kubenetes-Dashboard
- kubenetes-Dashboard
-
- [1、部署和访问 Kubernetes 仪表板(Dashboard)](#1、部署和访问 Kubernetes 仪表板(Dashboard))
-
- [1.1、dashboard 仪表板](#1.1、dashboard 仪表板)
- 2、安装dashboard
kubenetes-Dashboard
1、部署和访问 Kubernetes 仪表板(Dashboard)
1.1、dashboard 仪表板
对整个k8s集群的资源对象全盘掌控
Dashboard 是基于网页的 Kubernetes 用户界面
。 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
Dashboard 是基于网页的 Kubernetes 用户界面
,可以在web界面上操作k8s集群,不需要使用命令。
官方文档:
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/
2、安装dashboard
1.下载
shell
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
使用的dashboard的版本是v2.7.0
shell
'下载yaml文件'
recommended.yaml
shell
'修改配置文件,将service对应的类型设置为NodePort'
shell
[root@master dashboard]# vim recommended.yaml
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #指定类型
ports:
- port: 443
targetPort: 8443
nodePort: 30088 #指定宿主机端口号
selector:
k8s-app: kubernetes-dashboard
---
其他的配置都不修改
应用上面的配置,启动dashboard相关的实例
2.启动dashboard
shell
[root@master dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@master dashboard]#
查看是否启动dashboard的pod
shell
[root@master dashboard]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default sc-nginx-deploy-3-7496c84fcf-4489n 1/1 Running 0 5h52m
default sc-nginx-deploy-3-7496c84fcf-msgm6 1/1 Running 0 5h52m
default sc-nginx-deploy-3-7496c84fcf-q58lm 1/1 Running 0 5h52m
default sc-nginx-deploy-4-766c99dd77-dgzq5 1/1 Running 0 5h52m
default sc-nginx-deploy-4-766c99dd77-pljdw 1/1 Running 0 5h52m
default sc-nginx-deploy-4-766c99dd77-s9qkc 1/1 Running 0 5h52m
default sc-nginx-deploy-7bb895f9f5-7ttq9 1/1 Running 1 22h
default sc-nginx-deploy-7bb895f9f5-mlhqt 1/1 Running 1 22h
default sc-nginx-deploy-7bb895f9f5-prbvf 1/1 Running 1 22h
halou-gh gh-nginx-busybox 2/2 Running 26 15d
ingress-nginx ingress-nginx-admission-create-fwrjt 0/1 Completed 0 22h
ingress-nginx ingress-nginx-admission-patch-m7ftw 0/1 Completed 0 22h
ingress-nginx ingress-nginx-controller-589dccc958-pz6s8 1/1 Running 1 22h
ingress-nginx ingress-nginx-controller-589dccc958-zhrpq 1/1 Running 1 22h
kube-system calico-kube-controllers-6949477b58-48hcx 1/1 Running 9 12d
kube-system calico-node-48bw7 1/1 Running 16 20d
kube-system calico-node-lwvsk 1/1 Running 16 20d
kube-system calico-node-zjvg8 1/1 Running 16 20d
kube-system coredns-7f89b7bc75-pncxv 1/1 Running 16 20d
kube-system coredns-7f89b7bc75-zrzp2 1/1 Running 9 12d
kube-system etcd-master 1/1 Running 16 20d
kube-system kube-apiserver-master 1/1 Running 18 20d
kube-system kube-controller-manager-master 1/1 Running 16 20d
kube-system kube-proxy-48lqm 1/1 Running 16 20d
kube-system kube-proxy-7kfxj 1/1 Running 16 20d
kube-system kube-proxy-lwlxq 1/1 Running 16 20d
kube-system kube-scheduler-master 1/1 Running 16 20d
kube-system metrics-server-769f6c8464-ctxl7 1/1 Running 24 16d
kubernetes-dashboard dashboard-metrics-scraper-66dd8bdd86-gg2c6 1/1 Running 0 2m17s
kubernetes-dashboard kubernetes-dashboard-785c75749d-7vglw 1/1 Running 0 2m17s
mem-example memory-demo 1/1 Running 14 16d
mem-example memory-demo-3 1/1 Running 13 16d
sc pod-nodename 1/1 Running 6 8d
sc pod-nodeselector 0/1 NodeAffinity 0 8d
[root@master dashboard]#
shell
[root@master dashboard]# kubectl get pod --all-namespaces|grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-66dd8bdd86-gg2c6 1/1 Running 0 2m59s
