kubenetes-Dashboard
- kubenetes-Dashboard
-
- [1、部署和访问 Kubernetes 仪表板(Dashboard)](#1、部署和访问 Kubernetes 仪表板(Dashboard))
-
- [1.1、dashboard 仪表板](#1.1、dashboard 仪表板)
- 2、安装dashboard
kubenetes-Dashboard
1、部署和访问 Kubernetes 仪表板(Dashboard)
1.1、dashboard 仪表板
对整个k8s集群的资源对象全盘掌控
Dashboard 是基于网页的 Kubernetes 用户界面。 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
Dashboard 是基于网页的 Kubernetes 用户界面,可以在web界面上操作k8s集群,不需要使用命令。
官方文档:
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/
2、安装dashboard
1.下载
shell
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
使用的dashboard的版本是v2.7.0
shell
'下载yaml文件'
recommended.yaml
shell
'修改配置文件,将service对应的类型设置为NodePort'
shell
[root@master dashboard]# vim recommended.yaml
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #指定类型
ports:
- port: 443
targetPort: 8443
nodePort: 30088 #指定宿主机端口号
selector:
k8s-app: kubernetes-dashboard
---
其他的配置都不修改
应用上面的配置,启动dashboard相关的实例2.启动dashboard
shell
[root@master dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@master dashboard]# 查看是否启动dashboard的pod
shell
[root@master dashboard]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default sc-nginx-deploy-3-7496c84fcf-4489n 1/1 Running 0 5h52m
default sc-nginx-deploy-3-7496c84fcf-msgm6 1/1 Running 0 5h52m
default sc-nginx-deploy-3-7496c84fcf-q58lm 1/1 Running 0 5h52m
default sc-nginx-deploy-4-766c99dd77-dgzq5 1/1 Running 0 5h52m
default sc-nginx-deploy-4-766c99dd77-pljdw 1/1 Running 0 5h52m
default sc-nginx-deploy-4-766c99dd77-s9qkc 1/1 Running 0 5h52m
default sc-nginx-deploy-7bb895f9f5-7ttq9 1/1 Running 1 22h
default sc-nginx-deploy-7bb895f9f5-mlhqt 1/1 Running 1 22h
default sc-nginx-deploy-7bb895f9f5-prbvf 1/1 Running 1 22h
halou-gh gh-nginx-busybox 2/2 Running 26 15d
ingress-nginx ingress-nginx-admission-create-fwrjt 0/1 Completed 0 22h
ingress-nginx ingress-nginx-admission-patch-m7ftw 0/1 Completed 0 22h
ingress-nginx ingress-nginx-controller-589dccc958-pz6s8 1/1 Running 1 22h
ingress-nginx ingress-nginx-controller-589dccc958-zhrpq 1/1 Running 1 22h
kube-system calico-kube-controllers-6949477b58-48hcx 1/1 Running 9 12d
kube-system calico-node-48bw7 1/1 Running 16 20d
kube-system calico-node-lwvsk 1/1 Running 16 20d
kube-system calico-node-zjvg8 1/1 Running 16 20d
kube-system coredns-7f89b7bc75-pncxv 1/1 Running 16 20d
kube-system coredns-7f89b7bc75-zrzp2 1/1 Running 9 12d
kube-system etcd-master 1/1 Running 16 20d
kube-system kube-apiserver-master 1/1 Running 18 20d
kube-system kube-controller-manager-master 1/1 Running 16 20d
kube-system kube-proxy-48lqm 1/1 Running 16 20d
kube-system kube-proxy-7kfxj 1/1 Running 16 20d
kube-system kube-proxy-lwlxq 1/1 Running 16 20d
kube-system kube-scheduler-master 1/1 Running 16 20d
kube-system metrics-server-769f6c8464-ctxl7 1/1 Running 24 16d
kubernetes-dashboard dashboard-metrics-scraper-66dd8bdd86-gg2c6 1/1 Running 0 2m17s
kubernetes-dashboard kubernetes-dashboard-785c75749d-7vglw 1/1 Running 0 2m17s
mem-example memory-demo 1/1 Running 14 16d
mem-example memory-demo-3 1/1 Running 13 16d
sc pod-nodename 1/1 Running 6 8d
sc pod-nodeselector 0/1 NodeAffinity 0 8d
[root@master dashboard]#
shell
[root@master dashboard]# kubectl get pod --all-namespaces|grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-66dd8bdd86-gg2c6 1/1 Running 0 2m59s
kubernetes-dashboard kubernetes-dashboard-785c75749d-7vglw 1/1 Running 0 2m59s
