Dashboard插件安装

IT
IT
IT
285
文章
1
评论
更多
 2020年6月11日20:20:25 评论 363 4474字阅读14分54秒

官网地址

https://github.com/kubernetes/dashboard

安装

  • 下载到本地
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
  • 修改配置文件添加NodePort
[root@k8s-master ~]# vim recommended.yaml

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  • 创建dashboard
[root@k8s-master ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
  • 查看dashboard的pod
[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-6b4884c9d5-flm79   1/1     Running   0          2m5s
kubernetes-dashboard-7bfbb48676-kd8h7        1/1     Running   0          2m5s
  • 查看service
[root@k8s-master ~]# kubectl get service -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.1.190.22   <none>        8000/TCP        4m20s
kubernetes-dashboard        NodePort    10.1.92.84    <none>        443:30317/TCP   4m20s
  • 查看dashboard详细信息
[root@k8s-master ~]# kubectl describe svc kubernetes-dashboard -n  kubernetes-dashboard
Name:                     kubernetes-dashboard
Namespace:                kubernetes-dashboard
Labels:                   k8s-app=kubernetes-dashboard
Annotations:              Selector:  k8s-app=kubernetes-dashboard
Type:                     NodePort
IP:                       10.1.92.84
Port:                     <unset>  443/TCP
TargetPort:               8443/TCP
NodePort:                 <unset>  30317/TCP
Endpoints:                10.244.2.4:8443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
  • 查看dashboard在哪一个节点
[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE     IP           NODE        NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-6b4884c9d5-flm79   1/1     Running   0          9m26s   10.244.1.6   k8s-node1   <none>           <none>
kubernetes-dashboard-7bfbb48676-kd8h7        1/1     Running   0          9m26s   10.244.2.4   k8s-node2   <none>           <none>

访问dashboard

  • 从上面可以看出node任意一个节点都可以
  • https://10.10.0.245:30317/

Dashboard插件安装

Token

我们创建一个admin用户并授予admin 角色绑定,使用下面的yaml文件创建admin用户并赋予他管理员权限,然后就可以通过token 登陆dashbaord,这种认证方式本质实际上是通过Service Account 的身份认证加上Bearer token请求 API server 的方式实现,参考 Kubernetes 中的认证

[root@k8s-master ~]# vim admin-token.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  • 创建对应的token
[root@k8s-master ~]# kubectl apply -f admin-token.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin created
serviceaccount/admin created
  • 查看token
[root@k8s-master ~]# kubectl get secret -n kube-system | grep admin-toke | awk '{print $1}' | xargs kubectl -n kube-system describe secret
Name:         admin-token-cddr8
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: af2cfeb2-ed6e-40f8-97d5-213066ed1d1d

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InNfLUtqdFZteUNTVHRpUXBWWXRPVm1BQUJFZzdwaG9uSGdtYXBUM1pZeDAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1jZGRyOCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImFmMmNmZWIyLWVkNmUtNDBmOC05N2Q1LTIxMzA2NmVkMWQxZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.QKyXLBuDZFyADFJvckuuQoFC4zESrSn3ah8MOODzbJ_2X0dQaWX8i7z7em620Uz_VBTqIVdLrldKQtExPv1RTtAyYujlijNdP3fKbrSdNGDRyiKy5bUifbPAYukJUaJgF5Z0ls-tQw77EjE_8iTZgcCjVXiszY1Irng-joICY63Jz6eA-62r5LXQNS23YSVU7rRLLe26Y7cLTDrSJY5FGbpvkpRo1_8SMRsxIYSvp09tHswMJi0R3vBjfzg5XRYI-XPyjj4OKT7Qog0DvoTRUc3IYDWvC7eUhPF0QgZEB5vNvUyq7J9jLhRMPNAXWneC_AmtNIAGo2WZqcwzbC_L4g
  • 使用以上的token登陆

Dashboard插件安装

Dashboard插件安装

  • 查看Nodes

Dashboard插件安装

继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
IT
  • 本文由 发表于 2020年6月11日20:20:25
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Minikube-Kubernetes本地实验环境 Kubernetes

Minikube-Kubernetes本地实验环境

简述 Kubernetes 集群的搭建是有一定难度的,尤其是对于初学者来说,好多概念和原理不懂,即使有现成的教程也会出现很多不可预知的问题,很容易打击学习的积极性,就此弃坑。好在 Kubernetes...
2020年7月4日 163 评论
深入理解pod Kubernetes

深入理解pod

YAML 基础 它的基本语法规则如下: 大小写敏感 使用缩进表示层级关系 缩进时不允许使用Tab键,只允许使用空格。 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可 # 表示注释,从这个字符一直...
2020年6月12日 66 评论