kubernetes-dashboard kubernetes-dashboard-785c75749d-7vglw 1/1 Running 0 2m59s
[root@master dashboard]#
查看服务是否创建
shell
[root@master dashboard]# kubectl get svc --all-namespaces|grep dash
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.111.14.32 <none> 8000/TCP 3m37s
kubernetes-dashboard kubernetes-dashboard NodePort 10.109.54.232 <none> 443:30088/TCP 3m37s
[root@master dashboard]#
3.在浏览器里访问,使用https协议去访问
shell
https://192.168.182.133:30088/
出现一个登录画图,需要输入token
获取dashboard 的secret的名字
shell
kubectl get secret -n kubernetes-dashboard|grep dashboard-token
[root@master dashboard]# kubectl get secret -n kubernetes-dashboard|grep dashboard-token
kubernetes-dashboard-token-w2fzn kubernetes.io/service-account-token 3 7m4s
[root@master dashboard]#
获取secret里的token
shell
kubectl describe secret kubernetes-dashboard-token-w2fzn -n kubernetes-dashboard
[root@master dashboard]# kubectl describe secret kubernetes-dashboard-token-w2fzn -n kubernetes-dashboard
Name: kubernetes-dashboard-token-w2fzn
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: c916b21d-bdf3-4299-a976-3c7f736dc9fb
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InhDSFBDR1Zqa0l3a2hHWW1wVmZhc3lpZm1nOUxYVFBOanM3dUVfd2NSZDgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi13MmZ6biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImM5MTZiMjFkLWJkZjMtNDI5OS1hOTc2LTNjN2Y3MzZkYzlmYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.LOod4iSE_j9x32OmFgVH_s6NpppxDcQSTeKEax9KIU-6Bj_XAwwByg4RCp2wDo1EYy21ofXlza3waQF7NncsLhbETnCqwT-3tXyyybv-wzIpjkuk-EnUIoKLHtv3BEEG1VaS71yaPq2m5I8Wu2vVyAnO90gdKMWkHzNl-jO10eNb4XXqBO1Ps__IRcVg8TlCWco21dSxFwSTb6WSKgF38k4XPOhxy8jNsznHoTqjE0f2uaLx7q11WKGc-T5s1g6K41FhXUtos5sDu6UjROaE-tu3fVO5cQ1foSXNaThC1OpOk5RIkDIVgxyZvEM3yGrCvhP_B_8eLsuGtYd8tm_VUg
ca.crt: 1066 bytes
namespace: 20 bytes
[root@master dashboard]#
获取dashboard 的服务对应的端口
shell
[root@master dashboard]# kubectl get svc --all-namespaces|grep dash
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.111.14.32 <none> 8000/TCP 9m33s
kubernetes-dashboard kubernetes-dashboard NodePort 10.109.54.232 <none> 443:30088/TCP 9m33s
[root@master dashboard]#
访问:https://192.168.182.133:30088/
登录成功后,发现dashboard不能访问任何的资源对象,因为没有权限,需要RBAC鉴权
授权kubernetes-dashboard,防止找不到namespace资源
shell
[root@master dashboard]# kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/serviceaccount-cluster-admin created
[root@master dashboard]#
然后刷新一下页面就有了
如果要删除角色绑定:
shell
[root@master ~]#kubectl delete clusterrolebinding serviceaccount-cluster-admin
用yaml创建这个角色绑定
shell
[root@master dashboard]# kubectl get clusterrolebinding serviceaccount-cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: "2024-03-23T08:15:27Z"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: kubectl-create
operation: Update
time: "2024-03-23T08:15:27Z"
name: serviceaccount-cluster-admin
resourceVersion: "583594"
uid: bcc29869-fa2c-4878-bd9c-f19c415805d1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
[root@master dashboard]#
把角色绑定也写到yaml文件中去
shell
[root@master dashboard]# cat recommended-sc-2023.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: serviceaccount-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30088
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
[root@master dashboard]#
大佬的文章: