K8s Dashboard使用
一、安装部署
下载dashboard部署文件
wget https://github.com/kubernetes/dashboard/archive/refs/tags/v2.6.0.tar.gz
或者: wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
root@easzlab-deploy:~/dashboard# cat dashboard-v2.6.0.yaml
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30000 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kubernetes-dashboard type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboard type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard rules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard rules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.6.0 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard - --token-ttl=43200 # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.8 ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume emptyDir: {}
root@easzlab-deploy:~/dashboard# cat admin-secret.yaml #创建admin 管理用户
apiVersion: v1 kind: Secret type: kubernetes.io/service-account-token metadata: name: dashboard-admin-user namespace: kubernetes-dashboard annotations: kubernetes.io/service-account.name: "admin-user"
root@easzlab-deploy:~/dashboard# cat admin-user.yaml #允许admin用户访问k8s集群,具备超级管理员权限
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
安装dashboard
root@easzlab-deploy:~/dashboard# ls admin-secret.yaml admin-user.yaml dashboard-v2.6.0.yaml root@easzlab-deploy:~/dashboard# kubectl apply -f dashboard-v2.6.0.yaml -f admin-user.yaml -f admin-secret.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created secret/dashboard-admin-user created root@easzlab-deploy:~/dashboard# root@easzlab-deploy:~/dashboard# kubectl get secret -A NAMESPACE NAME TYPE DATA AGE kube-system calico-etcd-secrets Opaque 3 17h kubernetes-dashboard dashboard-admin-user kubernetes.io/service-account-token 3 15s kubernetes-dashboard kubernetes-dashboard-certs Opaque 0 16s kubernetes-dashboard kubernetes-dashboard-csrf Opaque 1 15s kubernetes-dashboard kubernetes-dashboard-key-holder Opaque 0 15s root@easzlab-deploy:~/dashboard# root@easzlab-deploy:~/dashboard# kubectl describe secrets -n kubernetes-dashboard dashboard-admin #查admin用户token Name: dashboard-admin-user Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 68844120-9cfb-4e49-a070-875c67d14bb7 Type: kubernetes.io/service-account-token Data ==== token: eyJhbGciOiJSUzI1NiIsImtpZCI6InB2MkRvUy1fdm5rZHpsM25iV2N3cWN4b01pXzZJMjhQZ3Y2YWQ4aXVLWGsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdXNlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjg4NDQxMjAtOWNmYi00ZTQ5LWEwNzAtODc1YzY3ZDE0YmI3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLXVzZXIifQ.X3BxmfZfLRbA4JPdnu-FE_2pn59bXFD9TDr_YLpIauN5cdT9htNa-tujTSKMukwx538f4CGM_kMLGF1HOcSF6R6gDub76hf_jES3WHeG3XmlOCXjlI77orLt5LbaAf6m_Y14JcAipB30mZHXtPArcBGZzuH3cZ-Qa9fQ3iFO2Cj38w6FQzShx5tkiWpuWR_0UswSjGDo2Q664fWvzPhSKyhOx7BBGACWlUYBUuVwZVZOyHrMFk8XkSBjE8GdMlajgAhH1Ri6M0A51_ErvugXInkNWvCTZOqzHGEG059qY_Oz4t0aZrWfxS1XZi4PKiq1nDaQAbNLfyOKSb5mbmS1Lg ca.crt: 1302 bytes namespace: 20 bytes root@easzlab-deploy:~/dashboard# kubectl get pod -A -owide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system calico-kube-controllers-5c8bb696bb-69kws 1/1 Running 0 67m 172.16.88.159 172.16.88.159 <none> <none> kube-system calico-node-cjx4k 1/1 Running 0 67m 172.16.88.154 172.16.88.154 <none> <none> kube-system calico-node-mr977 1/1 Running 0 67m 172.16.88.158 172.16.88.158 <none> <none> kube-system calico-node-q7jbn 1/1 Running 0 67m 172.16.88.159 172.16.88.159 <none> <none> kube-system calico-node-rf9fv 1/1 Running 0 67m 172.16.88.156 172.16.88.156 <none> <none> kube-system calico-node-th8dt 1/1 Running 0 67m 172.16.88.157 172.16.88.157 <none> <none> kube-system calico-node-xlhbr 1/1 Running 0 67m 172.16.88.155 172.16.88.155 <none> <none> kube-system coredns-69548bdd5f-k7qwt 1/1 Running 0 42m 10.200.40.193 172.16.88.157 <none> <none> kube-system coredns-69548bdd5f-xvkbc 1/1 Running 0 42m 10.200.233.65 172.16.88.158 <none> <none> kubernetes-dashboard dashboard-metrics-scraper-8c47d4b5d-hp47z 1/1 Running 0 2m53s 10.200.2.7 172.16.88.159 <none> <none> kubernetes-dashboard kubernetes-dashboard-5676d8b865-t9j6r 1/1 Running 0 2m53s 10.200.40.197 172.16.88.157 <none> <none> root@easzlab-deploy:~/dashboard# kubectl get svc -A NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 18h kube-system kube-dns ClusterIP 10.100.0.2 <none> 53/UDP,53/TCP,9153/TCP 78m kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.100.228.111 <none> 8000/TCP 3m5s kubernetes-dashboard kubernetes-dashboard NodePort 10.100.212.143 <none> 443:30000/TCP 3m6s root@easzlab-deploy:~/dashboard#
二、访问dashboard
2.1、粘贴admin token即可访问
2.2、查看所有的pod
2.3、查看pod日志
2.4、进入pod
2.5、编辑pod
2.6、删除pod
2.7、查看集群控制器
(Daemon Sets+命名空间、Deployments+命名空间、Replication Controllers+命名空间、Stateful Sets+命名空间)
2.8、服务查看
(Ingresses+命名空间、Ingress Classes+命名空间、Services+命名空间)
2.9、配置中心与存储
(Config Maps+命名空间、PVC+命名空间、Secrets+命名空间、Storage Classes+命名空间)
2.10、集群角色
(集群角色、PV、命名空间、网络策略、事件)
