概述

Kubernetes Dashboard 是 Kubernetes 集群的 Web UI,用于管理集群。

安装

GitHub 地址:Kubernetes Dashboard

  • 由于本次搭建的k8s集群版本是1.16.0,故需要使用2.0.0以上,但是截止本次搭建环境,2.0.0尚出于beta阶段,本次使用v2.0.0-beta5

下载配置文件

  1. wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml

修改配置如下

  1. # 省略部分代码...
  3. # ------------------- Dashboard Service ------------------- #
  5. kind: Service
  6. apiVersion: v1
  7. metadata:
  8.   labels:
  9.     k8s-app: kubernetes-dashboard
  10.   name: kubernetes-dashboard
  11.   namespace: kube-system
  12. spec:
  13.   # 修改类型为 NodePort 访问
  14.   type: NodePort
  15.   ports:
  16.     - port: 443
  17.       targetPort: 8443
  18.       # 设置端口号为 30001
  19.       nodePort: 30001
  20.   selector:
  21.     k8s-app: kubernetes-dashboard
  23. kind: Service
  24. apiVersion: v1
  25. metadata:
  26.   labels:
  27.     k8s-app: kubernetes-dashboard
  28.   name: kubernetes-dashboard
  29.   namespace: kubernetes-dashboard
  30. spec:
  31.   # 修改类型为 NodePort 访问
  32.   type: NodePort
  33.   ports:
  34.     - port: 443
  35.       targetPort: 8443
  36.       # 设置端口号为 30001
  37.       nodePort: 30001
  38.   selector:
  39.     k8s-app: kubernetes-dashboard

部署到集群

  1. # 部署
  2. kubectl create -f kubernetes-dashboard.yaml
  4. # 查看
  5. kubectl -n kubernetes-dashboard get pods
  6. kubectl -n kubernetes-dashboard get service kubernetes-dashboard
  7. kubectl -n kubernetes-dashboard describe service kubernetes-dashboard

访问

需要使用 NodeIP:30001 访问 Dashboard,因为证书原因除火狐浏览器外其它浏览器无法直接打开页面

Chrome 浏览器显示如下

kubernetes_dashboard_chrome_error_info.png

Firefox 浏览器显示如下

kubernetes_dashboard_firefox_error_info.png

点击 接受风险并继续 即可显示欢迎界面

kubernetes_dashboard_login_token.png

登录

  • 我们采用 Token 方式登录
  • 创建登录账号,创建一个名为 dashboard-adminuser.yaml 的配置文件
  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: admin-user
  5.   namespace: kubernetes-dashboard
  6. ---
  7. apiVersion: rbac.authorization.k8s.io/v1
  8. kind: ClusterRoleBinding
  9. metadata:
  10.   name: admin-user
  11. roleRef:
  12.   apiGroup: rbac.authorization.k8s.io
  13.   kind: ClusterRole
  14.   name: cluster-admin
  15. subjects:
  16. - kind: ServiceAccount
  17.   name: admin-user
  18.   namespace: kubernetes-dashboard
  1. kubectl create -f dashboard-adminuser.yaml
  • 打印 Token 信息
  1. kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
  3. # 输出如下
  5. Name:         admin-user-token-rzpz5
  6. Namespace:    kubernetes-dashboard
  7. Labels:       <none>
  8. Annotations:  kubernetes.io/service-account.name: admin-user
  9.               kubernetes.io/service-account.uid: 9606b452-8adb-4381-9e3c-9816dc1b5cc5
  11. Type:  kubernetes.io/service-account-token
  13. Data
  14. ====
  15. token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImFEUkkxc1VnNFFtUXFCOGRBcVVaSHp5bEpVMU9QV3cyMTROZm5rMjUtZjAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXJ6cHo1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI5NjA2YjQ1Mi04YWRiLTQzODEtOWUzYy05ODE2ZGMxYjVjYzUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.kPwQMd6-wNCYkFUacr63aG5zwKp2_76NuJusLMnoHzV9TkzlkuO8DLWhJDeGFxdb9zTbQ9A7I8vz_xS-xI0nHo4r5QJ60CzQOLQXmlSCq0dzaOvh8OZawc5OcVfmIj5Dv7fr1NcA6ihZQddGIabOvJk0sx8ZnWTBPJUaBj0KHRpw2zpqv7yc11QEVc4b1dqP1-wG3NStKPCZNkBz8RSFA1urEyyQKdnCBvrPCadMzHUp-FBr1xEdxH1lYW0okoyNHXXjNMmBANvoAqrZrBgGJRDnOMabQH4nw0I3_Wcb3OReEv6OrMhcQrDjVDETL_PgLet_f3JVeW0y5Hyt9dcsEA
  16. ca.crt:     1025 bytes
  17. namespace:  20 bytes
  • 将 Token 输入浏览器,成功登陆后效果如下kubernetes_dashboard_page_overview.png