介绍
Kubernetes Dashboard 是一个通用的、基于 Web 的 UI,适用于 Kubernetes 集群。它允许用户管理集群中运行的应用程序并对其进行故障排除,以及管理集群本身。
从版本 7.0.0 开始,官方放弃了对基于清单的安装的支持。目前仅支持基于 Helm 的安装。由于多容器设置和对 Kong 网关 API 代理的硬依赖,轻松支持基于清单的安装是不可行的。
开始安装
安装helm
https://helm.sh/zh/docs/intro/install/
helm安装很简单,下载二进制文件,放置到 PATH 路径下即可
~]# curl -O https://get.helm.sh/helm-v3.14.3-linux-amd64.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15.3M 100 15.3M 0 0 4271k 0 0:00:03 0:00:03 --:--:-- 4271k
~]# tar -xzf helm-v3.14.3-linux-amd64.tar.gz
~]# mv linux-amd64/helm /usr/local/bin/
~]# helm version
version.BuildInfo{Version:"v3.14.3", GitCommit:"f03cc04caaa8f6d7c3e67cf918929150cf6f3f12", GitTreeState:"clean", GoVersion:"go1.21.7"}
安装 kubernetes-dashboard
# 网络好的话可以直接添加官方 helm 仓库直接安装
# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
# 这里我先下载了 dashboard helm 安装包
# https://github.com/kubernetes/dashboard/releases/download/kubernetes-dashboard-7.1.2/kubernetes-dashboard-7.1.2.tgz
~]# helm upgrade --install kubernetes-dashboard kubernetes-dashboard-7.1.2.tgz --create-namespace --namespace kubernetes-dashboard -f das-values.yaml
Release "kubernetes-dashboard" has been upgraded. Happy Helming!
NAME: kubernetes-dashboard
LAST DEPLOYED: Thu Mar 28 16:04:41 2024
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************
Congratulations! You have just installed Kubernetes Dashboard in your cluster.
To access Dashboard run:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
NOTE: In case port-forward command does not work, make sure that kong service name is correct.
Check the services in Kubernetes Dashboard namespace using:
kubectl -n kubernetes-dashboard get svc
Dashboard will be available at:
https://localhost:8443
Looks like you are deploying Kubernetes Dashboard on a custom domain(s).
Please make sure that the ingress configuration is valid.
Dashboard should be accessible on your configured domain(s) soon:
- https://dashboard.example.io
~]# kubectl get po -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-api-76b4d558c7-dmrb2 1/1 Running 0 41s
kubernetes-dashboard-api-76b4d558c7-jlngv 1/1 Running 0 39s
kubernetes-dashboard-api-76b4d558c7-q7lt4 1/1 Running 0 46s
kubernetes-dashboard-auth-54fc9c5cf8-shbtl 1/1 Running 0 46s
kubernetes-dashboard-kong-5947ccdf89-g9ns9 1/1 Running 0 46s
kubernetes-dashboard-metrics-scraper-cb9b44d6f-s5qw5 1/1 Running 0 37m
kubernetes-dashboard-web-7fc6c445b8-df5fm 1/1 Running 0 37m
创建dashboard用户
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
~]# cat dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
~]# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
secret/admin-user created
~]# kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
访问dashboard页面
使用上面命令行输出的token进行登录