目录
一、dashboard介绍
二、部署安装dashboard组件
1.下载dashboard本地文件
2.修改nodeport的端口范围
3.创建和查看dashboard
4.电脑浏览器访问测试
5.token登录方式登录dashboard
5.1.查看dashboard的token
5.2.继续查看用户token的secrets资源详细信息
5.3.复制token编码输入到页面
5.4.解决权限不足的问题
6.kubeconfig文件方式登录dashboard
6.1.编辑生成kubeconfig文件的脚本
6.2.执行脚本
6.3.下载oslee.conf文件并上传
6.4.登陆
三、使用dashboard
一、dashboard介绍
- Dashboard是k8s集群管理的一个WebUI,它是k8s的一个附加组件,所以需要单独来部署;
- 我们可以通过图形化的方法,创建、删除、修改、查询k8s资源;
二、部署安装dashboard组件
Github地址:GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
参考链接:Release v2.5.1 · kubernetes/dashboard · GitHub
可以通过上述地址,查询对应k8s的版本,来下载对应的dashboard;
1.下载dashboard本地文件
[root@k8s1 k8s]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml2.修改nodeport的端口范围
以前修改过的,不用修改,或者你可以不修改,而是修改recommended.yaml的文件中的svc资源的端口范围为30000-32767;
本次学习,我们不修改recommended.yaml文件,只修改k8s的svc的nodeport的端口范围;
[root@k8s1 k8s]# vim recommended.yaml
# 修改为NodePort
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 8443
selector:
k8s-app: kubernetes-dashboard
.................................................................
[root@k8s1 k8s]# vim /etc/kubernetes/manifests/kube-apiserver.yaml
# 修改NodePort范围
spec:
containers:
- command:
- kube-apiserver
#下面这一条加进去,就修改完成了;自动就会更新;稍等一会;先会崩溃;
- --service-node-port-range=3000-50000
- --advertise-address=192.168.1.11
.................................................................
3.创建和查看dashboard
[root@k8s1 k8s]# kubectl apply -f recommended.yaml
[root@k8s1 k8s]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-799d786dbf-gjs6w 1/1 Running 0 73s
kubernetes-dashboard-fb8648fd9-2xrkw 1/1 Running 0 73s4.电脑浏览器访问测试
5.token登录方式登录dashboard
5.1.查看dashboard的token
# 先查看dashboard的sa用户的详细信息
# sa用户有一个token字段;这个token字段本质上也是一个secrets资源;
[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe sa kubernetes-dashboard | grep Tokens
Tokens: kubernetes-dashboard-token-qmtlx5.2.继续查看用户token的secrets资源详细信息
# 继续查看用户token的secrets资源详细信息,就可以获取到token的详细编码信息了;
[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-qmtlx
Name: kubernetes-dashboard-token-qmtlx
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 50e98f92-058e-4f49-acc1-97ce5b4ae695
Type: kubernetes.io/service-account-token
Data
====
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlA5MVdSa0dFeDZ0TnlpX0E4aFhMN3RKNWw3QWkzVjNfamF3M05sQVE3T0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1xbXRseCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUwZTk4ZjkyLTA1OGUtNGY0OS1hY2MxLTk3Y2U1YjRhZTY5NSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.AT_6b51qN6Z-YjeaWwbgrNr2A_ZzbUQco028Wg5A8WKBxkF2mFd7_RKeU9virezut-dZ6YnWk4o916gc2pTA4BDsdVmDlkcVuFkqQlWtuZc4-ZC28SF9StNkDODvw0g5kzFcFnPTlov_LFqv6171vWNqWftq2YujyLLF3eQoD0mf5zwkGMi7MufQIKurT8ur_0SwOucqOm5wVsrAyD3IfpUV2BFRGeI8Xm4uflE2t9_fDMXKgvjtjL-VgTlb8ZDjSl3LbRQyCRNVSAM2z6SNDzuced0QLD0fLR79F2abevmMewtW3uCIFlDUUQzWPHPmPMGd2jPAVnCk8soEMAX9Ug
ca.crt: 1099 bytes
5.3.复制token编码输入到页面
5.4.解决权限不足的问题
显示没有权限
创建用户绑定角色
[root@k8s231 dashboard]# cat sa-dash.yaml
#创建sa用户叫oslee
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
# 创建一个名为"oslee"的账户
name: oslee
namespace: kubernetes-dashboard
---
#绑定k8s集群中的最大权限的角色与oslee用户
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-oldboyedu
