Kubernetes部署官网Dashboard

概述

Kubernetes Dashboard 是用于 Kubernetes 集群的通用、基于 Web 的 UI。它允许用户管理集群中运行的应用程序并对其进行故障排除,以及管理集群本身。

部署

获取 Dashboard YAML

root@k8smaster-11:/data/k8s/soft# wget https://dl.k8s.io/v1.22.5/kubernetes.tar.gz
root@k8smaster-11:/data/k8s/soft# tar xf kubernetes.tar.gz
root@k8smaster-11:/data/k8s/soft# cd kubernetes/cluster/addons/dashboard/

# coredns 部署模板文件
root@k8smaster-11:/data/k8s/soft/kubernetes/cluster/addons/dashboard# ls
OWNERS  README.md  dashboard.yaml
root@k8smaster-11:/data/k8s/soft/kubernetes/cluster/addons/dashboard# cp dashboard.yaml /data/k8s/yaml/dashboard/dashboard.yaml

修改配置文件

增加端口暴露

# 原代码
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
	
############ 修改 如下 #########
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  # 增加暴露端口配置
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30088
  selector:
    k8s-app: kubernetes-dashboard

准备授权用户

root@k8smaster-11:/data/k8s/yaml/dashboard# cat dashboard-user.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

部署 dashboard

root@k8smaster-11:/data/k8s/yaml/dashboard# kubectl apply -f  k8s-dashboard-v1.2.22.yaml 
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

root@k8smaster-11:/data/k8s/yaml/dashboard# kubectl apply -f dashboard-user.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

登陆测试

查看用户 Token

root@k8smaster-11:/data/k8s/yaml/dashboard# kubectl get secrets -A |  grep admin
kubernetes-dashboard   admin-user-token-x2gr4                           kubernetes.io/service-account-token   3      23s
root@k8smaster-11:/data/k8s/yaml/dashboard# kubectl describe secrets admin-user-token-x2gr4 -n kubernetes-dashboard
Name:         admin-user-token-x2gr4
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: b8565d49-3772-41e9-bb39-ec7af5159c0c

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1350 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InFDazU2VDU0a0Rka2xmamtBSlktaklxV0FtWDJZNmo0YnI4UnJETHhmY2MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXgyZ3I0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiODU2NWQ0OS0zNzcyLTQxZTktYmIzOS1lYzdhZjUxNTljMGMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.z_9RGoZOwW1ehDOhTPOgQ6NOOvpavQgxmN5AOiEvLWOfHGmQrw_Yy66C1DIV8jpIHkBl0vWmHk9SxC90ptudQE1AxB_hYkucuub7pRejIzML_OwrctCo0dATpFtD_Wjkys4RlhhPRJ1XjiIjsubU4SLtF7IFqgFPJrQDhRp9nZr9BEaBGSO0UVpQiK62iRWKqdYKnnTUU_Gpo7PBq3hO3y1W_O4m-jlZGXugVpjumnjuqCXueHt9GpKqDtTXopP9PfIsZ-DqN3ROE67gcdhgBt_t0CqjavWqJLxwNV76KYNIWVrtGZaDFTceeZU5b-LcDYIXUk2RuiW9gBP0iVf5Bg

获取 kuberconfig 文件

  1. 先获取token
    用上边的办法拿到token
eyJhbGciOiJSUzI1NiIsImtpZCI6InFDazU2VDU0a0Rka2xmamtBSlktaklxV0FtWDJZNmo0YnI4UnJETHhmY2MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXgyZ3I0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiODU2NWQ0OS0zNzcyLTQxZTktYmIzOS1lYzdhZjUxNTljMGMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.z_9RGoZOwW1ehDOhTPOgQ6NOOvpavQgxmN5AOiEvLWOfHGmQrw_Yy66C1DIV8jpIHkBl0vWmHk9SxC90ptudQE1AxB_hYkucuub7pRejIzML_OwrctCo0dATpFtD_Wjkys4RlhhPRJ1XjiIjsubU4SLtF7IFqgFPJrQDhRp9nZr9BEaBGSO0UVpQiK62iRWKqdYKnnTUU_Gpo7PBq3hO3y1W_O4m-jlZGXugVpjumnjuqCXueHt9GpKqDtTXopP9PfIsZ-DqN3ROE67gcdhgBt_t0CqjavWqJLxwNV76KYNIWVrtGZaDFTceeZU5b-LcDYIXUk2RuiW9gBP0iVf5Bg
  1. 设置 kubeconfig 文件中的一个集群条目
    注意修改为自己的集群节点
 kubectl config set-cluster kubernetes --server=172.16.0.200:6443 --kubeconfig=/data/k8s/dashboard/admin-user.conf
  1. 设置 kubeconfig 文件中的一个用户条目
    这里--token就是用到上面准备的token
    admin-user 是用户名
kubectl config set-credentials admin-user --token="eyJhbGciOiJSUzI1NiIsImtpZCI6InFDazU2VDU0a0Rka2xmamtBSlktaklxV0FtWDJZNmo0YnI4UnJETHhmY2MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTc1ZzJiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyNzk1MjNlMy0wNWQwLTRjYzItYmVjNS1hMDQzOTU1M2E2YjEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.sAeFGGokuYvwTLQE4yNWgGuO8T3VXXo6S_HlVnh0hdXVWyJaCJGquJYRnLU7eCylJ4Op-2WABU6gfEg0sGuHR9ENPeogWVtRSxFcSp3_oBOKAXeQU97h-WukrO_opBt35K9hRo7foUPBGrw7-CH7EDEa746C7fsM2uCmLN4Euqm0pVKjkJGQkuVfLCw-T_6cNqvOG0x9VVMGim1uNF0vGqTpAs3UjX466nHNNi8z_xW2TQ6qhVxgYhlQFSZGfM22Xe-KoqbztMD3U6iYsMDxgZicPW0ZpeFIBHp0Ou2BsnluqWdPr-go7oSrJZEowcITmkuViYu3id0FNflpocVc7A" --kubeconfig=/data/k8s/dashboard/admin-user.conf
  1. 设置 kubeconfig 文件中的一个上下文条目
    --user 指定用户名
kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=admin-user --kubeconfig=/data/k8s/dashboard/admin-user.conf
  1. 设置 kubeconfig 文件中的当前上下文
kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/data/k8s/dashboard/admin-user.conf
  1. 下载用户登陆文件
sz  /data/k8s/dashboard/admin-user.conf

登陆测试

image
image

posted @ 2022-01-15 22:23  闫世成  阅读(169)  评论(0编辑  收藏  举报