Kubernetes DashBoard
为了便于用户操作,k8s开发了基于Web的用户界面。方便用户容器化应用,还可以监控应用状态,执行故障排除和管理资源。
📊部署DashBoard
-
下载yaml,运行DashBoard
#下载yaml [root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml#修改yaml文件 # 修改kubernetes-dashboard的Service类型 kind: Service apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard spec:type: NodePort # 新增 因为要从外部访问ports:- port: 443targetPort: 8443nodePort: 30009 # 新增#部署[root@master ~]# kubectl create -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created#查看部署信息 [root@master ~]# kubectl get pod,svc -n kubernetes-dashboard -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/dashboard-metrics-scraper-c79c65bb7-b4p4j 1/1 Running 0 4m 10.244.2.14 node2 <none> <none> pod/kubernetes-dashboard-56484d4c5-58xxl 1/1 Running 0 4m1s 10.244.1.8 node1 <none> <none>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/dashboard-metrics-scraper ClusterIP 10.101.122.220 <none> 8000/TCP 4m1s k8s-app=dashboard-metrics-scraper service/kubernetes-dashboard NodePort 10.102.82.243 <none> 443:30009/TCP 4m1s k8s-app=kubernetes-dashboard
进入浏览器访问,不要用Chrome可能无法进入,这里我使用FireFox浏览器访问
-
创建token
#创建账号 自定义用户名 [root@master ~]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard serviceaccount/dashboard-admin created#授权 [root@master ~]# kubectl create clusterrolebinding dashboard-admin-rb --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-rb created #获取token [root@master ~]# kubectl get secrets -n kubernetes-dashboard NAME TYPE DATA AGE dashboard-admin-token-dxvbr kubernetes.io/service-account-token 3 84s default-token-kf5ql kubernetes.io/service-account-token 3 32m kubernetes-dashboard-certs Opaque 0 32m kubernetes-dashboard-csrf Opaque 1 32m kubernetes-dashboard-key-holder Opaque 2 32m kubernetes-dashboard-token-ns2h9 kubernetes.io/service-account-token 3 32m#查看token [root@master ~]# kubectl describe secrets dashboard-admin-token-dxvbr -n kubernetes-dashboard Name: dashboard-admin-token-dxvbr Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-adminkubernetes.io/service-account.uid: bd2becc9-5759-45a6-9cae-dd0f8d55a167Type: kubernetes.io/service-account-tokenData ==== ca.crt: 1025 bytes namespace: 20 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlI5ZVlrMEpVQkxQRWlDQUVhNzRHdXZWTG5fME0tSVd4eWx4Ql8wc3hjVzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZHh2YnIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmQyYmVjYzktNTc1OS00NWE2LTljYWUtZGQwZjhkNTVhMTY3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.Ofj6yFTA4zhG6piha_0GRK78AZ7hJ7QKuf_9pRxDm2ykFy2Az906hKrcKXJCoPtD_7yfUxd8XjXOqfHlHZ23qntjK_WCCl6so8ARPGFQZgwwmfD8lLSI0wxmeb295YoZy9TBtdgOlhd4F3URpQxF-BTH65fsnKpomfMld0kUYc08VxTSgslixNNbT6I_iJLINFzvgIwE-tlZqTucssWWEr3Q5K1hKhJyBotKcoQtS7oU3LhjiwdXM_Ua5wQcn9LXw_sKI3BanKCtJHgwS_-TuNM5uNTaVY5fZJ5wyJVNz_PmjB3KXEa8RdSy7lOFZtVZ1kEqbPReupapwKodP8pQeg
成功访问,可以使用DashBoard来对集群进行操作。
