Dashboard 安装与使用
一、What is Dashboard ?
Kubernetes Dashboard是Kubernetes集群的Web UI,用户可以通过Dashboard进行管理集群内所有资源对象,例如查看资源对象的运行情况,部署新的资源对象,伸缩Deployment中的Pod数量等等一系列操作。
二、Kubernetes Dashboard 安装
1、通过官方模板创建dashboard容器
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
2、查看创建的容器状态
$ kubectl get deployment -n kuberenetes-dashboard
$ kubectl get pods -n kuberenetes-dashboard
3、修改dashboard的service端口暴露模式为NodePort
$ kubectl edit service kubernetes-dashboard -n kubernetes-dashboard
[root@k8s-master dashboard]# kubectl edit service kubernetes-dashboard -n kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
# 添加暴露的端口
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"nodePort":30009,"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"},"type":"NodePort"}}
creationTimestamp: "2022-05-10T06:51:23Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "22566"
uid: 592e0ac4-c79e-4afe-a340-58f6450173d9
spec:
clusterIP: 10.1.214.46
clusterIPs:
- 10.1.214.46
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
# 添加暴露的端口
- nodePort: 30009
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
# 修改模式
type: NodePort
status:
loadBalancer: {}
4、 创建Service Account 及 ClusterRoleBinding
# 创建一个yaml文件管理目录
$ mkdir -p /root/k8s/dashboard && cd /root/k8s/dashboard
# 编写auth.yaml文件
$ cat << EOF >> auth.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
# 创建服务
$ kubectl apply -f auth.yaml
三、获取访问 Kubernetes Dashboard所需的 Token
1、token获取方式
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
2、kubeConfig生成方式
# 获取token文件名
$ TOKEN_FILE=$(kubectl -n kubernetes-dashboard get secret | awk '/admin-user/{print $1}')
# 获取token
$ DASH_TOCKEN=$(kubectl -n kubernetes-dashboard get secrets $TOKEN_FILE -n kubernetes-dashboard -o jsonpath={.data.token} |base64 -d)
# 设置 kubeconfig 文件中的一个集群条目
$ kubectl config set-cluster kubernetes --server=192.168.3.90:30009 --kubeconfig=/usr/local/src/dashbord-admin.conf
# 设置 kubeconfig 文件中的一个用户条目
$ kubectl config set-credentials kubernetes-dashboard --token=$DASH_TOCKEN --kubeconfig=/usr/local/src/dashbord-admin.conf
# 设置 kubeconfig 文件中的一个上下文条目
$ kubectl config set-context kubernetes-dashboard@kubernetes --cluster=kubernetes --user=kubernetes-dashboard --kubeconfig=/usr/local/src/dashbord-admin.conf
# 设置 kubeconfig 文件中的当前上下文
$ kubectl config use-context kubernetes-dashboard@kubernetes --kubeconfig=/usr/local/src/dashbord-admin.conf
# 生成的kubeConfig文件路径
/usr/local/src
四、访问DashBoard UI
# 防火墙放行端口
$ firewall-cmd --zone=public --add-port=30009/tcp --permanent
# 或者直接关闭防火墙(不建议)
$ systemctl stop firewalld.service
# 测试
# IP为自己服务器地址,端口为修改dashboard的service暴露的端口
$ curl http://192.168.3.90:30009
# 浏览器访问
http://192.168.3.90:30009