K8S 1.18.2安裝dashboard(基於kubernetes-dashboard 2.0.0版本)
寫在前面
K8S集群部署成功了,如何對集群進行可視化管理呢?別着急,接下來,我們一起搭建kubernetes-dashboard來解決這個問題。
有關K8S集群的安裝可以參考《【K8S】基於單Master節點安裝K8S集群》
有關Metrics-Service的安裝可以參考《【K8S】K8s部署Metrics-Server服務》
安裝部署dashboard
1.查看pod運行情況
1 [root@binghe101 ~]# kubectl get pods -A -o wide 2 NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 3 kube-system calico-kube-controllers-5b8b769fcd-l2tmm 1/1 Running 2 15h 172.18.203.71 binghe101 <none> <none> 4 kube-system calico-node-7b7fx 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> 5 kube-system calico-node-8krsl 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> 6 kube-system coredns-546565776c-rd2zr 1/1 Running 2 15h 172.18.203.72 binghe101 <none> <none> 7 kube-system coredns-546565776c-x8r7l 1/1 Running 2 15h 172.18.203.73 binghe101 <none> <none> 8 kube-system etcd-binghe101 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> 9 kube-system kube-apiserver-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> 10 kube-system kube-controller-manager-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> 11 kube-system kube-proxy-cgq5n 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> 12 kube-system kube-proxy-qnffb 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> 13 kube-system kube-scheduler-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> 14 kube-system metrics-server-57bc7f4584-cwsn8 1/1 Running 0 109m 172.18.229.68 binghe102 <none> <none>
2.下載recommended.yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
3.修改recommended.yaml文件
vim recommended.yaml
需要修改的內容如下所示。
1 --- 2 kind: Service 3 apiVersion: v1 4 metadata: 5 labels: 6 k8s-app: kubernetes-dashboard 7 name: kubernetes-dashboard 8 namespace: kubernetes-dashboard 9 spec: 10 type: NodePort #增加 11 ports: 12 - port: 443 13 targetPort: 8443 14 nodePort: 30000 #增加 15 selector: 16 k8s-app: kubernetes-dashboard 17 --- 18 #因為自動生成的證書很多瀏覽器無法使用,所以我們自己創建,注釋掉kubernetes-dashboard-certs對象聲明 19 #apiVersion: v1 20 #kind: Secret 21 #metadata: 22 # labels: 23 # k8s-app: kubernetes-dashboard 24 # name: kubernetes-dashboard-certs 25 # namespace: kubernetes-dashboard 26 #type: Opaque 27 ---
4.創建證書
1 mkdir dashboard-certs 2 3 cd dashboard-certs/ 4 5 #創建命名空間 6 kubectl create namespace kubernetes-dashboard 7 8 # 創建key文件 9 openssl genrsa -out dashboard.key 2048 10 11 #證書請求 12 openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert' 13 14 #自簽證書 15 openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 16 17 #創建kubernetes-dashboard-certs對象 18 kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
5.安裝dashboard
kubectl create -f ~/recommended.yaml
注意:這里可能會報如下所示。
Error from server (AlreadyExists): error when creating "./recommended.yaml": namespaces "kubernetes-dashboard" already exists 這是因為我們在創建證書時,已經創建了kubernetes-dashboard命名空間,所以,直接忽略此錯誤信息即可。
6.查看安裝結果
1 [root@binghe101 ~]# kubectl get pods -A -o wide 2 NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 3 kube-system calico-kube-controllers-5b8b769fcd-l2tmm 1/1 Running 2 15h 172.18.203.71 binghe101 <none> <none> 4 kube-system calico-node-7b7fx 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> 5 kube-system calico-node-8krsl 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> 6 kube-system coredns-546565776c-rd2zr 1/1 Running 2 15h 172.18.203.72 binghe101 <none> <none> 7 kube-system coredns-546565776c-x8r7l 1/1 Running 2 15h 172.18.203.73 binghe101 <none> <none> 8 kube-system etcd-binghe101 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> 9 kube-system kube-apiserver-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> 10 kube-system kube-controller-manager-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> 11 kube-system kube-proxy-cgq5n 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> 12 