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
# 既然绑定的是集群角色,那么类型也应该为"ClusterRole",而不是"Role"哟~
kind: ClusterRole
# 关于集群角色可以使用"kubectl get clusterrole | grep admin"进行过滤哟~
name: cluster-admin
subjects:
- kind: ServiceAccount
# 此处要注意哈,绑定的要和我们上面的服务账户一致哟~
name: oslee
namespace: kubernetes-dashboard
[root@k8s1 k8s]# kubectl apply -f sa-dash.yaml
serviceaccount/oslee created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-oldboyedu created使用新用户的token登录dashboard
[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe sa oslee | grep Tokens
Tokens: oslee-token-2b5bf
[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe secrets oslee-token-2b5bf
Name: oslee-token-2b5bf
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: oslee
kubernetes.io/service-account.uid: e49ad3d4-08de-453a-98e9-1cde253111f5
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlA5MVdSa0dFeDZ0TnlpX0E4aFhMN3RKNWw3QWkzVjNfamF3M05sQVE3T0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJvc2xlZS10b2tlbi0yYjViZiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJvc2xlZSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImU0OWFkM2Q0LTA4ZGUtNDUzYS05OGU5LTFjZGUyNTMxMTFmNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpvc2xlZSJ9.qwVQf4hScOCT4UtOwvbiCbZt-dRvmij-XGmouaQRWXWcLzA6uuGtOmpX0KTymcYf9UdFEsBREnYwaSo1kLMgMQFDaQthlU3JEnwXd0xtuDooKbzbRKdydkJseo4bHTqLLWrnBkLSei97O-roAb4dL03Dtxo27ppHVwGd5ydj-LorjPDMcnynvlOBvCNV0rMbeQf1N1owwlRFHLGOH0kxuqN9lFVkg9Xu9HrC5bP2PMCQS17YdSQMfPxPY76sG2pBRK_Yu494Y0Aiop91SOllKiVJNT3qNpMuCbBS4IsZCh2MzIsG6V2Z3323fRV4MaHOegEdwIK6YZe2hhu-Z-9UZA
6.kubeconfig文件方式登录dashboard
6.1.编辑生成kubeconfig文件的脚本
[root@k8s1 k8s]# vi kc.sh
#!/bin/bash
#用户token的变量
oslee_TOKEN="eyJhbGciOiJSUzI1NiIsImtpZCI6IlA5MVdSa0dFeDZ0TnlpX0E4aFhMN3RKNWw3QWkzVjNfamF3M05sQVE3T0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJvc2xlZS10b2tlbi0yYjViZiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJvc2xlZSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImU0OWFkM2Q0LTA4ZGUtNDUzYS05OGU5LTFjZGUyNTMxMTFmNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpvc2xlZSJ9.qwVQf4hScOCT4UtOwvbiCbZt-dRvmij-XGmouaQRWXWcLzA6uuGtOmpX0KTymcYf9UdFEsBREnYwaSo1kLMgMQFDaQthlU3JEnwXd0xtuDooKbzbRKdydkJseo4bHTqLLWrnBkLSei97O-roAb4dL03Dtxo27ppHVwGd5ydj-LorjPDMcnynvlOBvCNV0rMbeQf1N1owwlRFHLGOH0kxuqN9lFVkg9Xu9HrC5bP2PMCQS17YdSQMfPxPY76sG2pBRK_Yu494Y0Aiop91SOllKiVJNT3qNpMuCbBS4IsZCh2MzIsG6V2Z3323fRV4MaHOegEdwIK6YZe2hhu-Z-9UZA"
#设置集群
kubectl config set-cluster oslee-cluster --server=https://192.168.1.11:6443 --kubeconfig=oslee.conf
#设置客户端
kubectl config set-credentials oslee-client --token=${oslee_TOKEN} --kubeconfig=oslee.conf
#集群结合客户端
kubectl config set-context oslee-user --cluster=oslee-cluster --user=oslee-client --kubeconfig=oslee.conf
#声明使用上下文生成kubeconfig文件
kubectl config use-context oslee-user --kubeconfig=oslee.conf
6.2.执行脚本
# 执行脚本
[root@k8s1 k8s]# sh kc.sh
Cluster "oslee-cluster" set.
User "oslee-client" set.
Context "oslee-user" created.
Switched to context "oslee-user".6.3.下载oslee.conf文件并上传
6.4.登陆
三、使用dashboard
===============================至此,已成艺术==============================
