
目标 配置 Grafana,允许匿名访问 通过 rest 接口注册 dashbord 获取 dashbord url 进行可视化 mac 安装配置 安装 brew update brew install grafana 配置匿名访问:/usr/local/etc/grafana/grafana.ini [auth] # 要删掉前边的分号 disable_login_form = tr...
K8S组件-----图形化web界面Dashboard搭建安装,让k8s管理更简单
11-21 4518
一:Dashboard简介 Dashboard 是基于网页的 Kubernetes 用户界面。 你可以使用 Dashboard 将容器应用部署Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。 Das
serviceaccounts is forbidden: User “system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
kongkong的专栏
04-22 3700
错误信息 serviceaccounts is forbidden: User “system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard” cannot list resource “serviceaccounts” in API group “” in the namespace “default” 费了老大的功夫才明白是serviceaccount的问题,k8sdashboard出厂的serviceaccount权限太低,需要配置
Kubernetes 部署Dashboard Web界面
qq_37377136的博客
08-01 582
涉及参考文档: Kubernetes Web 界面 (Dashboard) Kubernetes Dashboard 项目页面 一、部署 Dashboard UI 查看github上最新的Dashboard版本为v2.3.1,此次操作部署最新版本吧 1、获取yaml文件 wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml 下载不了那就手动去获取yaml文件即
Kubernetes 安装 dashboard 报错
Bertram的博客
11-15 2420
报错内容如下: [root@k8s-master ~]# kubectl logs kubernetes-dashboard-658485d5c7-9v6kg -n kubernetes-dashboard 2021/11/15 06:48:51 Starting overwatch 2021/11/15 06:48:51 Using namespace: kubernetes-dashboard 2021/11/15 06:48:51 Using in-cluster config to connec
【CKA】二、节点管理-设置节点不可用
最新发布
weixin_43837718的博客
09-29 360
[CKA]二、节点管理-设置节点不可用
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

识途老码

赞赏是第一生产力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值