Kubernetes部署Dashboard用户界面
Kubernetes部署Dashboard用户界面
Dashboard 是基于网页的 Kubernetes 用户界面。您可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群本身及其附属资源。您可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源(如 Deployment,Job,DaemonSet 等等)。例如,您可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
Kubernetes部署步骤
下载资源清单 如果下载不成功多试几次或则改下dns
[root@master1 ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
安装部署 如果不成功 更改下镜像地址 利用阿里云做中转
[root@master1 ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
....
....
修改Service kubernetes-dashboard 映射一个端口,用于外网访问
[root@master1 ~]# kubectl edit svc -n kubernetes-dashboard kubernetes-dashboard
spec:
clusterIP: 10.96.93.138
externalTrafficPolicy: Cluster
ports:
- nodePort: 47064
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
# type: ClusterIP => type: NodePort
type: NodePort
查看修改后的端口
[root@master1 ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.96.104.63 <none> 8000/TCP 3h49m
kubernetes-dashboard NodePort 10.96.93.138 <none> 443:47064/TCP 3h49m
查看部署状态以及部署资源
[root@master1 ~]# kubectl get -f recommended.yaml
NAME STATUS AGE
namespace/kubernetes-dashboard Active 3h51m
NAME SECRETS AGE
serviceaccount/kubernetes-dashboard 1 3h51m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.96.93.138 <none> 443:47064/TCP 3h51m
NAME TYPE DATA AGE
secret/kubernetes-dashboard-certs Opaque 0 3h51m
secret/kubernetes-dashboard-csrf Opaque 1 3h51m
secret/kubernetes-dashboard-key-holder Opaque 2 3h51m
NAME DATA AGE
configmap/kubernetes-dashboard-settings 0 3h51m
NAME CREATED AT
role.rbac.authorization.k8s.io/kubernetes-dashboard 2021-08-03T02:48:06Z
NAME CREATED AT
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard 2021-08-03T02:48:06Z
NAME ROLE AGE
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard Role/kubernetes-dashboard 3h51m
NAME ROLE AGE
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard ClusterRole/kubernetes-dashboard 3h51m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/kubernetes-dashboard 1/1 1 1 3h51m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.96.104.63 <none> 8000/TCP 3h51m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 3h51m
创建token配置文件
[root@master1 ~]# vim token.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
部署token到集群
[root@master1 ~]# kubectl apply -f token.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
获取token
[root@master1 ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | grep token: | awk '{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6IkVrYkNBaEtYWHoteklLZy16NndXLXA4UUhULTZHLWktR08xTU5HaEU5aTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWhmN3p0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNWFjNzZhMy05NDdlLTQ0NjUtYjk2ZS00MDcxN2I3ZGY1Y2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.YqEctVcddeW4_6hFCJHE_daCAO_CgxS06FgcLaJlubmbokXM647RfigPoq979pG8ZnLtzeuIIQWINQHBtbxqt0jyWaW6wTPUs0zhBAdI34CmXEY8O08iNEOpyyMC0rssLF-CzhVNhHsXi-b7gRzEIlf6ymEWBrajWEgOP5bsyMiX37XdkM9L-lOAiNGeuJx3216Zj5Nud1nXJyNZaQYeDiBHh_UNBn10MoxOmpsepwjCBz9YemGjTrCZ6MaZiV11PNEkn_OjY1bq8TvFWignb4cIud4ZnrS8up-mBgXI_cFGBr6uoMxXjMRXDNQgeQAxgM_Irvo6MZcWvaO7ufAoug
输入集群外网地址任意一个皆可进行访问
https://192.168.15.55:47064/#/login