k8s之Dashboard插件部署及使用
目錄
1. Dashboard介紹
Dashboard(儀表盤)是基於Web的Kubernetes用戶界面。
可以使用儀表盤將容器化應用程序部署到Kubernetes集群,對容器化應用程序進行故障排除,並管理集群本身機器伴隨資源。
可以使用儀表盤來概述集群上運行的應用程序,以及創建或修改單個Kubernetes資源(例如部署,作業,守護進程等)。
例如:可以使用部署向導擴展部署,啟動滾動更新,重新啟動Pod或部署新應用程序。儀表盤還提供有關集群中Kubernetes資源狀態以及可能發生的任何錯誤的信息。
2. 服務器環境
本次部署環境為k8s多Master節點
3. 在K8S工具目錄中創建dashboard工作目錄
[root@master01 ~]# mkdir /opt/k8s/dashboard
[root@master01 ~]# cd !$
cd /opt/k8s/dashboard
[root@master01 dashboard]# rz -E
#上傳Dashboard.zip壓縮包
rz waiting to receive.
[root@master01 dashboard]# unzip Dashboard.zip
#解壓
Archive: Dashboard.zip
inflating: dashboard-configmap.yaml
inflating: dashboard-controller.yaml
inflating: dashboard-rbac.yaml
inflating: dashboard-secret.yaml
inflating: dashboard-service.yaml
inflating: k8s-admin.yaml
inflating: dashboard-cert.sh
[root@master01 dashboard]# ls
dashboard-cert.sh dashboard-controller.yaml dashboard-secret.yaml Dashboard.zip
dashboard-configmap.yaml dashboard-rbac.yaml dashboard-service.yaml k8s-admin.yaml
4. 核心文件說明
| 核心文件 | 說明 |
|---|---|
| dashboard-rbac.yaml | 用於訪問控制設置,配置各種角色的訪問控制權限及角色綁定(綁定角色和服務賬戶),內容中包含對應各種角色所配置的規則(rules) |
| dashboard-secret.yaml | 提供令牌,訪問API服務器所用(個人理解為一種安全認證機制) |
| dashboard-configmap.yaml | 配置模板文件,負責設置Dashboard的文件,ConfigMap提供了將配置數據注入容器的方式,保證容器中的應用程序配置從Image內容中解耦 |
| dashboard-controller.yaml | 負責控制器即服務賬戶的創建,來管理pod副本 |
| dashboard-service.yaml | 負責將容器中的服務提供出去,供外部訪問 |
| Dashboard一共有7個文件,其中包含5個構建該界面的核心文件,一個k8s-admin.yaml文件是自己寫的,用來生成待會在瀏覽器中登錄時所用的令牌;一個dashboard-cert.sh,用來快速生成解決谷歌瀏覽器加密通信所需的證書文件。 | |
| 核心文件官方下載資源地址:https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard |
4.1 查看dashboard-rbac.yaml
[root@master01 dashboard]# cat dashboard-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
#主要參數說明:
#kind: ServiceAccount 創建service用戶,k8s中有兩種用戶,一種是ServiceAccount(給集群中的pod來訪問集群用的),還有一種是具體的user(給咱們用戶使用)
#metadata 創建資源對象的一些元數據
#labels 標簽信息
#name 資源對象名稱
#namespace 命令空間
#kind: ClusterRoleBinding 創建用於集群綁定的角色,可以幫ServiceAccount綁定到具體的角色中、組中,使它有相應的訪問權限
#kind: ClusterRole k8s中有兩種角色,一種是ClusterRole(針對於整個集群的命名空間都起作用),還有一種是普通的角色(只對單個命名空間起作用)
4.2 查看dashboard-secret.yaml
[root@master01 dashboard]# cat dashboard-secret.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
# Allows editing resource and makes sure it is created first.
addonmanager.kubernetes.io/mode: EnsureExists
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
# Allows editing resource and makes sure it is created first.
addonmanager.kubernetes.io/mode: EnsureExists
name: kubernetes-dashboard-key-holder
namespace: kube-system
type: Opaque
4.3 查看dashboard-configmap.yaml
[root@master01 dashboard]# cat dashboard-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
