概述
Kubernetes Dashboard 是 Kubernetes 集群的 Web UI,用于管理集群。
安装
GitHub 地址:Kubernetes Dashboard
- 由于本次搭建的k8s集群版本是1.16.0,故需要使用2.0.0以上,但是截止本次搭建环境,2.0.0尚出于beta阶段,本次使用v2.0.0-beta5
下载配置文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml
修改配置如下
# 省略部分代码...
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
# 修改类型为 NodePort 访问
type: NodePort
ports:
- port: 443
targetPort: 8443
# 设置端口号为 30001
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
# 修改类型为 NodePort 访问
type: NodePort
ports:
- port: 443
targetPort: 8443
# 设置端口号为 30001
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
部署到集群
# 部署
kubectl create -f kubernetes-dashboard.yaml
# 查看
kubectl -n kubernetes-dashboard get pods
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
kubectl -n kubernetes-dashboard describe service kubernetes-dashboard
访问
需要使用 NodeIP:30001 访问 Dashboard,因为证书原因除火狐浏览器外其它浏览器无法直接打开页面
Chrome 浏览器显示如下
Firefox 浏览器显示如下
点击 接受风险并继续 即可显示欢迎界面
登录
- 我们采用 Token 方式登录
- 创建登录账号,创建一个名为
dashboard-adminuser.yaml
的配置文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
kubectl create -f dashboard-adminuser.yaml
- 打印 Token 信息
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
# 输出如下
Name: admin-user-token-rzpz5
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 9606b452-8adb-4381-9e3c-9816dc1b5cc5
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImFEUkkxc1VnNFFtUXFCOGRBcVVaSHp5bEpVMU9QV3cyMTROZm5rMjUtZjAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXJ6cHo1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI5NjA2YjQ1Mi04YWRiLTQzODEtOWUzYy05ODE2ZGMxYjVjYzUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.kPwQMd6-wNCYkFUacr63aG5zwKp2_76NuJusLMnoHzV9TkzlkuO8DLWhJDeGFxdb9zTbQ9A7I8vz_xS-xI0nHo4r5QJ60CzQOLQXmlSCq0dzaOvh8OZawc5OcVfmIj5Dv7fr1NcA6ihZQddGIabOvJk0sx8ZnWTBPJUaBj0KHRpw2zpqv7yc11QEVc4b1dqP1-wG3NStKPCZNkBz8RSFA1urEyyQKdnCBvrPCadMzHUp-FBr1xEdxH1lYW0okoyNHXXjNMmBANvoAqrZrBgGJRDnOMabQH4nw0I3_Wcb3OReEv6OrMhcQrDjVDETL_PgLet_f3JVeW0y5Hyt9dcsEA
ca.crt: 1025 bytes
namespace: 20 bytes
- 将 Token 输入浏览器,成功登陆后效果如下