【学习笔记13】每天5分钟，玩转kubernetes-13(Dashboard)

第十三章 Kubernetes Dashboard

13.1 安装

说明: 本测试环境的kubernete的版本是1.15.3

13.1.1 安装dashboard

#安装
$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml -O kubernetes-dashboard-v1.10.yaml

修改镜像地址
修改其中的镜像地址k8s.gcr.io-->registry.aliyuncs.com/google_containers

#修改镜像k8s.gcr.io-->registry.aliyuncs.com/google_containers 
sed -i 's/k8s.gcr.io/国内可访问镜像地址/g' kubernetes-dashboard.yaml
vim kubernetes-dashboard.yaml   
      containers:
      - name: kubernetes-dashboard
        image: registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1

修改service为NodePort

#修改service配置
#修改端口
sed -i '/targetPort:/a\ \ \ \ \ \ nodePort: 30001\n\ \ type: NodePort' kubernetes-dashboard.yaml
cat kubernetes-dashboard.yaml
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  type: NodePort

#也可以如下修改
$kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

布署dashboard

#布署dashboard
$kubectl apply -f k8s-dashboard.yaml  

#查看deployment
$kubectl get deployment  --all-namespaces  
NAMESPACE     NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   coredns                1/2     2            1           111m
kube-system   kubernetes-dashboard   1/1     1            1           10m

#查看service
[root@k8s-master-122132071 k8s]# kubectl get services  --all-namespaces          
NAMESPACE     NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes             ClusterIP   10.10.0.1       <none>        443/TCP                  112m
kube-system   kube-dns               ClusterIP   10.10.0.10      <none>        53/UDP,53/TCP,9153/TCP   112m
kube-system   kubernetes-dashboard   NodePort    10.10.104.126   <none>        443:30001/TCP            9m31s
#查看pods
kubectl get pods -n kube-system -o wide
#查看服务
netstat -ntlp|grep 30001
tcp6       0      0 :::30001                :::*                    LISTEN      47175/kube-proxy

13.1.2 访问dashboard

有以下三种方式：

kubernetes-dashboard 服务暴露了 NodePort，可以使用 http://NodeIP:nodePort 地址访问
dashboard

通过 API server 访问 dashboard（https 6443端口和http 8080端口方式）

通过 kubectl proxy 访问 dashboard

用node:port访问
可以用https://k8s-master-122132071:30001/来访问dashboard

用proxy访问
通过 kubectl proxy 访问 dashboard

通过 API server 访问dashboard
获取集群服务地址列表，并用KubeDNS访问.

kubectl cluster-info
Kubernetes master is running at https://10.122.132.71:6443
KubeDNS is running at https://10.122.132.71:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

13.2 配置登录权限

13.2.1 创建访问用户和授权

#
$kubectl create serviceaccount  dashboard-admin -n kube-system
#
$kubectl create clusterrolebinding  dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

查看访问Dashboard的认证令牌

 kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')                  
Name:         dashboard-admin-token-q728p
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: df6def0e-c716-4497-ac6a-94bc8aebda18

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzxxgfbO_FHi6APGQK1d6wOoPBMtTjsECBgZEjvDT2qoOkB7By4abUGiQwrRG6tHg
ca.crt:     1025 bytes
namespace:  11 bytes

输入token
输入Token就可以登录了。

13.3 Dashboard界面

image.png

13.4典型使用

13.4.1 部署Deployment

Deployment