k8s-app: kubernetes-dashboard
# Allows editing resource and makes sure it is created first.
addonmanager.kubernetes.io/mode: EnsureExists
name: kubernetes-dashboard-settings
namespace: kube-system
4.4 查看dashboard-controller.yaml
[root@master01 dashboard]# cat dashboard-controller.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-dashboard
image: siriuszg/kubernetes-dashboard-amd64:v1.8.3
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 50m
memory: 100Mi
ports:
- containerPort: 8443
protocol: TCP
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
- name: tmp-volume
mountPath: /tmp
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
tolerations:
- key: "CriticalAddonsOnly"
operator: "Exists"
#主要參數說明:
#kind: Deployment 是整個集群中使用最頻繁的對象,咱們應用服務一般都是使用Deployment來創建
#spec.selector.matchLabels 匹配某個標簽
#spec.template.spec.serviceAccountName 指定創建的serviceAccount,使用該賬戶來訪問集群
#spec.template.spec.containers.resources 對容器使用資源限制
#spec.template.spec.containers.ports.containerPort 指定暴露的端口
#spec.template.spec.containers.livenessProbe 健康檢查
#spec.template.spec.containers.livenessProbe.initialDelaySeconds 檢查間隔時間設置
#spec.template.spec.containers.livenessProbe.timeoutSeconds 檢查超時設置
4.5 查看dashboard-service.yaml
[root@master01 dashboard]# cat dashboard-service.yaml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
nodePort: 30001
#主要參數說明:
#type: NodePort 可以通過在節點上使用nodeIP+端口訪問服務
#spec.ports.port 為service在clusterIP暴露的端口
#spec.ports.targetPort 對應容器映射在pod上的端口
#spec.ports.nodePort 為nodeIP暴露的端口
4.6 查看k8s-admin.yaml
[root@master01 dashboard]# cat k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
4.7 查看dashboard-cert.sh
[root@master01 dashboard]# cat dashboard-cert.sh
#!/bin/bash
#examle: ./dashboard-cert.sh /opt/k8s/k8s-cert/
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
#定義一個變量,使用位置變量賦值,作用是指定你證書(依賴證書)的位置
K8S_CA=$1
#根據指定位置的證書進行創建和自簽操作
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
#生成的文件:
#dashboard.csr:證書請求文件
#dashboard-key.pem:證書私鑰
#dashboard.pem:數字簽名證書
#清空命名空間中的認證
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#重新創建生成到指定的目錄中(當前目錄)
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
5. 通過kubectl create命令創建resources
5.1 dashboard-rbac.yaml
規定kubernetes-dashboard-minimal該角色的權限:例如其中具備獲取更新刪除等不同的權限
[root@master01 dashboard]# kubectl create -f dashboard-rbac.yaml
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
#有幾個kind就會有幾個結果被創建,格式為kind+apiServer/name
查看類型為Role,RoleBinding的資源對象kubernetes-dashboard-minimal是否生成
[root@master01 dashboard]# kubectl get role,rolebinding -n kube-system
#-n kube-system表示查看指定命名空間中的pod,缺省值為default
NAME AGE
role.rbac.authorization.k8s.io/extension-apiserver-authentication-reader 3d8h
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal 2m42s
role.rbac.authorization.k8s.io/system::leader-locking-kube-controller-manager 3d8h
role.rbac.authorization.k8s.io/system::leader-locking-kube-scheduler 3d8h
role.rbac.authorization.k8s.io/system:controller:bootstrap-signer 3d8h
role.rbac.authorization.k8s.io/system:controller:cloud-provider 3d8h
role.rbac.authorization.k8s.io/system:controller:token-cleaner 3d8h
NAME AGE
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal 2m42s
rolebinding.rbac.authorization.k8s.io/system::leader-locking-kube-controller-manager 3d8h
rolebinding.rbac.authorization.k8s.io/system::leader-locking-kube-scheduler 3d8h
rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer 3d8h
rolebinding.rbac.authorization.k8s.io/system:controller:cloud-provider 3d8h