[root@master dashboard]# 查看服务是否创建
shell
[root@master dashboard]# kubectl get svc --all-namespaces|grep dash
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.111.14.32 <none> 8000/TCP 3m37s
kubernetes-dashboard kubernetes-dashboard NodePort 10.109.54.232 <none> 443:30088/TCP 3m37s
[root@master dashboard]# 3.在浏览器里访问,使用https协议去访问
shell
https://192.168.182.133:30088/
出现一个登录画图,需要输入token
获取dashboard 的secret的名字
shell
kubectl get secret -n kubernetes-dashboard|grep dashboard-token
[root@master dashboard]# kubectl get secret -n kubernetes-dashboard|grep dashboard-token
kubernetes-dashboard-token-w2fzn kubernetes.io/service-account-token 3 7m4s
[root@master dashboard]# 获取secret里的token
shell
kubectl describe secret kubernetes-dashboard-token-w2fzn -n kubernetes-dashboard
[root@master dashboard]# kubectl describe secret kubernetes-dashboard-token-w2fzn -n kubernetes-dashboard
Name: kubernetes-dashboard-token-w2fzn
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: c916b21d-bdf3-4299-a976-3c7f736dc9fb
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InhDSFBDR1Zqa0l3a2hHWW1wVmZhc3lpZm1nOUxYVFBOanM3dUVfd2NSZDgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi13MmZ6biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImM5MTZiMjFkLWJkZjMtNDI5OS1hOTc2LTNjN2Y3MzZkYzlmYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.LOod4iSE_j9x32OmFgVH_s6NpppxDcQSTeKEax9KIU-6Bj_XAwwByg4RCp2wDo1EYy21ofXlza3waQF7NncsLhbETnCqwT-3tXyyybv-wzIpjkuk-EnUIoKLHtv3BEEG1VaS71yaPq2m5I8Wu2vVyAnO90gdKMWkHzNl-jO10eNb4XXqBO1Ps__IRcVg8TlCWco21dSxFwSTb6WSKgF38k4XPOhxy8jNsznHoTqjE0f2uaLx7q11WKGc-T5s1g6K41FhXUtos5sDu6UjROaE-tu3fVO5cQ1foSXNaThC1OpOk5RIkDIVgxyZvEM3yGrCvhP_B_8eLsuGtYd8tm_VUg
ca.crt: 1066 bytes
namespace: 20 bytes
[root@master dashboard]# 获取dashboard 的服务对应的端口
shell
[root@master dashboard]# kubectl get svc --all-namespaces|grep dash
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.111.14.32 <none> 8000/TCP 9m33s
kubernetes-dashboard kubernetes-dashboard NodePort 10.109.54.232 <none> 443:30088/TCP 9m33s
[root@master dashboard]# 访问:https://192.168.182.133:30088/
登录成功后,发现dashboard不能访问任何的资源对象,因为没有权限,需要RBAC鉴权
授权kubernetes-dashboard,防止找不到namespace资源
shell
[root@master dashboard]# kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/serviceaccount-cluster-admin created
[root@master dashboard]# 然后刷新一下页面就有了
如果要删除角色绑定:
shell
[root@master ~]#kubectl delete clusterrolebinding serviceaccount-cluster-admin 用yaml创建这个角色绑定
shell
[root@master dashboard]# kubectl get clusterrolebinding serviceaccount-cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: "2024-03-23T08:15:27Z"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:roleRef:
f:apiGroup: {}
f:kind: {}
f:name: {}
f:subjects: {}
manager: kubectl-create
operation: Update
time: "2024-03-23T08:15:27Z"
name: serviceaccount-cluster-admin
resourceVersion: "583594"
uid: bcc29869-fa2c-4878-bd9c-f19c415805d1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
[root@master dashboard]# 把角色绑定也写到yaml文件中去
shell
[root@master dashboard]# cat recommended-sc-2023.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: serviceaccount-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30088
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
[root@master dashboard]# 大佬的文章:
4.token的超时时间修改
