1.1 DashBoard
- Kubernetes Dashboard 是 Kubernetes 集群的一个开箱即用的 Web UI,提供了一种图形化的方式来管理和监视 Kubernetes 集群中的资源。它允许用户直接在浏览器中执行许多常见的 Kubernetes 管理任务,如部署应用、监控应用状态、执行故障排查以及管理 Kubernetes 中的各种资源。
1.1.1 部署DashBoard
[root@k8s-master-01 ~]# wget -c https://gitee.com/kong-xiangyuxcz/svn/releases/download/Dashboard/recommended.yaml
[root@k8s-all ~]# docker pull kubernetesui/dashboard:v2.7.0
[root@k8s-master-01 ~]# kubectl apply -f recommended.yaml
[root@k8s-master-01 ~]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5657497c4c-ml5vz 1/1 Running 0 3m15s
kubernetes-dashboard-78f87ddfc-b2wz2 1/1 Running 0 3m15s
[root@k8s-master-01 ~]# kubectl get pod,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-5657497c4c-ml5vz 1/1 Running 0 5m51s 10.244.154.193 k8s-node-01 <none> <none>
pod/kubernetes-dashboard-78f87ddfc-b2wz2 1/1 Running 0 5m51s 10.244.44.193 k8s-node-02 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.107.69.125 <none> 8000/TCP 5m51s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard ClusterIP 10.99.206.168 <none> 443/TCP 5m52s k8s-app=kubernetes-dashboard
[root@k8s-master-01 ~]# kubectl edit service/kubernetes-dashboard -n kubernetes-dashboard # 修改端口类型
...
type: NodePort
...
[root@k8s-master-01 ~]# kubectl get svc -n kubernetes-dashboard -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.98.101.48 <none> 8000/TCP 84s k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.100.194.237 <none> 443:30895/TCP 85s k8s-app=kubernetes-dashboard
1.1.2 创建访问账户
- 创建实例用户官网:dashboard/docs/user/access-control/creating-sample-user.md at master · kubernetes/dashboard · GitHub
[root@k8s-master-01 ~]# vim dashuser.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
[root@k8s-master-01 ~]# kubectl apply -f dashuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
1.1.3 获取令牌访问
[root@k8s-master-01 ~]# kubectl -n kubernetes-dashboard create token admin-user
eyJhbGciOiJSUzI1NiIsImtpZCI6IlpmcEhiNTFfcDBka3pYM2VCeUVwR1hIMFNBZHNnX25TY0FwMDhjazhRdUkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzE2NTIxMTIyLCJpYXQiOjE3MTY1MTc1MjIsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiNTEyZjRiNGYtYmIxYS00ZDQ0LThkYWQtMDRkODc1MTEwYTk1In19LCJuYmYiOjE3MTY1MTc1MjIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.Vt2BKBrHDVZ5dpz9j_GB3mHTM8ykSXnfa8FO6RLPF9H7y7Q9A5Vg4z3RV2K7e9dpO0y4X5UANVRLI65BYXw5Y51dSNEWG5kCSYXs5-ePPCQvJq-DsPn3x6ocD6l6AJ9uKBg7grl9ZIwU0iwclPexy-BZzdMo3gUnWy1TVnZEghj24zVzXi1X-EDi0h1riobi2jAsiPG-_6FRAOA1cCM1AdEoItG7_eTpxVx4GAarihB1gN4gpummy9-LHPBUsIfBoXbb75xEOCqOFrAe_V1OqN9AH5H-STKt5fVbissd8Ukwae9HNUJ8B9NilKI-R6VR8a7zGDhnUdnuEBR7UswiPQ
1.1.4 访问
[root@k8s-master-01 ~]# kubectl get svc -n kubernetes-dashboard -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.98.101.48 <none> 8000/TCP 6m59s k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.100.194.237 <none> 443:30895/TCP 7m k8s-app=kubernetes-dashboard