kubernetes部署dashboard
安装Dashboard
Kubernetes 大部分的操作都是通过命令行工具 kubectl 完成的,为了提供更丰富的用户体验,Kubernetes 还开发了一个基于 Web 的 Dashboard,用户可以用 Kubernetes Dashboard 部署容器化的应用、监控应用的状态、执行故障排查任务以及管理 Kubernetes 各种资源。
在 Kubernetes Dashboard 中可以查看集群中应用的运行状态,也能够创建和修改各种 Kubernetes 资源,比如 Deployment、Job、DaemonSet 等。用户可以 Scale Up/Down Deployment、执行 Rolling Update、重启某个 Pod 或者通过向导部署新的应用。Dashboard 能显示集群中各种资源的状态以及日志信息。
安装dashboard
Kubernetes 默认没有部署 Dashboard,可通过如下命令安装:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
获取kubernetes-dashboard.yaml文件:
由于yml文件中指定镜像从google仓库下载,这里先下载yaml文件,替换镜像下载路径从阿里云镜像仓库下载:
[[email protected]-master ~]$wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
#替换images路径
[[email protected]-master ~]$ vim kubernetes-dashboard.yaml
......
containers:
- name: kubernetes-dashboard
#image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
ports:
......
然后执行以下命令部署dashboard服务:
[[email protected]-master ~]$ kubectl create -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
[[email protected]-master ~]$
Dashboard 会在 kube-system namespace 中创建自己的 Deployment 和 Service。
[[email protected]-master ~]$ kubectl get deployment kubernetes-dashboard --namespace=kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1/1 1 1 21m
[[email protected]-master ~]$
[[email protected]-master ~]$ kubectl get service kubernetes-dashboard --namespace=kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.104.254.251 <none> 443:30001/TCP 21m
[[email protected]-master ~]$
查看pod状态运行正常:
[[email protected] ~]$ kubectl get pod --namespace=kube-system -o wide | grep kubernetes-dashboard
kubernetes-dashboard-847f8cb7b8-wrm4l 1/1 Running 0 19m 10.244.2.5 k8s-node2 <none> <none>
[[email protected] ~]$
因为 Service 是 ClusterIP 类型,为了便于本地访问,我们可通过以下命令修改成 NodePort 类型,并指定端口为30001,修改后可以基于ip:30001的方式来访问。
在文件中的spec部分下添加type: NodePort和nodePort: 30001,添加位置如下所示:
[[email protected]-master ~]$ kubectl edit service kubernetes-dashboard --namespace=kube-system
......
spec:
clusterIP: 10.104.254.251
externalTrafficPolicy: Cluster
ports:
- port: 443
protocol: TCP
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
保存修改再次查看service,此时修改已经生效,TYPE为NodePort,端口为30001。
[[email protected]-master ~]$ kubectl --namespace=kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.233.207.111 <none> 443:30001/TCP 3m22s
[[email protected]-master ~]$
通过浏览器访问 Dashboard ,https://192.168.92.56:30001/,登录界面如下:
创建登录令牌
Dashboard 支持 Kubeconfig 和 Token 两种认证方式,我们这里选择Token方式登录。
创建admin-user.yaml文件,内容如下:
[[email protected]-master ~]$ vim admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
执行:kubectl create -f admin-user.yaml,并查看service
[[email protected]-master ~]$ kubectl create -f admin-user.yaml
serviceaccount/admin created
clusterrolebinding.rbac.authorization.k8s.io/admin created
[[email protected]-master ~]$ kubectl describe serviceaccounts admin -n kube-system
Name: admin
Namespace: kube-system
Labels: k8s-app=kubernetes-dashboard
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: admin-token-nngz2
Tokens: admin-token-nngz2
Events: <none>
[[email protected]-master ~]$
获取token名称后查看token:
[[email protected]-master ~]$ kubectl describe secrets admin-token-nngz2 -n kube-system
Name: admin-token-nngz2
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: 69c9d23c-fea1-11e8-b2e3-000c291c2 5f3
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY 2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSI sImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1ubmd6M iIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiI sImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjY5YzlkMjNjL WZlYTEtMTFlOC1iMmUzLTAwMGMyOTFjMjVmMyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJ lLXN5c3RlbTphZG1pbiJ9.kuQAF7LsA_80ql-4hGhyn7ScR77NmlU7hNUqxP-gYnZyiaWTznse7FA9uvwr 15Mmb2yO-_7McaCLER77VJkDalLV0kdwG6PG05c4vxT-7HBzg6TFch1jLHSx2QIso5LfKm4sz_Mm7agYT5 bFGBSWZKt5Lk6wITewx78QkIipdz3F7oqlRNE0abrk6BdX3RcIVwt--ooFGKnEzLtZ9epc8w0TceQLl2p- pbZj093Us44Xjc8P8_lnvmjwqfM8Y2ukdcGnJNTSu3u_zkUK_G8dsq9LdqJORkVh4gf29XONQcx-DD1NOw Yiektw0DlxEab8fwT8nqWqqsj4Ea1xtWfTCg
[[email protected]-master ~]$
复制最后一行token:后的内容,登录dashboard:
admin登录dashboard
为了简化配置,我们也可以通过配置文件 dashboard-admin.yaml 为 Dashboard 默认用户赋予 admin 权限。
[[email protected]-master ~]$ vim dashboard-admin.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubrnetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
执行 kubectl apply 使之生效。
[[email protected]-master ~]$ kubectl apply -f dashboard-admin.yaml
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
[[email protected]-master ~]$
现在直接点击登录页面的 SKIP 也可以进入 Dashboard 。