序:
Dashboard它可以给用户提供一个可视化的 Web 界面来查看当前集群的各种信息。用户可以用 Kubernetes Dashboard 部署容器化的应用、监控应用的状态、执行故障排查任务以及管理 Kubernetes 各种资源。
一、部署Dashboard
1、执行yaml文件直接部署
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
#可以采用gitlab上面的yaml文件
kubectl apply -f https://gitlab.com/jaeck/kubernetes/-/raw/master/kubernetes-dashboard.yaml
2、查看dashboard运行状态,以deployment方式部署,运行2个pod及2个service:
[root@k8smaster tmp]# kubectl -n kubernetes-dashboard get pods
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7445d59dfd-dqm7t 1/1 Running 0 31m
kubernetes-dashboard-7d8466d688-5cxv9 1/1 Running 0 31m
[root@k8smaster tmp]# kubectl -n kubernetes-dashboard get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.102.47.233 <none> 8000/TCP 45m
kubernetes-dashboard NodePort 10.111.31.52 <none> 443:30443/TCP 45m
3、访问dashboard,需要配置NodePort端口
kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard \
-p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
4、查看暴露的service,已修改为nodeport类型:
[root@k8smaster tmp]# kubectl -n kubernetes-dashboard get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.102.47.233 <none> 8000/TCP 45m
kubernetes-dashboard NodePort 10.111.31.52 <none> 443:30443/TCP 45m
5、或者下载下来手动修改Service
https://gitlab.com/jaeck/kubernetes/-/raw/master/kubernetes-dashboard.yaml
修改内容:
...
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新增
ports:
- port: 443
targetPort: 8443
nodePort: 30443 #新增
selector:
k8s-app: kubernetes-dashboard
---
...
##更新配置
kubectl apply -f kubernetes-dashboard.yaml
6、登录dashboard(必须Firefox)
https://any_node_ip:30443
**
二、配置登录用户
1、创建dashboard-adminuser.yaml:
cat > dashboard-adminuser.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
2、创建登录用户
kubectl apply -f dashboard-adminuser.yaml
3、查看admin-user的token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')