1.1 DashBoard
-
Kubernetes Dashboard 是 Kubernetes 集群的一个开箱即用的 Web UI,提供了一种图形化的方式来管理和监视 Kubernetes 集群中的资源。它允许用户直接在浏览器中执行许多常见的 Kubernetes 管理任务,如部署应用、监控应用状态、执行故障排查以及管理 Kubernetes 中的各种资源。
1.1.1 部署DashBoard
[root@k8s-master-01 ~]# wget -c https://gitee.com/kong-xiangyuxcz/svn/releases/download/Dashboard/recommended.yaml [root@k8s-all ~]# docker pull kubernetesui/dashboard:v2.7.0 [root@k8s-master-01 ~]# kubectl apply -f recommended.yaml [root@k8s-master-01 ~]# kubectl get pod -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-5657497c4c-ml5vz 1/1 Running 0 3m15s kubernetes-dashboard-78f87ddfc-b2wz2 1/1 Running 0 3m15s [root@k8s-master-01 ~]# kubectl get pod,svc -n kubernetes-dashboard -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/dashboard-metrics-scraper-5657497c4c-ml5vz 1/1 Running 0 5m51s 10.244.154.193 k8s-node-01 <none> <none> pod/kubernetes-dashboard-78f87ddfc-b2wz2 1/1 Running 0 5m51s 10.244.44.193 k8s-node-02 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/dashboard-metrics-scraper ClusterIP 10.107.69.125 <none> 8000/TCP 5m51s k8s-app=dashboard-metrics-scraper service/kubernetes-dashboard ClusterIP 10.99.206.168 <none> 443/TCP 5m52s k8s-app=kubernetes-dashboard [root@k8s-master-01 ~]# kubectl edit service/kubernetes-dashboard -n kubernetes-dashboard # 修改端口类型 ... type: NodePort ... [root@k8s-master-01 ~]# kubectl get svc -n kubernetes-dashboard -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR dashboard-metrics-scraper ClusterIP 10.98.101.48 <none> 8000/TCP 84s k8s-app=dashboard-metrics-scraper kubernetes-dashboard NodePort 10.100.194.237 <none> 443:30895/TCP 85s k8s-app=kubernetes-dashboard
1.1.2 创建访问账户
-
创建实例用户官网:dashboard/docs/user/access-control/creating-sample-user.md at master · kubernetes/dashboard · GitHub
[root@k8s-master-01 ~]# vim dashuser.yaml --- apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard [root@k8s-master-01 ~]# kubectl apply -f dashuser.yaml serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created
1.1.3 获取令牌访问
[root@k8s-master-01 ~]# kubectl -n kubernetes-dashboard create token admin-user eyJhbGciOiJSUzI1NiIsImtpZCI6IlpmcEhiNTFfcDBka3pYM2VCeUVwR1hIMFNBZHNnX25TY0FwMDhjazhRdUkifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzE2NTIxMTIyLCJpYXQiOjE3MTY1MTc1MjIsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiNTEyZjRiNGYtYmIxYS00ZDQ0LThkYWQtMDRkODc1MTEwYTk1In19LCJuYmYiOjE3MTY1MTc1MjIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.Vt2BKBrHDVZ5dpz9j_GB3mHTM8ykSXnfa8FO6RLPF9H7y7Q9A5Vg4z3RV2K7e9dpO0y4X5UANVRLI65BYXw5Y51dSNEWG5kCSYXs5-ePPCQvJq-DsPn3x6ocD6l6AJ9uKBg7grl9ZIwU0iwclPexy-BZzdMo3gUnWy1TVnZEghj24zVzXi1X-EDi0h1riobi2jAsiPG-_6FRAOA1cCM1AdEoItG7_eTpxVx4GAarihB1gN4gpummy9-LHPBUsIfBoXbb75xEOCqOFrAe_V1OqN9AH5H-STKt5fVbissd8Ukwae9HNUJ8B9NilKI-R6VR8a7zGDhnUdnuEBR7UswiPQ
1.1.4 访问
[root@k8s-master-01 ~]# kubectl get svc -n kubernetes-dashboard -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR dashboard-metrics-scraper ClusterIP 10.98.101.48 <none> 8000/TCP 6m59s k8s-app=dashboard-metrics-scraper kubernetes-dashboard NodePort 10.100.194.237 <none> 443:30895/TCP 7m k8s-app=kubernetes-dashboard
-
访问https://192.168.110.21:30895