天行健,君子以自强不息;地势坤,君子以厚德载物。
每个人都有惰性,但不断学习是好好生活的根本,共勉!
文章均为学习整理笔记,分享记录为主,如有错误请指正,共同学习进步。
文章目录
- 1. 版本对应
- 2. 命令获取
- 3. dashboard安装
- 3.1 在线安装
- 3.2 本地安装
- 3.3 安装完成后的检查
- 4. dashboard配置
- 4.1 端口配置
- 4.2 创建访问账号
- 4.3 获取dashboard的访问token
- 5.访问dashboard
- 5.1 端口查看
- 5.2 ip查看
- 5.3 访问地址
1. 版本对应
github中的kubernetes/dashboard部分查看版本号关系
https://github.com/kubernetes/dashboard
如红框位置,进入release版本
可以看到当前最新版本为3.0.0
而该版本的dashboard对应的k8s版本为1.25、1.26、1.27
其中问号表示部分功能不可用,对号表示所有功能都可用
往下翻找到以往的dashboard版本如2.7.0
可看到dashboard2.7.0对应的k8s版本为1.22、1.23、1.24、1.25
其中完全支持的是1.25,其余三个则功能部分不可用
部分功能不可用不代表不能用,
2. 命令获取
在往下可以看到安装命令部分
复制即可到主节点master中执行(执行这种外网访问权限的请求一定要打开防火墙,不管是虚拟机还是自己的电脑,都要打开)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
3. dashboard安装
3.1 在线安装
在主节点中执行命令进行安装,安装完成结果如下
3.2 本地安装
如果安装失败,可通过创建文件来实现本地加载安装
打开文件recommended.yaml
recommended.yaml
如果打不开上方链接,可能是外网访问受限,文件内容如下,可直接复制粘贴创建文件
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {}
将内容复制
在主节点中创建同名文件
sudo vim recommended.yaml
按i
进入编辑模式,鼠标右键即可将复制的内容粘贴进来
然后按esc
再按shift+zz
保存退出
执行安装命令即可
kubectl apply -f recommended.yaml
3.3 安装完成后的检查
安装完成后可通过命令查看
kubectl get pods --n kubernetes-dashboard
或
kubectl get pods --namespace=kubernetes-dashboard
如果正确安装kubernetes-dashboard则输出如下:
然后查看kubernetes-dashboard的service和deployment是否创建,因为这两个东西是kubernetes运行应用程序所需的
查看service
kubectl get service --all-namespace
或
kubectl get services -n kubernetes-dashboard
查看deployment
kubectl get deployment --namespace=kubernetes-dashboard
或
kubectl get deployment --n kubernetes-dashboard
4. dashboard配置
4.1 端口配置
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部用于访问dashboard
默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
或
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
将type对应的参数修改为NodePort
i
–>修改–>esc
–>shift+zz
修改后,获取访问端口(后续用于访问dashboard的端口号)
kubectl get svc -A |grep kubernetes-dashboard
或者
kubectl get svc -n kubernetes-dashboard
或者
kubectl get service kubernetes-dashboard -n kubernetes-dashboard
就是下图NodePort对应的端口号,即红框中的部分
4.2 创建访问账号
创建dash.yaml文件
sudo vim dash.yaml
将以下内容复制
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
右键将复制的内容粘贴进dash.yaml文件
按shift++zz
保存退出
应用dash.yaml文件
kubectl apply -f dash.yaml
应用成功后输出如下
如出现报错如下
Unable to connect to the server: net/http: request canceled (Client.Timeout exceeded while awaiting headers)
排查:
可能是网络问题检查网络,重启网络
也可能是防火墙未关闭,确保电脑及虚拟机防火墙关闭
4.3 获取dashboard的访问token
获取token
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
获取内容如下,其中最后一行为换行包含用户名@主机名libai@k8s-master
访问token为红框内部分
鼠标左键选中红框内部分,即可将内容复制保存,如下
以下为粘贴的token内容
eyJhbGciOiJSUzI1NiIsImtpZCI6ImRFNzN5YTZIV050Tzl5WGJPcldXdDJVWUh0dEpIM0xXS1ZVVVBOdHVSQVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTd0ejZiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlYWQzZjdhOC0yNDZhLTRlMGUtODczZS01NjY4MzI4ZTA4MDAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.NYt1tvFiHylHBpJ37MUbz88UwzWh87azJPpS_yjSrNPVpeLILIkexLk3Vl_d-Cqqz58KtzWamDHU2DcXhcoVFnlxLSoY0py2Qr1Uq-_F1sKxW_hZtrIV9FMGCeun-Y-a7DtP4R6Vq8E6NErRblw9vEA3sCa0vDcGqLPCVIyEY9NJTi2rrKBovH0OEWEwM0PboLgQB1AG2x12JbFCa8AQz_12mI61F0Ysxhoznb3FimSAYGqJ3TNzQzIh3cEgpxNaOeKWIsWLOEQzSeTSE_1W4blfNxw20XM6Gg1oA_1elLtvj4eNrP8Hj-99QPhJquFDSmBDeuOz7WXJSZqSXM2Xew
也可通过命令查看证书token
kubectl describe secret -n kubernetes-dashboard
5.访问dashboard
5.1 端口查看
kubectl get svc -n kubernetes-dashboard
或者
kubectl get service kubernetes-dashboard -n kubernetes-dashboard
5.2 ip查看
查看dashboard服务运行在哪个节点上
kubectl get pods -n kubernetes-dashboard -o wide
精准查询kubernetes-dashboard
kubectl get pods -n kubernetes-dashboard -o wide | grep kubernetes-dashboard
或者模糊查询含有dashboard字段的服务
kubectl get pods -n kubernetes-dashboard -o wide | grep dashboard
可以看到kubernetes-dashboard服务在k8s-worker2节点中
我们到worker2节点使用ifconfig查看ip地址为192.168.193.130
5.3 访问地址
故访问地址为
https://192.168.193.130:30919
访问警告,点开高级
选择继续前往连接
将之前复制的token粘贴进去,登录
登录后即可正常使用k8s的dashboard界面
在集群中可以查看我们的节点及命名空间
感谢阅读,祝君暴富!