首页 > Web开发 > 详细

Kubernetes Dashboard安装步骤

时间:2021-05-01 20:53:58      阅读:32      评论:0      收藏:0      [点我收藏+]

一、Kubernetes Dashboard安装步骤

Kubernetes Dashboard github地址

1. 集群master节点执行如下命令:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

2.查看pod运行情况,Runing说明正常运行

kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-78f5d9f487-l8xfs   1/1     Running   0          2m19s
kubernetes-dashboard-577bd97bc-69fq5         1/1     Running   0          2m19s

3.查看dashboard的service状况,默认为ClusterIP,只能在集群内部访问

kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.96.105.243   <none>        8000/TCP   3m43s
kubernetes-dashboard        ClusterIP   10.100.158.78   <none>        443/TCP    3m43s

4.修改dashboard的service为NodePort

 kubectl patch svc kubernetes-dashboard -p ‘{"spec":{"type":"NodePort"}}‘ -n kubernetes-dashboard

通过打补丁的方式修改service的type为NodePort

kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.96.105.243   <none>        8000/TCP        7m28s
kubernetes-dashboard        NodePort    10.100.158.78   <none>        443:30377/TCP   7m28s

再次查看service类型已经修改为NodePort,端口为30377,随机生成,用于后面登录

5.查看serviceaccount用户名字

kubectl get serviceaccount -n kubernetes-dashboard
NAME                   SECRETS   AGE
default                1         3m2s
kubernetes-dashboard   1         3m2s

该用户用于登录dashboard,管理集群相关信息。

6.查看kubernetes-dashboard用户信息

kubectl describe serviceaccounts  kubernetes-dashboard -n kubernetes-dashboard 
Name:                kubernetes-dashboard
Namespace:           kubernetes-dashboard
Labels:              k8s-app=kubernetes-dashboard
Annotations:         Image pull secrets:  <none>
Mountable secrets:   kubernetes-dashboard-token-kq9mm
Tokens:              kubernetes-dashboard-token-kq9mm
Events:              <none>

7.获取kubernetes-dashboard用户的token信息,用于ssl登录认证

kubectl describe secrets kubernetes-dashboard-token-kq9mm -n kubernetes-dashboard
Name:         kubernetes-dashboard-token-kq9mm
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 7162662b-327f-450f-9043-2f37776da296

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjRlYjhnb2ZPYndKYThsSWJJZUpCcWtOWlNtMlVESHgzQ0hvOVQ3VjIyNVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1rcTltbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcxNjI2NjJiLTMyN2YtNDUwZi05MDQzLTJmMzc3NzZkYTI5NiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.bNqFeGg4NhZs3oVf7tUh1Nvw2yM3W6BXJ4qNVCfBKOjhHM15V_uGAU7rt22Phihy3gUW2kK9IPu_FvzdclThDYkF1d7wkaCIy_erfzFtv7t79Vv5vKuQfbNri1OP5W-V3a9d5yOHF0gAKNqKOhAb-VTuR9NtCafgpe7nulUwT1b9mEO6pjNICOBy-ilLOCPcqvo0ARufcErA6Adt9LP15fE0y43Rjq3Var7QWK22FxsiN-riuloXRPciLN9a5Z3cnFm0NRZTZK7Bv7VUV5vx6XGEddYMbYC-o9EqCaa9b-GGha1Tf0yhgX0lY90ifMMase40ya2QRFHdjmzIalMIyw

8.访问master节点30377端口,注意为https协议。

https://10.0.0.21:30377

技术分享图片
点击继续前往,也可以直接在键盘输入
thisisnotsafe,回车即可。
技术分享图片
选择token,复制第7步查到的token,点击登录。
技术分享图片
登录之后会发现有许多错误信息,是因为dashboard默认创建的用户所绑定的角色权限不够。

9.查看kubernetes-dashboard用户绑定的集群角色,为kubernetes-dashboard角色

kubectl describe clusterrolebinding kubernetes-dashboard -n kubernetes-dashboard
Name:         kubernetes-dashboard
Labels:       <none>
Annotations:  Role:
  Kind:       ClusterRole
  Name:       kubernetes-dashboard
Subjects:
  Kind            Name                  Namespace
  ----            ----                  ---------
  ServiceAccount  kubernetes-dashboard  kubernetes-dashboard

10.查看kubernetes-dashboard角色权限信息,发现只有node和pod的get,list,watch权限

kubectl describe clusterrole kubernetes-dashboard
Name:                   kubernetes-dashboard
Labels:                 k8s-app=kubernetes-dashboard
Annotations:            PolicyRule:
  Resources             Non-Resource URLs  Resource Names  Verbs
  ---------             -----------------  --------------  -----
  nodes.metrics.k8s.io  []                 []              [get list watch]
  pods.metrics.k8s.io   []                 []              [get list watch]

11.创建一个新的用户dashboard-admin

kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard

12.为该用户绑定cluster-admin权限,该权限拥有管理员权限

kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin

13.获取新管理员用户的token

kubectl describe sa dashboard-admin -n kubernetes-dashboard
Name:                dashboard-admin
Namespace:           kubernetes-dashboard
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   dashboard-admin-token-jq8t4
Tokens:              dashboard-admin-token-jq8t4
Events:              <none>


kubectl describe secrets dashboard-admin-token-jq8t4 -n kubernetes-dashboard
Name:         dashboard-admin-token-jq8t4
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 507a6b02-7747-43f9-a7bb-38c52f2eb85f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjRlYjhnb2ZPYndKYThsSWJJZUpCcWtOWlNtMlVESHgzQ0hvOVQ3VjIyNVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tanE4dDQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTA3YTZiMDItNzc0Ny00M2Y5LWE3YmItMzhjNTJmMmViODVmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.UR0bmhfcPtgIVF41Ozqx6peKu-VRlIExX6Is8Xhwq0kl0vL64vP187iRXtED-WoRPCF55BR87qL9wwSe6qTr76MCFHuEFU4gycscy6A0ahRklI5nYROkEHskV4B_lCrA-Q_IcGECEwPIhL91KH47sWNxUe5D1UL3k1j0rmw98Ur3oKhTRLN96L28rir7RSk1rAEFSGjjmqoT_Xi4pbmiMHjveI-XiSKZMEtrSgnPc-txGceQxhmUqXCjMqE2VSKetKfXgTyNmTR9y4xcHsaYYg_UwaICVMmWLg-xwgQmrKHGZmpHk6x-2lQPBuKFD8YNMYNC8nj_mRLQWYPq_xegyg

14.使用新管理员用户的token登录

技术分享图片
一切显示正常。

Kubernetes Dashboard安装步骤

原文:https://www.cnblogs.com/yangjiahui/p/14724515.html
(0)
(0)
   
举报
评论 一句话评论(0
分享档案
更多>
2021年09月23日 (328)
2021年09月24日 (313)
2021年09月17日 (191)
2021年09月15日 (369)
2021年09月16日 (411)
2021年09月13日 (439)
2021年09月11日 (398)
2021年09月12日 (393)
2021年09月10日 (160)
2021年09月08日 (222)
最新文章
更多>
教程昨日排行
更多>
友情链接
汇智网   PHP教程   插件网  
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!