简介
Kubernetes 仪表板(Dashboard)是基于网页的 Kubernetes 用户界面。 你可以使用仪表板:
- 展示了 Kubernetes 集群中的资源状态信息和所有报错信息。
- 把容器应用部署到 Kubernetes 集群中。
- 对容器应用排错。
- 管理集群资源。
- 获取运行在集群中的应用的概览信息。
- 创建或者修改 Kubernetes 资源 (比如:Deployment,Job,DaemonSet 等等)。
安装
根据 Kubernetes 版本选择 Kubernetes 仪表板的版本号,具体如下表:
Kubernetes 版本 | Kubernetes 仪表板版本 |
---|---|
1.18 | 2.0.3 |
1.19 | 2.0.5 |
1.20 | 2.3.1 |
1.21 | 2.4.0 |
1.23 | 2.5.1 |
1.24 | 2.6.0 |
1.24 | 2.6.1 |
执行如下命令安装Kubernetes仪表板2.6.1:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
输出如下:
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
执行如下命令查看Pod是否已启动:
kubectl get pod -n kubernetes-dashboard
当看到状态都为Runing时,就说明已经启动成功,如下所示。
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5cb4f4bb9c-lsnxf 1/1 Running 0 153m
kubernetes-dashboard-d77c86c87-svc87 1/1 Running 0 153m
访问
执行kubectl proxy命令后,就可以访问了,访问路径:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
我们可以Kubernetes仪表板的登陆界面,如下图:
创建用户
我们要创建一个名为 one-more-admin 的 ServiceAccount ,用来登录 Kubernetes 仪表板。然后再为这个 ServiceAccount 创建一个 Secret ,最后创建一个 ClusterRolebinding,将其绑定到 Kubernetes 集群中默认初始化的 cluster-admin 这个 ClusterRole 上面。
把以下内容保存为one-more-admin.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: one-more-admin
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: one-more-admin
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: one-more-admin
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: one-more-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: one-more-admin
namespace: kubernetes-dashboard
然后执行如下命令创建:
kubectl apply -f one-more-admin.yaml
输出如下:
serviceaccount/one-more-admin created
secret/one-more-admin created
clusterrolebinding.rbac.authorization.k8s.io/one-more-admin created
然后,执行以下命令获取到 Token :
kubectl -n kubernetes-dashboard describe secret one-more-admin
输出如下:
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5cb4f4bb9c-lsnxf 1/1 Running 0 153m
kubernetes-dashboard-d77c86c87-svc87 1/1 Running 0 153m
root@controller:~/test# kubectl -n kubernetes-dashboard describe secret one-more-admin
Name: one-more-admin
Namespace: kubernetes-dashboard
Labels: kubernetes.io/legacy-token-last-used=2023-08-11
Annotations: kubernetes.io/service-account.name: one-more-admin
kubernetes.io/service-account.uid: 48a665f3-d196-4686-af55-8281a50eb9ab
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1107 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImwyZXc0SUlDWmVVVjZTZ1cyYXZhNzJDOEg1NEQwZG9PSmc0Rzl2QlNpYlkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJvbmUtbW9yZS1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJvbmUtbW9yZS1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQ4YTY2NWYzLWQxOTYtNDY4Ni1hZjU1LTgyODFhNTBlYjlhYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpvbmUtbW9yZS1hZG1pbiJ9.SqJRp46WvFhQ4NEsiFILbLnRPUEDC1XgI6KYVNt3xGBJd0aXcTJOsBiDN_C_kOxs1V4_tHNzUoMhy0RFZbcSNfMfLa4lSODxrcSRE_Kx-duiJ30xVA-RJJPZCO1NJ2sJDMfGml9Gvt76fXsX0PHgaVJg3WBpby_F1gUyiLXP_u_ErahWdxRP2AA88oJKucw67tnxDyyUpeMaa3QG1iXahgREKEeZlS9X6Xx8OPVEvo18uc5WcB46FeejTGdaB0R_X0bAI0-bJY-OY4BOI0bHw_Z0YnRbJ0PC9pCEl6hRwb334p1oZf-l6BtCGZLa2kZNdNCzCWmkhwvZXy9yfuKuEA
把其中的 token 输入到 Kubernetes 仪表板登录即可,如下图: