#kubernetes 为k8s集群添加dashboard控制面板
关于dashboard
官方描述
Dashboard 是基于网页的 Kubernetes 用户界面。 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
Dashboard 同时展示了 Kubernetes 集群中的资源状态信息和所有报错信息。
官方文档
https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
详细步骤:
1. 添加dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
开启proxy
kubectl proxy
注意
dashboard只能在本机通过localhost或者127.0.0.1进行访问。
而一般k8s集群是部署在不带桌面组件的linux服务器中,所以需要将kubectl proxy需要运行在一个带有桌面的机器上,例如mac开发机等等。
否则,将无法访问。
2. 打开dashboard页面
3. 登录dashboard
注意 当前仅支持通过token登录
所以,需要先创建一个用户,并获取登录token。
创建用户,并获取token
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
- 1). 创建配置文件
文件名:dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
- 2). 应用
kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
- 3). 获取token
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6IndHVXJBb3pjc2plQlR0T2ZoMGt4Znh6Ty1vNnpuNjIxS1JPVElDZ29ZeVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWRoeHB3Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNjU1OGU0NS1jM2M4LTQ3YTctYTM2YS1lNjRjYzRkNDE5NjYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.VdZnFnIsVl8HJI7T7pUcQZNbgGWfNMochKur6QS3pwXGe5LEV3SLbaZXq4JXaIOEiYPH1Zm2xPR75M9hOJ9l8ZoOjYy1EuFNh4Q_eURKlfrjvmBlb3PVzL-pckg8jrhhnLocoFNxT1WE-_JusDZh0hpg_cqJcFa-qfowJJrfSiWQ_ZsUFgCUmrqBcvoXuAzn7EXmVrpE8ub2MGVCjB6FkJg3qdQS6jztDZ3ozZ1t7Yp8pc82VQbdD64w7B_i7-tB3BSbwUGrtw1xnsRyPV1VdnuHUf84fTpzcrT-8CHh6eiueV5qFc7ERi9bs1Droz_kV7xTP8pvUMhoCJZRPfLuOg
使用token登录
看到以下界面就表示成功了
4. 移除用户
如果要移除刚刚创建的用户,可以用以下命令
kubectl -n kubernetes-dashboard delete serviceaccount admin-user
kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user
5. 其他
关于dashboard的更多内容,可以查看dashboard的文档:
