Kubernetes仪表盘是Kubernetes集群的基于Web的通用UI,它允许用户管理群集中运行的应用程序并对其进行故障排除,以及管理群集本身;
Github:GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
下载yaml的资源清单:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
1.修改recommended.yaml(主要目的是暴露端口,方便外界访问,不修改等apply之后expose暴露也可以)
[root@k8smaster data]# vim recommended.yaml
增加40和44行内容
32 kind: Service
33 apiVersion: v1
34 metadata:
35 labels:
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38 namespace: kubernetes-dashboard
39 spec:
40 type: NodePort
41 ports:
42 - port: 443
43 targetPort: 8443
44 nodePort: 30001
45 selector:
46 k8s-app: kubernetes-dashboard
47
48 ---
2.部署dashboard
[root@k8smaster data]# ll
-rw-r--r-- 1 root root 7552 Mar 2 15:21 recommended.yaml
[root@k8smaster data]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19, non-functional in v1.25+; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created
2.查找pod
[root@k8smaster data]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-79459f84f-c6bpp 1/1 Running 0 64s
kubernetes-dashboard-5fc4c598cf-65rjr 1/1 Running 0 64s
3.访问web界面,需要输入token才可以登录
4.生成token
1.创建账号
[root@k8smaster data]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
2.赋予权限
[root@k8smaster data]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
3.生成token
[root@k8smaster data]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name: dashboard-admin-token-pdxlj
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 49b4bf13-b224-4f7e-9308-898a108e5249
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InNEOWlDOEZYR1RRNnFzb0FmejJIV2pyU3dZcTRPR21ZVm9fSzhpSGx4cDQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcGR4bGoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDliNGJmMTMtYjIyNC00ZjdlLTkzMDgtODk4YTEwOGU1MjQ5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.tGH7rLPYT_r6IXqw4o8j9Vx0Xnghc_2A8-u3EAhIE4S86O9nCMT8QIjj0NOYSF4w-9TxYJB7lLfnygMo2vuvhPyq9L7_saY91x8mpfJT7TjvhVn7ZfHYgnfcmwuUdX-wLOFvgqhOnMIJVrBhCm7atry3A4Y3tXsw1j2XGITo7Avr4SbG2dWW_C5wmrT7XpWRLYnLqBCrYUvC6BwZdb4ACQtHFaW3mCdNjJqZcq4Oh-w-ZSwVb8Law8i1IBftJAru9gy7-gmneqRurCjH8p_meld5sA3WNOPDDRaa44q19j0uosIkSU4tMtSBdShEijtrpRyZmY3mcgwYhivf0HhybQ
5.复制token到web界面,点击登录
6.可通过界面对deployment进行扩容缩容