Kubernetes入门(二)——Dashboard 安装
<p>Kubernetes集群搭建完成后,可以通过命令行方式了解集群资源的使用情况,但是这种方式比较笨拙且不直观,因此考虑给集群安装Dashboard,这样能更直观了解集群状态。本文Dashboard的整体安装流程参考的官网安装文档,但是在图形化界面展示部分,官网介绍的比较零散,参考了知乎的一篇文章后才一气呵成地完成啦~~~</p><h2 id="1-下载yaml文件并安装-1">1. 下载yaml文件并安装 <sup></sup></h2>
<ul>
<li>官网给出的yarml文件很难下载,可先使用笔记本(vpn代理)下载,在把文件上传到服务器。</li>
</ul>
<pre><code>wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml
</code></pre>
<ul>
<li>下载Dashboard依赖镜像,从recommended.yaml可查到</li>
</ul>
<pre><code>docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0
docker pull kubernetesui/metrics-scraper:v1.0.4
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0 kubernetesui/dashboard:v2.0.0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0
</code></pre>
<ul>
<li>查看服务是否正常运行</li>
</ul>
<pre><code># kubectl get pods -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-6b4884c9d5-k5j7c 1/1 Running 0 22h 10.20.71.67 10.13.1.2 <none> <none>
kubernetes-dashboard-7b544877d5-z46tp 1/1 Running 0 45m 10.20.71.69 10.13.1.2 <none> <none>
</code></pre>
<h2 id="2-本地测试访问dashboard">2. 本地测试访问Dashboard</h2>
<ul>
<li>启动代理</li>
</ul>
<pre><code>kubectl proxy
</code></pre>
<ul>
<li>由于在linux服务器安装,没有图形界面,可使用curl查看Dashboard网页</li>
</ul>
<pre><code>curl http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
</code></pre>
<h2 id="3-访问dashboard图形化界面-4">3. 访问Dashboard图形化界面 <sup></sup></h2>
<h3 id="配置nodeport方式">配置NodePort方式</h3>
<ul>
<li>查看kubernetes-dashboard</li>
</ul>
<pre><code># kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.96.191.195 <none> 443/TCP 21h
</code></pre>
<ul>
<li>编辑kubernetes-dashboard</li>
</ul>
<pre><code>kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard
将里面的type: ClusterIP改为type: NodePort即可。
</code></pre>
<ul>
<li>保存后重新查看,TYPE已变成NodePort</li>
</ul>
<pre><code># kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.96.191.195 <none> 443:30454/TCP 21h
</code></pre>
<h3 id="生成证书">生成证书</h3>
<ul>
<li>Dashboard安装完成,改为NodePort形式之后,通过https://10.13.1.3:30454/访问,会有提示安全的信息。</li>
</ul>
<pre><code>#新建目录:
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048
#我这里写的自己的node1节点,因为我是通过nodeport访问的;如果通过apiserver访问,可以写成自己的master节点ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=10.13.1.3'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
#查看pod
kubectl get pod -n kubernetes-dashboard
#重启pod
kubectl delete pod kubernetes-dashboard-7b544877d5-2xqcr-n kubernetes-dashboard
</code></pre>
<ul>
<li>重新访问 https://10.13.1.3:30454/ 点开高级后,在点继续前往的链接。</li>
</ul>
<h3 id="创建用户令牌">创建用户令牌</h3>
<p>Dashboard链接打开后,会提示选择Kubeconfig或Token, 这里选择Token的登录方式,下面是创建Token的方法。</p>
<ul>
<li>创建用户 <sup></sup></li>
</ul>
<pre><code>vim admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
# 执行命令
kubectl create -f admin-user.yaml
</code></pre>
<ul>
<li>绑定用户关系</li>
</ul>
<pre><code>vim admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
# 执行命令
kubectl create -f admin-user-role-binding.yam
</code></pre>
<ul>
<li>
<p>若执行过程中提示存在或者需要删除,只需要kubectl delete -f 相应的yaml文件即可</p>
</li>
<li>
<p>获取令牌</p>
</li>
</ul>
<pre><code># kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-r49rb
Namespace: kubernetes-dashboard
Labels: <none>
Annotations:kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: c9ddd17d-1ca3-4b10-9d83-f958f4235118
Type:kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace:20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImtsTDY2OENGOGRFaU9PQU8yZURxZDVWZVNxYndIS0NZOWZBTXowT053eWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXI0OXJiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjOWRkZDE3ZC0xY2EzLTRiMTAtOWQ4My1mOTU4ZjQyMzUxMTgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.zlPqNpVgBMdODyL9K7EInK7cME8rG-jXPt-Wd77ghyNGPNmqob_N8k-vj_RkqiDjUOO3hgj0N87mJTe98b2q3Jbb6hEe3wz1GdjRQahohli3K_DsUCQyV7QrOHVV0S0gyaIgiDVTygGXndiw8eKQtiRMuVCeq1_JR0kFbYrC85eTwCx_t1YHJLRf5s4DrkXiS4adFHy2F13riulloK2oG80QtPNpwAcjPZnLsnwUuzDQh5qE7xoDVNNP7X2CNozX7zEv0lQOAdgnnRM1qgxp_giBQ9I0z91wl4BuMs4MmPsaUOV_sR2fXkpOVTMpD-NvUxxHMBBZbiuPk-hH8pAxxQ
</code></pre>
<h3 id="输入令牌打开页面">输入令牌打开页面</h3>
<p>选择Token选项,输入令牌,点击登录,就会发现进入了首页。<br>
<img src="https://img2020.cnblogs.com/blog/2089037/202008/2089037-20200826193548158-822616926.png"></p>
<h2 id="4-参考资料">4. 参考资料</h2>
<pre><code>1. https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/ 官网文档——网页界面 (Dashboard)
2. https://github.com/kubernetes/dashboard
3. https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
4. https://zhuanlan.zhihu.com/p/91731765 Web基础配置篇(十七): Kubernetes dashboard安装配置
</code></pre><br><br>
来源:https://www.cnblogs.com/ljhbjehp/p/13567354.html
頁:
[1]