环境:centos7.9 docker-ce-20.10.9 kubernetes-version v1.22.6 kubernetes-dashboard v2.5.0
什么是dashboarddashboard是kubernetes集群的Web UI,用户可以通过dashboard进行管理集群内所有资源对象,例如查看资源对象的运行情况,部署新的资源对象,伸缩deployment中的pod数量等等一系列操作。
部署dashboard方法一、直接一键运行,默认dashboard以aip方式运行 [root@master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml 方法二、先下载yaml到本地再运行,本篇使用NodePort方式运行dashboard #下载官方的dashboard的yaml文件 [root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml [root@master ~]# vim recommended.yaml #修改yaml配置文件,更改资源类型为NodePort(该项可做可不做) 32 kind: Service 33 apiVersion: v1 34 metadata: 35 labels: 36 k8s-app: kubernetes-dashboard 37 name: kubernetes-dashboard 38 namespace: kubernetes-dashboard 39 spec: 40 type: NodePort #大概在40行处添加一个type: NodePort,注意剧本的语法格式 41 ports: 42 - port: 443 43 targetPort: 8443 44 nodePort: 30001 #定义对外的访问端口为30001 45 selector: 46 k8s-app: kubernetes-dashboard 47 --- [root@master ~]# kubectl apply -f recommended.yaml #运行,启动dashboard [root@master ~]# kubectl get pods -n kubernetes-dashboard #运行成功,dashboard安装完成 NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-c45b7869d-9mkr8 1/1 Running 0 87s kubernetes-dashboard-764b4dd7-ccgqn 1/1 Running 0 88s [root@master ~]# [root@master ~]# kubectl get svc -n kubernetes-dashboard #查看dashboard的对外端口30001 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/dashboard-metrics-scraper ClusterIP 10.101.244.233web访问dashboard可视化面板8000/TCP 5m58s service/kubernetes-dashboard NodePort 10.101.188.28 443:30001/TCP 5m58s [root@master ~]#
访问dashboard默认是https://master_ip:30001/,如下图所示:
发现dashboard有两种登陆方式,一种是Token方式,另外一种是使用kubeconfig方式,下面分别介绍这两种方式登陆。
方式一、使用Token方式登陆
#创建一个叫dashboard-admin的账号,并指定命名空间为kube-system [root@master ~]# kubectl create serviceaccount dashboard-admin -n kube-system serviceaccount/dashboard-admin created #创建一个关系,关系名为dashboard-admin,角色为cluster-admin,账户为kube-system命名空间下的dashboard-admin账号 [root@master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created [root@master ~]# kubectl get secrets --all-namespaces | grep -i dashboard-admin #查看Token的编号(第二列) kube-system dashboard-admin-token-jgxt9 kubernetes.io/service-account-token 3 8m4s [root@master ~]# kubectl describe secret/dashboard-admin-token-jgxt9 -n kube-system #查看指定Token的编号的具体token值 Name: dashboard-admin-token-jgxt9 Namespace: kube-system Labels:Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 93aeb666-79f0-4374-857d-15db559ce4d8 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1099 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImF0Yjhta24xLUlhV2RTX0ZFZXgxVDlmQk5fSFVtWTRMMWgzbmJHVXROU0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tamd4dDkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTNhZWI2NjYtNzlmMC00Mzc0LTg1N2QtMTVkYjU1OWNlNGQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.fBXTIGWo1sT4sc95RV074RwiSbfjT7wkZDcHcPOyddgGYlqob6H-E_7bAv1aIy11jgsvv5BChnKO-3PkDG16e9P6t2ozjW1l9VcHnw20lIliAEjnAnLSDBPAn6xHBOKHVvjAUUOYTN5a87ZgbbsLMnbu2XnzYpCIOfIkrYi4fVOzew-PiUhrwZJTal2TxMTnBxG2SxazyUt1SjHN7Azo-QVtfdjKKRIZAPeHqn211y3Ygsclp5TO3z747mSjB0s7q6Svyv-HTVpu25xMgInYXzK-cNzhG6O1tjWSWihlFkf6PzxcaejfuiMWovxMY6lyL6MCNjUM_iroO_JhKJ8QqA [root@master ~]# 复制上面这一大段token去dashboard的web页面就能访问dashboard了
方式二、使用kubeconfig方式登陆
(先不讲,配置有点复杂)
