- Kubernetes Dashboard 是基于 Kubernetes 集群的通用的、基于 Web 的 UI。它允许用户管理集群中运行的应用程序并对其进行故障排除,以及管理集群。
1、下载官网yaml文件
代码语言:javascript复制wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml官网:https://github.com/kubernetes/dashboard
目前v2.7.0 是最新版,其他版本可以到官网下载。
2、修改recommended.yaml
默认创建名为 "kubernetes-dashboard“ 的service 是ClusterIP 类型,我们要通过外网访问的话需要修改下,这里我们修改为 NodePort。
编辑 recommended.yaml 在大约 40行的位置添加一行 type: NodePort
代码语言:javascript复制 ---
31
32 kind: Service
33 apiVersion: v1
34 metadata:
35 labels:
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38 namespace: kubernetes-dashboard
39 spec:
40 type: NodePort #新增
41 ports:
42 - port: 443
43 targetPort: 8443
44 selector:
45 k8s-app: kubernetes-dashboard
46
47 ---3、创建资源
代码语言:javascript复制[root@172-17-0-46 data]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@172-17-0-46 data]# 4、查看资源是否已就绪
代码语言:javascript复制[root@172-17-0-46 data]# kubectl get all -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-5cd5c58d79-j74k2 1/1 Running 0 2m57s 192.168.0.90 172.17.0.43 <none> <none>
pod/kubernetes-dashboard-5988cd7d6f-fp67s 1/1 Running 0 2m57s 192.168.0.89 172.17.0.43 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 192.168.255.72 <none> 8000/TCP 2m57s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 192.168.254.167 <none> 443:30443/TCP 2m58s k8s-app=kubernetes-dashboard
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/dashboard-metrics-scraper 1/1 1 1 2m57s dashboard-metrics-scraper kubernetesui/metrics-scraper:v1.0.8 k8s-app=dashboard-metrics-scraper
deployment.apps/kubernetes-dashboard 1/1 1 1 2m57s kubernetes-dashboard kubernetesui/dashboard:v2.7.0 k8s-app=kubernetes-dashboard
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/dashboard-metrics-scraper-5cd5c58d79 1 1 1 2m57s dashboard-metrics-scraper kubernetesui/metrics-scraper:v1.0.8 k8s-app=dashboard-metrics-scraper,pod-template-hash=5cd5c58d79
replicaset.apps/kubernetes-dashboard-5988cd7d6f 1 1 1 2m57s kubernetes-dashboard kubernetesui/dashboard:v2.7.0 k8s-app=kubernetes-dashboard,pod-template-hash=5988cd7d6f
[root@172-17-0-46 data]# 5、测试访问
访问链接为 https://节点IP:kubernetes-dashboard 服务端口30443/
例如:https://172.17.0.43:30443/
访问到如下页面说明成功了
6、创建访问账号
默认创建的serviceaccount/kubernetes-dashboard 不是所有权限,所以我们要创建一个所有权限的账号。
代码语言:javascript复制[root@172-17-0-46 data]# cat dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-cluster-role
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
[root@172-17-0-46 data]#
[root@172-17-0-46 data]#
[root@172-17-0-46 data]# kubectl apply -f dashboard-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-cluster-role created
[root@172-17-0-46 data]# 7、获取账号token登录dashboard
代码语言:javascript复制[root@172-17-0-46 data]# kubectl describe serviceaccount dashboard-admin -n kubernetes-dashboard
Name: dashboard-admin
Namespace: kubernetes-dashboard
Labels: k8s-app=kubernetes-dashboard
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: dashboard-admin-token-nbvc2
Tokens: dashboard-admin-token-nbvc2
Events: <none>
[root@172-17-0-46 data]#
[root@172-17-0-46 data]# kubectl describe secrets dashboard-admin-token-nbvc2 -n kubernetes-dashboard # 此处的"dashboard-admin-token-nbvc2"来自上一个命令返回中的Tokens的值
Name: dashboard-admin-token-nbvc2
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7166a214-a44f-409d-98f0-ae73a0a72bac
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1277 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkNpX1hBZVY2N3FqWWhWTnJYZUhvOTBXbzRkMG9TeWdQOWpWdVVVSkhRbTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbmJ2YzIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNzE2NmEyMTQtYTQ0Zi00MDlkLTk4ZjAtYWU3M2EwYTcyYmFjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.TPxLPW6en5Elq54viOIiabIsnQIWWqIIFDqGpzTruu3ULKsjvbkiQiuYEdL2_95lDPBb_JwLgGuFnE2Nk5_X00TGuBSRPU2cEj00_RLT-dyWlvW-kY-H0lNAlpzUnjn_j2pMSb7i_HgUDxWKQDz6zbXGT0c03nxGlI22HUx6jq_Yb05wYaudZlG-f14EFIm1iBZL85AMxx6uLSIpRNOXLDnX7rXAxUsep1k3HBO61-ST011URNPOHX83N2-PlfF8lb8dQaZl7tzY9i58Tq-Ux0ZwAvYJxdOBQQaSWQlSDmuteiRSIrbQoMqDfkcKw82DMXCyyF2wakf-ZgeOBrlCMw
[root@172-17-0-46 data]# - 复制最后这一长串 token的值登录dashboard即可看到资源情况。
成功访问如下图
