接上
前面博客Kubernetes 所有的操作我们都是通过命令行工具 kubectl 完成的。为了提供更丰富的用户体验,Kubernetes 还开发了一个基于 Web 的 Dashboard,用户可以用 Kubernetes Dashboard 部署容器化的应用、监控应用的状态、执行故障排查任务以及管理 Kubernetes 各种资源。
在 Kubernetes Dashboard 中可以查看集群中应用的运行状态,也能够创建和修改各种 Kubernetes 资源,比如 Deployment、Job、DaemonSet 等。用户可以 Scale Up/Down Deployment、执行 Rolling Update、重启某个 Pod 或者通过向导部署新的应用。Dashboard 能显示集群中各种资源的状态以及日志信息。
可以说,Kubernetes Dashboard 提供了 kubectl 的绝大部分功能,大家可以根据情况进行选择。
(1)下载镜像和.yaml文件,将.yaml文件移到kubeadm用户的家目录下,给三个节点都导入镜像。
动态调度:master会调度后端的node节点,有自己的调度算法,某个任务分配在哪,由manger来调度的
# 所需文件
kubernetes-dashboard.tar
kubernetes-dashboard.yaml
# 分发-->google的镜像你懂的
[root@server1 ~]# scp kubernetes-dashboard.tar server2:
[root@server1 ~]# scp kubernetes-dashboard.tar server3:
# 三个节点同时加载
[root@server1 ~]# docker load -i kubernetes-dashboard.tar
部署
# 仍是普通用户的身份去加载
[root@server1 ~]# mv kubernetes-dashboard.yaml /home/kubeadm/
[root@server1 ~]# su - kubeadm
Last login: Sun Aug 18 21:24:30 CST 2019 on pts/0
[kubeadm@server1 ~]$ kubectl apply -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
测试
# pod任务
[kubeadm@server1 ~]$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5c98db65d4-5ql2r 1/1 Running 0 77m
coredns-5c98db65d4-jrrgz 1/1 Running 0 77m
etcd-server1 1/1 Running 0 77m
kube-apiserver-server1 1/1 Running 0 76m
kube-controller-manager-server1 1/1 Running 0 76m
kube-flannel-ds-amd64-97flb 1/1 Running 0 41m
kube-flannel-ds-amd64-cm4lh 1/1 Running 0 41m
kube-flannel-ds-amd64-xlsp9 1/1 Running 0 41m
kube-proxy-nlc7h 1/1 Running 0 76m
kube-proxy-rzwlh 1/1 Running 0 77m
kube-proxy-z88r7 1/1 Running 0 73m
kube-scheduler-server1 1/1 Running 0 76m
kubernetes-dashboard-7d75c474bb-vh9ml 1/1 Running 0 2m3s
# 部署相关参数的含义-->
[kubeadm@server1 ~]$ kubectl get deployments. -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
coredns 2/2 2 2 78m
kubernetes-dashboard 1/1 1 1 2m45s
说明:由于从网络上下载的yml文件与实际的不匹配,要进行相关的修改,
核心:添加type:NodePort,暴露出 Dashboard 端口,方便外部访问
[kubeadm@server1 ~]$ kubectl edit service kubernetes-dashboard -n kube-system #文件到数第三行修改 type为: NodePort
[kubeadm@server1 ~]$ kubectl describe svc kubernetes-dashboard -n kube-system #查看随机分配的端口
[kubeadm@server1 ~]$ kubectl get secrets -n kube-system | grep kubernetes-dashboard-token #获取token
相关说明
[kubeadm@server1 ~]$ kubectl describe svc kubernetes-dashboard -n kube-system
Name: kubernetes-dashboard
Namespace: kube-system
Labels: k8s-app=kubernetes-dashboard
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard"...
Selector: k8s-app=kubernetes-dashboard
Type: NodePort # 类型改变
IP: 10.97.58.108 # 思考这个IP的类型
Port: <unset> 443/TCP
TargetPort: 8443/TCP
NodePort: <unset> 31796/TCP
Endpoints: 10.244.1.2:8443 # 思考这个IP的类型
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
创建Dashboard的用户认证,基于RBAC
[kubeadm@server1 ~]$ vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
创建用户和角色绑定
[kubeadm@server1 ~]$ kubectl apply -f dashboard-admin.yaml
[kubeadm@server1 ~]$ kubectl get secrets -n kube-system | grep admin
# 获取-->admin-user-token-npttq,要利用这个
[kubeadm@server1 ~]$ kubectl describe secrets admin-user-token-npttq -n kube-system #查看获取的token
登陆:端口为刚才分配到的端口,利用刚才的token登陆Dashboard
选择token令牌的方式
结果现实