kube-system kube-proxy-qnffb 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> 13 kube-system kube-scheduler-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> 14 kube-system metrics-server-57bc7f4584-cwsn8 1/1 Running 0 133m 172.18.229.68 binghe102 <none> <none> 15 kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-qccwt 1/1 Running 0 102s 172.18.229.75 binghe102 <none> <none> 16 kubernetes-dashboard kubernetes-dashboard-7b544877d5-s8cgd 1/1 Running 0 102s 172.18.229.74 binghe102 <none> <none> 17 [root@binghe101 ~]# kubectl get service -n kubernetes-dashboard -o wide 18 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 19 dashboard-metrics-scraper ClusterIP 10.96.249.138 <none> 8000/TCP 2m21s k8s-app=dashboard-metrics-scraper 20 kubernetes-dashboard NodePort 10.96.219.128 <none> 443:30000/TCP 2m21s k8s-app=kubernetes-dashboard
7.創建dashboard管理員
創建dashboard-admin.yaml文件。
vim dashboard-admin.yaml
文件的內容如下所示。
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
保存退出后執行如下命令創建管理員。
kubectl create -f ./dashboard-admin.yaml
8.為用戶分配權限
創建dashboard-admin-bind-cluster-role.yaml文件。
vim dashboard-admin-bind-cluster-role.yaml
文件內容如下所示。
1 apiVersion: rbac.authorization.k8s.io/v1 2 kind: ClusterRoleBinding 3 metadata: 4 name: dashboard-admin-bind-cluster-role 5 labels: 6 k8s-app: kubernetes-dashboard 7 roleRef: 8 apiGroup: rbac.authorization.k8s.io 9 kind: ClusterRole 10 name: cluster-admin 11 subjects: 12 - kind: ServiceAccount 13 name: dashboard-admin 14 namespace: kubernetes-dashboard
保存退出后執行如下命令為用戶分配權限。
kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
9.查看並復制用戶Token
在命令行執行如下命令。
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}') 具體執行情況如下所示。
1 [root@binghe101 ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}') 2 Name: dashboard-admin-token-p8tng 3 Namespace: kubernetes-dashboard 4 Labels: <none> 5 Annotations: kubernetes.io/service-account.name: dashboard-admin 6 kubernetes.io/service-account.uid: c3640b5f-cd92-468c-ba01-c886290c41ca 7 8 Type: kubernetes.io/service-account-token 9 10 Data 11 ==== 12 ca.crt: 1025 bytes 13 namespace: 20 bytes 14 token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlVsRVBqTG5RNC1oTlpDS2xMRXF2cFIxWm44ZXhWeXlBRG5SdXpmQXpDdWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcDh0bmciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzM2NDBiNWYtY2Q5Mi00NjhjLWJhMDEtYzg4NjI5MGM0MWNhIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.XOrXofgbk5EDa8COxOkv31mYwciUGXcBD9TQrb6QTOfT2W4eEpAAZUzKYzSmxLeHMqvu_IUIUF2mU5Lt6wN3L93C2NLfV9jqaopfq0Q5GjgWNgGRZAgsuz5W3v_ntlKz0_VW3a7ix3QQSrEWLBF6YUPrzl8p3r8OVWpDUndjx-OXEw5pcYQLH1edy-tpQ6Bc8S1BnK-d4Zf-ZuBeH0X6orZKhdSWhj9WQDJUx6DBpjx9DUc9XecJY440HVti5hmaGyfd8v0ofgtdsSE7q1iizm-MffJpcp4PGnUU3hy1J-XIP0M-8SpAyg2Pu_-mQvFfoMxIPEEzpOrckfC1grlZ3g
可以看到,此時的Token值為:
1 eyJhbGciOiJSUzI1NiIsImtpZCI6IlVsRVBqTG5RNC1oTlpDS2xMRXF2cFIxWm44ZXhWeXlBRG5SdXpmQXpDdWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcDh0bmciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzM2NDBiNWYtY2Q5Mi00NjhjLWJhMDEtYzg4NjI5MGM0MWNhIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.XOrXofgbk5EDa8COxOkv31mYwciUGXcBD9TQrb6QTOfT2W4eEpAAZUzKYzSmxLeHMqvu_IUIUF2mU5Lt6wN3L93C2NLfV9jqaopfq0Q5GjgWNgGRZAgsuz5W3v_ntlKz0_VW3a7ix3QQSrEWLBF6YUPrzl8p3r8OVWpDUndjx-OXEw5pcYQLH1edy-tpQ6Bc8S1BnK-d4Zf-ZuBeH0X6orZKhdSWhj9WQDJUx6DBpjx9DUc9XecJY440HVti5hmaGyfd8v0ofgtdsSE7q1iizm-MffJpcp4PGnUU3hy1J-XIP0M-8SpAyg2Pu_-mQvFfoMxIPEEzpOrckfC1grlZ3g
查看dashboard界面
在瀏覽器中打開鏈接 https://192.168.175.101:30000 ,如下所示。
這里,我們選擇Token方式登錄,並輸入在命令行獲取到的Token,如下所示。
點擊登錄后進入dashboard,如下所示。
由於我們在《【K8S】K8s部署Metrics-Server服務》一文中安裝了Metrics-Server服務,所以,我們可以查看節點服務器CPU和內存的使用情況,如下所示。
至此,dashboard 2.0.0安裝成功。
寫在最后
如果覺得文章對你有點幫助,請微信搜索並關注「 冰河技術 」微信公眾號,跟冰河學習各種編程技術。
最后附上K8S最全知識圖譜鏈接:
祝大家在學習K8S時,少走彎路。