rolebinding.rbac.authorization.k8s.io/system:controller:token-cleaner 3d8h
5.2 dashboard-secret.yaml
證書和密鑰創建
[root@master01 dashboard]# kubectl create -f dashboard-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
查看類型為Secret的資源對象kubernetes-bashboard-crets,kubernetes-dashboard-key-holder是否生成
[root@master01 dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
default-token-4nhtx kubernetes.io/service-account-token 3 3d8h
kubernetes-dashboard-certs Opaque 0 107s
kubernetes-dashboard-key-holder Opaque 0 107s
5.3 dashboard-configmap.yaml
配置文件,對於集群dashboard設置的創建
[root@master01 dashboard]# kubectl create -f dashboard-configmap.yaml
configmap/kubernetes-dashboard-settings created
查看類型為ConfigMap的資源對象kubernetes-dashboard-settings是否生成
[root@master01 dashboard]# kubectl get configmap -n kube-system
NAME DATA AGE
extension-apiserver-authentication 1 3d8h
kubernetes-dashboard-settings 0 73s
5.4 dashboard-controller.yaml
創建容器需要的控制器以及服務賬戶
[root@master01 dashboard]# kubectl create -f dashboard-controller.yaml
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
查看類型為ServiceAccount,Deployment的資源對象kubernetes-dashboard-setting是否生成
[root@master01 dashboard]# kubectl get serviceaccount,deployment -n kube-system
NAME SECRETS AGE
serviceaccount/default 1 3d8h
serviceaccount/kubernetes-dashboard 1 2m39s
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/kubernetes-dashboard 1 1 1 1 2m39s
5.5 dashboard-service.yaml
將服務發布出去
[root@master01 dashboard]# kubectl create -f dashboard-service.yaml
service/kubernetes-dashboard created
查看創建在指定的kube-system命名空間下的pod和service狀態信息
[root@master01 dashboard]# kubectl get pods,svc -n kube-system -o wide
#svc為service的縮寫,可用
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod/kubernetes-dashboard-65f974f565-nk4r8 1/1 Running 0 5m7s 172.17.97.3 192.168.122.12 <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.98 <none> 443:30001/TCP 3m37s k8s-app=kubernetes-dashboard
6. 為node節點准備加載dashboard鏡像(node節點,以node01為例,該步驟可省略)
為提高速度,我這里已將siriuszg/kubernetes-dashboard-amd64:v1.8.3鏡像壓縮成tar包,在node節點釋放該鏡像。
該步驟也可省略,node節點會通過kubernetes公有倉庫去自動拉取該鏡像。
[root@node01 ~]# cd /opt
[root@node01 opt]# rz -E
#上傳鏡像包
rz waiting to receive.
[root@node01 opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 87a94228f133 2 weeks ago 133MB
centos 7 eeb6ee3f44bd 6 weeks ago 204MB
nginx 1.14 295c7be07902 2 years ago 109MB
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64 3.0 99e59f495ffa 5 years ago 747kB
[root@node01 opt]# docker load -i dashboard.tar
#載入該鏡像
23ddb8cbb75a: Loading layer [==================================================>] 102.8MB/102.8MB
Loaded image: siriuszg/kubernetes-dashboard-amd64:v1.8.3
[root@node01 opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 87a94228f133 2 weeks ago 133MB
centos 7 eeb6ee3f44bd 6 weeks ago 204MB
nginx 1.14 295c7be07902 2 years ago 109MB
siriuszg/kubernetes-dashboard-amd64 v1.8.3 784cf2722f44 3 years ago 102MB
registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64 3.0 99e59f495ffa 5 years ago 747kB
7. 訪問測試(多瀏覽器)
不同瀏覽器的安全訪問策略和防護級別是不同的,由於我們沒有給dashboard做證書,因此使用不同的瀏覽器可能會出現不同的效果,本次使用我們最常用的Edge/Chrome、火狐以及360瀏覽器進行測試。
由於dashboard-service.yaml定義的nodePort: 30001,因此我們的測試地址應該是pod所屬node的30001端口。
7.1 Edge瀏覽器
無法訪問,由於Edge使用的是Chrome內核,因此Google的Chrome也是相同效果,可通過以下步驟查看問題。
chrome瀏覽器在Security項下查看
發現問題是缺少證書,那么我們為其制作證書即可。
7.1.1 修改dashbaord-controller.yaml
[root@master01 dashboard]# cd /opt/k8s/dashboard/
[root@master01 dashboard]# vim dashboard-controller.yaml
......
