官网地址
https://github.com/kubernetes/dashboard
安装
- 下载到本地
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
- 修改配置文件添加NodePort
[root@k8s-master ~]# vim recommended.yaml kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
- 创建dashboard
[root@k8s-master ~]# kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
- 查看dashboard的pod
[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-6b4884c9d5-flm79 1/1 Running 0 2m5s kubernetes-dashboard-7bfbb48676-kd8h7 1/1 Running 0 2m5s
- 查看service
[root@k8s-master ~]# kubectl get service -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.1.190.22 <none> 8000/TCP 4m20s kubernetes-dashboard NodePort 10.1.92.84 <none> 443:30317/TCP 4m20s
- 查看dashboard详细信息
[root@k8s-master ~]# kubectl describe svc kubernetes-dashboard -n kubernetes-dashboard Name: kubernetes-dashboard Namespace: kubernetes-dashboard Labels: k8s-app=kubernetes-dashboard Annotations: Selector: k8s-app=kubernetes-dashboard Type: NodePort IP: 10.1.92.84 Port: <unset> 443/TCP TargetPort: 8443/TCP NodePort: <unset> 30317/TCP Endpoints: 10.244.2.4:8443 Session Affinity: None External Traffic Policy: Cluster Events: <none>
- 查看dashboard在哪一个节点
[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES dashboard-metrics-scraper-6b4884c9d5-flm79 1/1 Running 0 9m26s 10.244.1.6 k8s-node1 <none> <none> kubernetes-dashboard-7bfbb48676-kd8h7 1/1 Running 0 9m26s 10.244.2.4 k8s-node2 <none> <none>
访问dashboard
- 从上面可以看出node任意一个节点都可以
- https://10.10.0.245:30317/
Token
我们创建一个admin用户并授予admin 角色绑定,使用下面的yaml文件创建admin用户并赋予他管理员权限,然后就可以通过token 登陆dashbaord,这种认证方式本质实际上是通过Service Account 的身份认证加上Bearer token请求 API server 的方式实现,参考 Kubernetes 中的认证。
[root@k8s-master ~]# vim admin-token.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile
- 创建对应的token
[root@k8s-master ~]# kubectl apply -f admin-token.yaml clusterrolebinding.rbac.authorization.k8s.io/admin created serviceaccount/admin created
- 查看token
[root@k8s-master ~]# kubectl get secret -n kube-system | grep admin-toke | awk '{print $1}' | xargs kubectl -n kube-system describe secret Name: admin-token-cddr8 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin kubernetes.io/service-account.uid: af2cfeb2-ed6e-40f8-97d5-213066ed1d1d Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6InNfLUtqdFZteUNTVHRpUXBWWXRPVm1BQUJFZzdwaG9uSGdtYXBUM1pZeDAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1jZGRyOCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImFmMmNmZWIyLWVkNmUtNDBmOC05N2Q1LTIxMzA2NmVkMWQxZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.QKyXLBuDZFyADFJvckuuQoFC4zESrSn3ah8MOODzbJ_2X0dQaWX8i7z7em620Uz_VBTqIVdLrldKQtExPv1RTtAyYujlijNdP3fKbrSdNGDRyiKy5bUifbPAYukJUaJgF5Z0ls-tQw77EjE_8iTZgcCjVXiszY1Irng-joICY63Jz6eA-62r5LXQNS23YSVU7rRLLe26Y7cLTDrSJY5FGbpvkpRo1_8SMRsxIYSvp09tHswMJi0R3vBjfzg5XRYI-XPyjj4OKT7Qog0DvoTRUc3IYDWvC7eUhPF0QgZEB5vNvUyq7J9jLhRMPNAXWneC_AmtNIAGo2WZqcwzbC_L4g
- 使用以上的token登陆
- 查看Nodes
继续阅读
- 我的QQ
- QQ扫一扫
-
- 我的头条
- 头条扫一扫
-
评论