K8s之Dashboard 安装和介绍
K8s Dashboard 安装和介绍
一、dashboard 安装
1.安装文件和 image
Dashboard project
https://github.com/kubernetes/dashboard
yum install wget -y
wget
https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deplo
y/recommended.yaml
change image pull and service type
kubectl apply -f kubernetes-dashboard.yaml
2.查看 dashboard 的 POD 是否正常启动,如果正常说明安装成功
[root@node1 ~]# kubectl get pods --namespace=kube-system
NAME READY STATUS RESTARTS AGE
coredns-576cbf47c7-kg8s9 1/1 Running 0 29h
coredns-576cbf47c7-st599 1/1 Running 0 29h
etcd-node1.ztpt.com 1/1 Running 0 29h
kube-apiserver-node1.ztpt.com 1/1 Running 0 29h
kube-controller-manager-node1.ztpt.com 1/1 Running 1 29h
kube-flannel-ds-amd64-79x9h 1/1 Running 0 27h
kube-flannel-ds-amd64-f9fls 1/1 Running 0 26h
kube-flannel-ds-amd64-q7kvx 1/1 Running 0 29h
kube-proxy-242zg 1/1 Running 0 27h
kube-proxy-5ntm5 1/1 Running 0 29h
kube-proxy-6pbrv 1/1 Running 0 26h
kube-scheduler-node1.ztpt.com 1/1 Running 1 29h
kubernetes-dashboard-77fd78f978-wzqjq 1/1 Running 0 5m7s
3.配置外网访问(不配置的话默认只能集群内访问)
修改 service 配置,将 type: ClusterIP 改成 NodePort
kubectl edit service kubernetes-dashboard --namespace=kube-system查看外网暴露端口(我们可以看到外网端口是 32240)
[root@node1 ~]# kubectl get service --namespace=kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP
47h
kubernetes-dashboard NodePort 10.101.221.220 <none> 443:32240/TCP
17h
二.访问 dashboard
a.创建 dashboard 用户
创建 admin-token.yaml 文件,文件内容如下:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
b.创建用户
[root@node1 ~]# kubectl create -f admin-token.yaml
c.获取登陆 token
[root@node1 ~]# kubectl describe secret/$(kubectl get secret -n=kube-system |grep
admin|awk '{print $1}') -n=kube-system
拷贝 token 到登陆界面。
d.使用 kubeconf 登陆DASH_TOCKEN=$(kubectl get secret -n kube-system dashboard-admin-token-5kzp5 -o
jsonpath={.data.token}|base64 -d)
kubectl config set-cluster kubernetes --server=192.168.56.5:6443 --
kubeconfig=/root/dashbord-admin.conf
kubectl config set-credentials dashboard-admin --token=$DASH_TOCKEN --
kubeconfig=/root/dashbord-admin.conf
kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --
user=dashboard-admin --kubeconfig=/root/dashbord-admin.conf
kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/dashbordadmin.conf
生成的 dashbord-admin.conf 即可用于登录 dashboard
e.使用用户名和密码登陆。
如果你的环境内不止一个 master,那 basic-auth-file 这个文件要在每一个 master 上生成,并
保证路径及内容和其他 master 一致!并且每个 master 都要修改 kube-apiserver.yaml 文
件!
创建用户文件
解析:
user,password,userID
userID 不可重复
echo 'admin,admin,1' > /etc/kubernetes/pki/basic_auth_file
修改配置
vim /etc/kubernetes/manifests/kube-apiserver.yaml
# 增加如下参数
- --basic-auth-file=/etc/kubernetes/pki/basic_auth_file
重启 api-server
[root@master manifests]# pwd
/etc/kubernetes/manifests
[root@master manifests]# mv ./kube-apiserver.yaml ../
[root@master manifests]# mv ../kube-apiserver.yaml ./
更新配置
kubectl apply -f /etc/kubernetes/manifests/kube-apiserver.yaml
将用户与权限绑定
kubectl create clusterrolebinding login-on-dashboard-with-cluster-admin --
clusterrole=cluster-admin --user=admin
查看绑定
kubectl get clusterrolebinding login-on-dashboard-with-cluster-admin
修改 kubernetes-dashboard.yaml
开启 authentication-mode=basic 配置
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
- --token-ttl=43200
- --authentication-mode=basic
更新 kubernetes-dashboard
kubectl apply -f kubernetes-dashboard.yaml
验证
3.dashboard 使用
创建 pod,service,deployment and applicatio
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
4
0- 0
已为社区贡献6条内容
所有评论(0)