args:
# PLATFORM-SPECIFIC ARGS HERE
##在文件的第47行下面添加以下兩行,指定加密(tls)的私鑰和證書文件
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
7.1.2 執行腳本dashboard-cret.sh
[root@master01 dashboard]# cd /opt/k8s/dashboard/
[root@master01 dashboard]# chmod +x dashboard-cert.sh
[root@master01 dashboard]# ./dashboard-cert.sh /opt/k8s/k8s-cert/
2021/11/01 02:35:39 [INFO] generate received request
2021/11/01 02:35:39 [INFO] received CSR
2021/11/01 02:35:39 [INFO] generating key: rsa-2048
2021/11/01 02:35:39 [INFO] encoded CSR
2021/11/01 02:35:39 [INFO] signed certificate with serial number 233541316653231246492121295508109281063386014227
2021/11/01 02:35:39 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
7.1.3 在dashboard工作目錄下將生成兩個證書、
[root@master01 dashboard]# ls *.pem
dashboard-key.pem dashboard.pem
7.1.4 重新部署dashboard-controller.yaml
注意:當apply不生效時,先使用delete清除資源,再apply創建資源
[root@master01 dashboard]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
7.1.5 查看分配節點和端口號
由於可能會更換所分配的節點,所以要再次查看一下分配的節點服務器地址和端口號
[root@master01 dashboard]# kubectl get pods,svc -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
pod/kubernetes-dashboard-7dffbccd68-d8nzh 1/1 Running 0 2m39s 172.17.54.4 node01 <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/kubernetes-dashboard NodePort 10.0.0.98 <none> 443:30001/TCP 149m k8s-app=kubernetes-dashboard
查看發現node節點更換為node1,也就是192.168.122.11。
端口號仍是30001。
7.1.6 訪問查看
到此頁面,說明可以訪問,保持該頁面,測試下一個瀏覽器。
7.2 火狐瀏覽器
進入該頁面,說明可以訪問,保持該頁面,測試下一個瀏覽器。
7.3 360瀏覽器
360瀏覽器雖然顯示證書風險,但未出現任何阻止瀏覽或風險提示窗口,直接可進入登錄頁面。
7.4 令牌獲取
7.4.1 使用k8s-admin.yaml文件進行創建令牌
[root@master01 dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
7.4.2 獲取token簡要信息,名稱為dashboard-admin-token-xxxxx
[root@master01 dashboard]# kubectl get secrets -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-n5dcl kubernetes.io/service-account-token 3 86s
default-token-4nhtx kubernetes.io/service-account-token 3 3d11h
kubernetes-dashboard-certs Opaque 11 19m
kubernetes-dashboard-key-holder Opaque 2 170m
kubernetes-dashboard-token-kkpxs kubernetes.io/service-account-token 3 165m
7.4.3 查看令牌序列號,截取“token:”后面的內容
[root@master01 dashboard]# kubectl describe secrets dashboard-admin-token-n5dcl -n kube-system
Name: dashboard-admin-token-n5dcl
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: e3600e3f-3a7b-11ec-adb1-000c2959bebe
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbjVkY2wiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZTM2MDBlM2YtM2E3Yi0xMWVjLWFkYjEtMDAwYzI5NTliZWJlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.kCkjHd8bfgecC_sNrsauvkBy7O09dQY7KAbz-2pNnDwEdKNkAR4y7cwC8zCNLsul7uuHVZs5hCp6iGti1EeUUEMoy8cEBlC4WDOxSQdJQzi9RTCSkCHrReql2nGfGpFHx15JkcyB2CY8BBBRaUvIbe6phX5sOmUlJWf5K4FI0sQHYpefH0vYSr8CWWCeccajlDZPEqgLkUpAUMHT2fjhJNfWgbTZDBMEye6nnyQjS92s8qECF1jBgRbIfTZKWHqPRpKmbz9oFKnKlcH2BBgDonpE3cDSfmSTH6SgYDHKQuGAwV_vjIIP_GMxdXmM_ymGZAdcdw9kd0EBCSdOQH8yIw
7.4.5 使用令牌登錄dashboard
將令牌序列號復制填入到瀏覽器頁面中,點擊登錄
登錄成功
8. dashboard操作
8.1 命名空間
8.2 節點
8.3 角色
8.4 工作負載
8.5 命令行
[root@node01 opt]# curl 172.17.54.3
this is nginx_dashboard_test web
8.6 日志
8.7 創建容器
設定完成后,點擊部署
完成部署,通過master節點查看
[root@master01 dashboard]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-7d498867b6-5mv26 1/1 Running 0 5m15s
nginx-7d498867b6-spkgq 1/1 Running 0 5m15s
nginx-7d498867b6-w9dvq 1/1 Running 0 5m15s
nginx-test-7dc4f9dcc9-bklg4 1/1 Running 0 6h18m
[root@master01 dashboard]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-7d498867b6-5mv26 1/1 Running 0 5m20s 172.17.54.5 node01 <none>
nginx-7d498867b6-spkgq 1/1 Running 0 5m20s 172.17.97.4 192.168.122.12 <none>
nginx-7d498867b6-w9dvq 1/1 Running 0 5m20s 172.17.97.3 192.168.122.12 <none>
nginx-test-7dc4f9dcc9-bklg4 1/1 Running 0 6h18m 172.17.54.3 node01 <none>