Dashboard 是基于网页的 Kubernetes 用户界面。可以在web界面上操作k8s集群,不需要使用命令了
部署和访问 Kubernetes 仪表板(Dashboard)
Dashboard 是基于网页的 Kubernetes 用户界面。 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/
官方文档
k8s的版本
[root@master dashboard]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 22d v1.20.6
node-1 Ready worker 22d v1.20.6
node-2 Ready worker 22d v1.20.6
[root@master dashboard]#
下载安装dashboard
官网下载recommended.yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
使用的dashboard的版本是v2.7.0
[root@master dashboard]# ls
recommended.yaml
修改配置文件,将service对应的类型设置为NodePort
[root@master new]# vim recommended.yaml
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #指定类型
ports:
- port: 443
targetPort: 8443
nodePort: 30088 #指定宿主机端口号
selector:
k8s-app: kubernetes-dashboard
---
其他的配置都不修改
1.应用上面的配置,启动dashboard相关的实例
[root@master dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看是否启动dashboard的pod
[root@master new]# kubectl get pod --all-namespaces|grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-66dd8bdd86-5z7wc 1/1 Running 0 115s
kubernetes-dashboard kubernetes-dashboard-785c75749d-7jklv 1/1 Running 0 115s
[root@master new]#
2.查看服务是否创建
[root@master new]# kubectl get svc --all-namespaces|grep dash
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.100.3.63 <none> 8000/TCP 2m41s
kubernetes-dashboard kubernetes-dashboard NodePort 10.107.254.225 <none> 443:30088/TCP 2m42s
[root@master new]#
在浏览器里访问
1.使用https协议去访问
https://192.168.203.128:30088/
点击继续访问
2.https://192.168.203.128:30088/#/login
出现一个登录画图,需要输入token
3.获取dashboard 的secret的名字
[root@master new]# kubectl get secret -n kubernetes-dashboard|grep dashboard-token
kubernetes-dashboard-token-2bk6z kubernetes.io/service-account-token 3 9m14s
[root@master new]#
4.获取secret里的token
[root@master new]# kubectl describe secret kubernetes-dashboard-token-2bk6z -n kubernetes-dashboard
Name: kubernetes-dashboard-token-2bk6z
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: d9eaa0b4-a4ae-4372-aa2a-648431958223
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InRkR095eGVBRmxlU2NGSWlJbUg1Sy1yTEN0UUlSSXh2Z0pDUWtjYnhOQ2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi0yYms2eiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImQ5ZWFhMGI0LWE0YWUtNDM3Mi1hYTJhLTY0ODQzMTk1ODIyMyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.PDtF2OqbE9hD-RGuRt0Jg6USyKxxKzS5Yn9EOEY2ntD7X4mKEZxLH-QpyR0HJ9O5owMS_8cuGOwb-n7vbVPPe7XlGOX7i7AWlZAqFAKvDW0XmiAsnHq9DcsvYqq3IxXhUL76-WQfZVOjpALvPSvk0E7SJAmae3DD-AMR5O6FwepQS_o7Vm8PJnBsxUZl5RcyTdNYUba0utptbsPrsF1s0XH9IlqxzGkIqtmjCgCNMgK3lmUQN5-VHtK2N3oSGy3gKcNGISXhZf8OF9frd4fJw6jkOt4hXSyHAX9r0Y2LZmv9BNN2b3DaaVDpH2MuiB76g769_e3jwn7bg1sR-8BNdw
[root@master new]#
5.再次访问
在浏览器里访问
https://192.168.203.128:30088/
点击继续访问
https://192.168.203.128:30088/#/login
登录成功后,发现dashboard不能访问任何的资源对象,因为没有权限,需要RBAC鉴权
6.授权kubernetes-dashboard,防止找不到namespace资源
[root@master ~]# kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
问题
1.如何删除角色绑定
[root@master ~]#kubectl delete clusterrolebinding serviceaccount-cluster-admin
2.怎么把RBAC鉴权也写入yaml文件里?
如何获得一个对象是怎么样使用yaml文件创建过来的?
[root@master new]# kubectl get clusterrolebinding serviceaccount-cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: "2023-09-08T07:12:21Z"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: kubectl-create
operation: Update
time: "2023-09-08T07:12:21Z"
name: serviceaccount-cluster-admin
resourceVersion: "432307"
uid: 32c58b1d-740b-4b5f-b568-3e051e2f9155
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
[root@master new]#
有些配置是可以删除的,精简如下:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: serviceaccount-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard