碼上快樂

相關內容    簡體    繁體

Kubernetes 部署Dashboard UI

本文轉載自   查看原文   2021-09-28 23:04   262    kubernetes/ Dashboard UI/ 部署Dashboard/ k8s/ Dashboard/ Kubernetes

實踐環境

CentOS-7-x86_64-DVD-1810

Docker 19.03.9

Kubernetes version: v1.20.5

發布Dashboard

可以通過運行以下命令部署Dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

實踐如下

# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

訪問Dashboard UI

為了保護你的集群數據,默認情況下,Dashboard 會使用最少的 RBAC 配置進行部署。 當前,Dashboard 僅支持使用 Bearer 令牌登錄。

為演示樣本創建登錄Token

當前目錄下新建 dashboard-adminuser.yaml(文件名稱可自定義,執行命令時指定正確填寫對應文件名稱即可,下同不再贅述),內容如下

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

運行以下命令,根據上述配置文件創建名為admin-user,歸屬名稱空間為kubernetes-dashboard的服務帳號

# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created

新建 dashboard-cluster-role-binding.yaml,內容如下

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

備注:多數情況下,使用kopskubeadm、或其它流行工具配置好集群后,ClusterRole cluster-admin自動創建了。如果不存在,需要先手工創建,並授予必要權限。

運行以下命令,根據上述配置文件為服務賬號創建ClusterRoleBinding

# kubectl apply -f dashboard-cluster-role-binding.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

運行以下命令獲取Bear Token

# kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6ImhmajhXejRnVlFaR1huTnhESGZlQlpVQlZiQ0JqbG5UU19CS05TQktnV3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWNrdjVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzZmMxMGQ5Yi1mMmE4LTQ0YjMtYmIxNC1iNWM0ODEyMjM2NGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JXtlllOrXidMnUTOJt2Z8jkQctULLn0rlb0FwpTfjwcmZm9VknpYjUiek3C_1ddeptt6XanIwXQV58ZHNZ5qgImutZ1Tt9u5Nn25pFWNvcUsyeh_HSrebfOJUBQzj7c_3gC1VKQMSEiR8_d6b8dJBdtaYoQdhwyNciHqFkWyLkCZ5jD7DjOSQfFAQgqIf5ozLxFQiJXabCjagEnCO7nF2esGvlZLu1WiuE0TgR5cDFi2bLln7CTbSB75J96SEyrBsTG9-fp7ay5dH84do94obKo3zn-L1-GySMoj_2tPHcnCajXTpovdylot4wieHpvU26Ss1DsdkMvl8jVf9kO4pg[root@localhost ~]#

參考連接

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

命令行代理

可以使用kubectl命令行工具訪問Dashboard,如下:

# kubectl proxy

上述命令執行成功后,可通過以下鏈接訪問Dashboard,不過需要特別注意的是,該鏈接僅支持從運行上述命令的機器進行訪問,即不可遠程訪問。

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

實踐時,筆者嘗試增加參數運行上述命令,如下,這樣雖然可以解決不能遠程訪問的問題,但是依舊存在問題:點擊登錄,不跳轉。

# kubectl proxy --address=10.118.80.93 --accept-hosts='^*$'

注意:如果不加 --accept-hosts,訪問上述鏈接時,會提示 Forbidden

最終解決方案如下:

1、在安裝了dashboard的結點機上運行以下命令

# kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443
Forwarding from 0.0.0.0:443 -> 8443
Handling connection for 443
Handling connection for 443

2、通過https://node_ip鏈接進行訪問,其中node_ip為上述結點機的ip地址,如下

輸入上述獲取的Token,點擊登錄,完成

注意:Token有效時間為24小時,過期需要重新生成。

清理

運行以下命令,移除用於演示的管理員服務帳號和ClusterRoleBinding

# kubectl -n kubernetes-dashboard delete serviceaccount admin-user
# kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user

參考連接

https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/

https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md

https://github.com/kubernetes/dashboard/tree/master/docs


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Kubernetes 部署Web UI (Dashboard) Kubernetes(十三)部署Web UI(Dashboard) kubernetes dashboard 2.0 部署 學習kubernetes——部署dashboard kubernetes之部署dashboard 和heapster 部署kubernetes-dashboard 基於kubernetes集群部署DashBoard Kubernetes的UI界面Kubernetes Dashboard的搭建 kubernetes 1.14安裝部署dashboard Helm 安裝部署Kubernetes的dashboard
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM