学习kubernetes——部署dashboard

一、安装dashboard

首先参考官方文档:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

官方的安装命令如下:

1kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml 2

当有多个节点时,安装到非主节点时,会出现一些问题。dashboard使用https去连接apiServer,由于证书问题会导致dial tcp 10.96.0.1:443: i/o timeout。

把recommended.yaml下载下来,修改一些配置:

1kind: Deployment 2apiVersion: apps/v1 3metadata: 4 labels: 5 k8s-app: kubernetes-dashboard 6 name: kubernetes-dashboard 7 namespace: kubernetes-dashboard 8spec: 9 replicas: 1 10 revisionHistoryLimit: 10 11 selector: 12 matchLabels: 13 k8s-app: kubernetes-dashboard 14 template: 15 metadata: 16 labels: 17 k8s-app: kubernetes-dashboard 18 spec: 19    # 增加nodeName,指定安装到主节点。kubernetes-node1为主节点名称 20 nodeName: kubernetes-node1 21 containers: 22 - name: kubernetes-dashboard 23 image: kubernetesui/dashboard:v2.0.0-beta8 24 imagePullPolicy: Always 25 ports: 26 - containerPort: 8443 27 protocol: TCP 28 args: 29 - --auto-generate-certificates 30 - --namespace=kubernetes-dashboard 31 # Uncomment the following line to manually specify Kubernetes API server Host 32 # If not specified, Dashboard will attempt to auto discover the API server and connect 33 # to it. Uncomment only if the default does not work. 34 # - --apiserver-host=http://my-address:port 35

注释下面的一些配置

1volumes: 2 - name: kubernetes-dashboard-certs 3 secret: 4 secretName: kubernetes-dashboard-certs 5 - name: tmp-volume 6 emptyDir: {} 7 serviceAccountName: kubernetes-dashboard 8 nodeSelector: 9 "beta.kubernetes.io/os": linux 10 # Comment the following tolerations if Dashboard must not be deployed on master 11 #tolerations: 12 # - key: node-role.kubernetes.io/master 13 # effect: NoSchedule 14
1 serviceAccountName: kubernetes-dashboard 2 nodeSelector: 3 "beta.kubernetes.io/os": linux 4 # Comment the following tolerations if Dashboard must not be deployed on master 5 #tolerations: 6 # - key: node-role.kubernetes.io/master 7 # effect: NoSchedule 8 volumes: 9

然后执行

1kubectl apply -f recommended.yaml 2

会自动下载对应的镜像,如果镜像下载失败,可以去其他地方下载,然后打tag的方式,来安装

执行 

kubectl get pods -n kubernetes-dashboard

下面的状态为Running表示安装成功了。

1NAME READY STATUS RESTARTS AGE 2dashboard-metrics-scraper-745bd6bb57-gf4vn 1/1 Running 0 15m 3kubernetes-dashboard-7c8ff6ddc5-v8fck 1/1 Running 1 4h3m 4

 

 

二、创建账号

官方地址:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

创建dashboard-adminuser.yaml,内容如下:

1apiVersion: v1 2kind: ServiceAccount 3metadata: 4 name: admin-user 5 namespace: kubernetes-dashboard 6

创建dashboard-adminuser-role-binding.yaml,内容如下:

1apiVersion: rbac.authorization.k8s.io/v1 2kind: ClusterRoleBinding 3metadata: 4 name: admin-user 5roleRef: 6 apiGroup: rbac.authorization.k8s.io 7 kind: ClusterRole 8 name: cluster-admin 9subjects: 10- kind: ServiceAccount 11 name: admin-user 12 namespace: kubernetes-dashboard 13

然后分别执行:

1kubectl apply -f dashboard-adminuser.yaml 2kubectl apply -f dashboard-adminuser-role-binding.yaml 3

 

三、访问

创建token

1kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') 2

结果如下:

1Name: admin-user-token-v57nw 2Namespace: kubernetes-dashboard 3Labels: <none> 4Annotations: kubernetes.io/service-account.name: admin-user 5 kubernetes.io/service-account.uid: 0303243c-4040-4a58-8a47-849ee9ba79c1 6 7Type: kubernetes.io/service-account-token 8 9Data 10==== 11ca.crt: 1066 bytes 12namespace: 20 bytes 13token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ 14

由于证书问题,我们使用代理的方式来访问

在主节点执行:

1kubectl proxy --address='0.0.0.0' 2

结果如下:

1Starting to serve on [::]:8001 2

由于在虚拟机中,浏览器没法直接访问,添加端口映射:

 

 

然后访问:http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/\#/login

选择token,输入上面生成的token进行访问

 

代码交流 2021