部署 Dashboard
-
K8s 官方有一个项目叫 dashboard,通过这个项目更方便监控集群的状态
-
官方地址: https://github.com/kubernetes/dashboard
-
通常我们通过命令行 $
kubectl get po -n kube-system -
能够查看到集群所有的组件,但这样的方式比较不太直观
-
要查看集群有哪些pod,用户,命名空间等,比较麻烦
-
所以 K8s 提供了一个dashboard UI界面来供运维人员使用
-
$
wget -O kubernetes-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml- 这是下载 kubernetes-dashboard.yaml 文件
-
之后,对该文件稍作修改
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard- 修改成 如下
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort # 加上这个 ports: - port: 443 targetPort: 8443 nodePort: 31111 # 加上这个,自定义 selector: k8s-app: kubernetes-dashboard -
$
kubectl create -f kubernetes-dashboard.yaml部署 dashboardnamespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created -
$
kubectl get svc -n kubernetes-dashboard查看命名空间中的服务NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.1.212.7 <none> 8000/TCP 27s kubernetes-dashboard NodePort 10.1.117.149 <none> 443:31111/TCP 27s- 上面看到是 443对应的 31111 端口,所以需要用 https 来访问
- 这里 work node 配置的 hosts 有 node1.k8s 和 node2.k8s 两台,外部mac也同样配置这样的hosts,随便选择一台
- 在Mac浏览器(客户端) 上访问: https://node1.k8s:31111 它会跳转到登录页面,它会要求输入 Token
- 获取 token: $
kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep tokenName: namespace-controller-token-t2cl5 Type: kubernetes.io/service-account-token token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkhrSTdHaTdfaFgxaERORGtTODdOOHpQdlRnejJRMjJ4MWRuX2pybEZLcTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi10MmNsNSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhkZTNlMzY4LWI2NzktNGNkNi05YmMyLTA4YzE4ODE3MWY4NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.dF9xW6gAtEUbgRxgzCBWPLZ8IzGgyBGH46yvW5csf5dfvPLqDFldjzELDvIbG-tzAV3g539e16X9nM3TpWgoDF17M-mOToodZgqoVg9UjGz-NhNNUUSVX_IO9oZPS1ptHN_nbHUUn8W4NuUnMVS_rGjBj4PpNQfitUdwIBXcAbziESx4f2ZUpoBjnNXggCfmpFVqSeo4pSGANPohjB9d_STFPgiU_EpTflxTjq6okpjh2DX1yc16LoZGrvj2CScbHvkw5XXkfhoquqQ0Zp24bG_4wYcTVUwl9rgHhfgnFNWPMZN0yqC1FDUqjshqoBO4A8bOFAK5xhAZegZY-KxaQQ - 将上述token粘贴进入,点击 登录 按钮,进入如下界面
- 可以看到里面有一个 web 的 pod, 同时,我们用命令获取 $
kubectl get po也是同步的结果NAME READY STATUS RESTARTS AGE web-6db77f5fdb-65wfv 1/1 Running 0 157m - 其他命令也是一样, 这个dashboard界面现在已经搭建完成了
