kubernetes的dashbord安装 

kubernetes dashbord提供了一个WEB UI界面用来查看和管理kubernetes,一般来说一个可视化的界面会让人感到精神振奋,所以我们就先来安装这个dashbord。


一、dashbord部署


在kubernetes官方文档介绍dashbord的地址是:




https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/




先根据官方文档提供的dashbord的yaml文件进行部署




kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml




查看一下生成的pod




kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-856586f554-hzpgx   1/1     Running   0          15m
kubernetes-dashboard-78c79f97b4-4hgdb        1/1     Running   0          15m




二、本地访问


安装官方的文档,还行下面命令会启动kubernetes的apiServer服务,就可以打开dashbord




kubectl proxy




本机执行下面命令可以查看返回的HTML




curl http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/




这个个命令还有更多的参数,如下




kubectl proxy --address='0.0.0.0'  --accept-hosts='^*$' --port=8001




这个命令的问题是,只能在本机(master)访问,在其他机器上访问这个地址除了要求https,还要求授权,不能正常访问,下面介绍另外一种方法


三、其他机器访问dashbord


这种方式根据dashbord生成service,来进行访问,先查看svc的状态




kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.102.172.241   <none>        8000/TCP   66s
kubernetes-dashboard        ClusterIP   10.111.248.226   <none>        443/TCP    66s




生成NodePort




kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard




再查看svn状态




kubectl get svc -n kubernetes-dashboard -o wide
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE   SELECTOR
dashboard-metrics-scraper   ClusterIP   10.102.172.241   <none>        8000/TCP        93s   k8s-app=dashboard-metrics-scraper
kubernetes-dashboard        NodePort    10.111.248.226   <none>        443:32368/TCP   93s   k8s-app=kubernetes-dashboard




注意生成的端口32368,一会在浏览器中要用


四、其他机器浏览器中打开dashbord


在你的工作机器上,不是master上打开浏览器,输入地址:https://kbsm:32368/,(其中kbsm是master的hostname)登录的界面就出来了




 这个界面需要登录,两种授权方式,我们用默认的token,这个token要到master机器上去生成




kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token
Name:         namespace-controller-token-zcskl
Type:  kubernetes.io/service-account-token
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkxnZ3V6VUhONGYwUy1vc2hVWXdvTklGQzBYRkRPMHFKTFJlWEltTzhWQkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi16Y3NrbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImQ4MjYzMTVlLWE1OWYtNGZlMS1hYjBhLWI5YWViMjVmYThhNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.YMssxWqdudu9HL65bNKE2LKnBLtG0pPSk3hJfzi3HKxtXdiXbe4GCO9WQTA0US0tu2t-9VTlycf8IGFKgG4NoR449uq_sHTjrHsG2pJcR3Yb71pKh-hzxwWPEVzQ2Nkb8pRgUxBK7uH2skHazLrLlQtZtl07acLm21jFP5dUplpUxD0vJn0DhGsjljMmaTHjsNCy-TXygclzNgSLWD4RTlq5ulzVzw_6yHTZ4ammakowVogZjNXGZUkjkv80c9O9RmDP9NoEZu5jocwDdhKKAsz0d3chNx8vwLsE2GPZ6ylvcV5W31jRHe4bg9-MsuHBKmpIsq-Ih6CnLK5dGiZQfw




把上面生成的token输入进去,然后点"登录"




有时候dashbord会提示匿名用户权限问题,导致pod等数据看不到






configmaps is forbidden: User “system:anonymous” cannot list resource “configmaps” in API group “” in the namespace “default”






执行下面的命令可以解决




kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous




 


 


 


 至此,dashbord部署完成!


 


参考资料


    

  1. 设置token失效时间(默认15min)
    2. 



 


 


 








		

			posted on 
2021-10-18 21:14 
Netsharp 
阅读(264) 
评论(0编辑 
收藏 
举报

		

	

	
	
	






    
    

    
    

    

        

    

        

            
                
                
            
        

    

    

    

    











	
		

导航