一、环境准备
实验环境使用 kubernetes v1.27.4 Centos8 && Centos7
yum install -y vim wget
经过测试,清华大学镜像下载速度稳定快速,可供国内用户便捷使用。首先我们需要配置清华大学的EPEL安装源。具体步骤如下:
bash
dnf -y install wget
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
yum clean all
yum makecache
yum -y update
Kubernetes-Dashboard安装
下载地址:参考 Kubernetes-Dashboard
bash
mkdir -p /etc/kubernetes/dashboard
cd /etc/kubernetes/dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
修改文件,增加nodeport参数便于访问
vim recommended.yaml
如下:
bash
# Adde by How
type: NodePort
-----------------------------------------------------------------------------------
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 32641 #指定nodePort,这样当集群重启时端口不会变更了。
selector:
k8s-app: kubernetes-dashboard
执行安装
bash
[root@master01 tools]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
[root@master01 tools]# kubectl apply -f recommended.yaml
-------------------output------------------------------------------------
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看服务是否正常运行,以及自动选择的nodeport端口
bash
# kubectl -n kubernetes-dashboard get pod Sat Aug 12 14:39:42 2023
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5cb4f4bb9c-4gtjc 1/1 Running 0 70m
kubernetes-dashboard-6967859bff-j26lp 1/1 Running 0 70m
-----------------------------------------------------------------------------------
[root@master01 tools]# kubectl -n kubernetes-dashboard get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.106.206.69 <none> 443:32641/TCP 71m
用浏览器访问控制台
访问 https://192.168.199.10:32641 即可进入控制台界面
注意:Chrome如果提示不安全连接,并且高级选项也无法进入, 在页面空白处键入 thisisunsafe 即可
访问控制
有好几种方式,这里只选择了token方式
创建管理员用户
1. 创建管理员服务帐号
首先创建一个叫admin-user的服务账号,并放在kubernetes-dashboard名称空间下:
cd /etc/kubernetes/dashboard
vim admin-user.yaml
如下
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
kubectl apply -f admin-user.yaml
2. 绑定管理员集群角色
默认情况下,kubeadm创建集群时已经创建了cluster-admin角色,我们直接绑定即可
cd /etc/kubernetes/dashboard
vim admin-user-role-binding.yaml
如下
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
执行此配置
kubectl apply -f admin-user-role-binding.yaml
3. 创建管理员Token
现在我们创建admin-user用户的Token,以便用来登录dashboard:
cd /etc/kubernetes/dashboard
kubectl -n kubernetes-dashboard create token admin-user
-------------------------------------------------------
此处略
4. 用管理员token登陆
把Token复制到登录界面的Token输入框中登陆 https://192.168.199.10:32641 正常登陆
5.Kubernetes Dashboard token失效时间设置
Dashboard的Token失效时间可以通过 token-ttl 参数来设置,这里我们有三种方式:【yaml、直接修改、通过Kubernetes Dashboard 】
我们这边通过kubectl 直接修改
bash
#kubectl edit deployment kubernetes-dashboard -n kube-system
------------------------------------------------
spec:
containers:
- args:
- --auto-generate-certificates
- --token-ttl=43200
- --namespace=kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 8443
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
name: kubernetes-dashboard
ports: