【K8S】K8S 1.18.2安装dashboard(基于kubernetes-dashboard 2.0.0版本)
写在前面
K8S集群部署成功了,如何对集群进行可视化管理呢?别着急,接下来,咱们一块儿搭建kubernetes-dashboard来解决这个问题。html
有关K8S集群的安装能够参考《【K8S】基于单Master节点安装K8S集群》node
有关Metrics-Service的安装能够参考《【K8S】K8s部署Metrics-Server服务》git
安装部署dashboard
1.查看pod运行状况github
[root@binghe101 ~]# kubectl get pods -A -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system calico-kube-controllers-5b8b769fcd-l2tmm 1/1 Running 2 15h 172.18.203.71 binghe101 <none> <none> kube-system calico-node-7b7fx 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> kube-system calico-node-8krsl 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> kube-system coredns-546565776c-rd2zr 1/1 Running 2 15h 172.18.203.72 binghe101 <none> <none> kube-system coredns-546565776c-x8r7l 1/1 Running 2 15h 172.18.203.73 binghe101 <none> <none> kube-system etcd-binghe101 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-apiserver-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-controller-manager-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-proxy-cgq5n 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> kube-system kube-proxy-qnffb 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-scheduler-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> kube-system metrics-server-57bc7f4584-cwsn8 1/1 Running 0 109m 172.18.229.68 binghe102 <none> <none>
2.下载recommended.yaml文件编程
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
3.修改recommended.yaml文件vim
vim recommended.yaml
须要修改的内容以下所示。api
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增长
ports:
- port: 443
targetPort: 8443
nodePort: 30000 #增长
selector:
k8s-app: kubernetes-dashboard
---
#由于自动生成的证书不少浏览器没法使用,因此咱们本身建立,注释掉kubernetes-dashboard-certs对象声明
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
4.建立证书浏览器
mkdir dashboard-certs cd dashboard-certs/ #建立命名空间 kubectl create namespace kubernetes-dashboard # 建立key文件 openssl genrsa -out dashboard.key 2048 #证书请求 openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert' #自签证书 openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt #建立kubernetes-dashboard-certs对象 kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
5.安装dashboardbash
kubectl create -f ~/recommended.yaml
注意:这里可能会报以下所示。服务器
Error from server (AlreadyExists): error when creating "./recommended.yaml": namespaces "kubernetes-dashboard" already exists
这是由于咱们在建立证书时,已经建立了kubernetes-dashboard命名空间,因此,直接忽略此错误信息便可。
6.查看安装结果
[root@binghe101 ~]# kubectl get pods -A -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system calico-kube-controllers-5b8b769fcd-l2tmm 1/1 Running 2 15h 172.18.203.71 binghe101 <none> <none> kube-system calico-node-7b7fx 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> kube-system calico-node-8krsl 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> kube-system coredns-546565776c-rd2zr 1/1 Running 2 15h 172.18.203.72 binghe101 <none> <none> kube-system coredns-546565776c-x8r7l 1/1 Running 2 15h 172.18.203.73 binghe101 <none> <none> kube-system etcd-binghe101 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-apiserver-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-controller-manager-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-proxy-cgq5n 1/1 Running 2 15h 192.168.175.102 binghe102 <none> <none> kube-system kube-proxy-qnffb 1/1 Running 2 15h 192.168.175.101 binghe101 <none> <none> kube-system kube-scheduler-binghe101 1/1 Running 3 15h 192.168.175.101 binghe101 <none> <none> kube-system metrics-server-57bc7f4584-cwsn8 1/1 Running 0 133m 172.18.229.68 binghe102 <none> <none> kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-qccwt 1/1 Running 0 102s 172.18.229.75 binghe102 <none> <none> kubernetes-dashboard kubernetes-dashboard-7b544877d5-s8cgd 1/1 Running 0 102s 172.18.229.74 binghe102 <none> <none>
[root@binghe101 ~]# kubectl get service -n kubernetes-dashboard -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR dashboard-metrics-scraper ClusterIP 10.96.249.138 <none> 8000/TCP 2m21s k8s-app=dashboard-metrics-scraper kubernetes-dashboard NodePort 10.96.219.128 <none> 443:30000/TCP 2m21s k8s-app=kubernetes-dashboard
7.建立dashboard管理员
建立dashboard-admin.yaml文件。
vim dashboard-admin.yaml
文件的内容以下所示。
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
保存退出后执行以下命令建立管理员。
kubectl create -f ./dashboard-admin.yaml
8.为用户分配权限
建立dashboard-admin-bind-cluster-role.yaml文件。
vim dashboard-admin-bind-cluster-role.yaml
文件内容以下所示。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
保存退出后执行以下命令为用户分配权限。
kubectl create -f ./dashboard-admin-bind-cluster-role.yaml
9.查看并复制用户Token
在命令行执行以下命令。
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
具体执行状况以下所示。
[root@binghe101 ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-p8tng
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: c3640b5f-cd92-468c-ba01-c886290c41ca
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlVsRVBqTG5RNC1oTlpDS2xMRXF2cFIxWm44ZXhWeXlBRG5SdXpmQXpDdWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcDh0bmciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzM2NDBiNWYtY2Q5Mi00NjhjLWJhMDEtYzg4NjI5MGM0MWNhIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.XOrXofgbk5EDa8COxOkv31mYwciUGXcBD9TQrb6QTOfT2W4eEpAAZUzKYzSmxLeHMqvu_IUIUF2mU5Lt6wN3L93C2NLfV9jqaopfq0Q5GjgWNgGRZAgsuz5W3v_ntlKz0_VW3a7ix3QQSrEWLBF6YUPrzl8p3r8OVWpDUndjx-OXEw5pcYQLH1edy-tpQ6Bc8S1BnK-d4Zf-ZuBeH0X6orZKhdSWhj9WQDJUx6DBpjx9DUc9XecJY440HVti5hmaGyfd8v0ofgtdsSE7q1iizm-MffJpcp4PGnUU3hy1J-XIP0M-8SpAyg2Pu_-mQvFfoMxIPEEzpOrckfC1grlZ3g
能够看到,此时的Token值为:
eyJhbGciOiJSUzI1NiIsImtpZCI6IlVsRVBqTG5RNC1oTlpDS2xMRXF2cFIxWm44ZXhWeXlBRG5SdXpmQXpDdWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcDh0bmciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzM2NDBiNWYtY2Q5Mi00NjhjLWJhMDEtYzg4NjI5MGM0MWNhIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.XOrXofgbk5EDa8COxOkv31mYwciUGXcBD9TQrb6QTOfT2W4eEpAAZUzKYzSmxLeHMqvu_IUIUF2mU5Lt6wN3L93C2NLfV9jqaopfq0Q5GjgWNgGRZAgsuz5W3v_ntlKz0_VW3a7ix3QQSrEWLBF6YUPrzl8p3r8OVWpDUndjx-OXEw5pcYQLH1edy-tpQ6Bc8S1BnK-d4Zf-ZuBeH0X6orZKhdSWhj9WQDJUx6DBpjx9DUc9XecJY440HVti5hmaGyfd8v0ofgtdsSE7q1iizm-MffJpcp4PGnUU3hy1J-XIP0M-8SpAyg2Pu_-mQvFfoMxIPEEzpOrckfC1grlZ3g
查看dashboard界面
在浏览器中打开连接 https://192.168.175.101:30000 ,以下所示。
这里,咱们选择Token方式登陆,并输入在命令行获取到的Token,以下所示。
点击登陆后进入dashboard,以下所示。
因为咱们在《【K8S】K8s部署Metrics-Server服务》一文中安装了Metrics-Server服务,因此,咱们能够查看节点服务器CPU和内存的使用状况,以下所示。
至此,dashboard 2.0.0安装成功。
写在最后
若是以为文章对你有点帮助,请微信搜索并关注「 冰河技术 」微信公众号,跟冰河学习各类编程技术。
最后附上K8S最全知识图谱连接:
祝你们在学习K8S时,少走弯路。