09--在k8s中部署Dashboard可视化面板
1.1 下载并修改yaml
- 地址https://github.com/kubernetes/dashboard
# a. 下载yaml
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
# b. yaml镜像替换成阿里云对应的版本,再本地进行tag改名
docker pull registry.aliyuncs.com/google_containers/dashboard:v2.7.0
docker tag registry.aliyuncs.com/google_containers/dashboard:v2.7.0 kubernetesui/dashboard:v2.7.0
docker pull registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.8
docker tag registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.8 kubernetesui/metrics-scraper:v1.0.8
1.2 安装
# a. 安装
kubectl apply -f recommended.yaml
root@master1:~/yaml# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
# b.查看pod,svc信息 dashboard部署在node1(ip 10.0.0.71 )上了
root@master1:~/yaml# kubectl get pods -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-64bcc67c9c-xd5jr 1/1 Running 0 47s 10.244.2.41 node2.lec.org <none> <none>
kubernetes-dashboard-5c8bd6b59-ggczm 1/1 Running 0 47s 10.244.1.25 node1.lec.org <none> <none>
root@master1:~/yaml# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.103.35.157 <none> 8000/TCP 2m30s
kubernetes-dashboard ClusterIP 10.109.137.244 <none> 443/TCP 2m30s
# c. 修改ingress-nginx
root@master1:~/yaml# kubectl get svc -n ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.107.40.204 <pending> 80:32038/TCP,443:31295/TCP 41h
ingress-nginx-controller-admission ClusterIP 10.104.29.134 <none> 443/TCP 41h
root@master1:~/yaml# kubectl edit svc ingress-nginx-controller -n ingress-nginx
###下面为修改内容
externalTrafficPolicy: Local
#修改为
externalTrafficPolicy: Cluster
externalIPs:
- 10.0.0.71
# d. 解析
echo "10.0.0.71 demo.test.nginx" >> /etc/hosts
# e. 创建ingress-kubernetes-dashboard.yaml
cat > ingress-kubernetes-dashboard.yaml<<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
namespace: kubernetes-dashboard
spec:
ingressClassName: nginx
rules:
- host: demo.test.nginx
http:
paths:
- backend:
service:
name: kubernetes-dashboard
port:
number: 443
path: / # 访问前缀,如/dashboard则浏览器访问https://demo.test.nginx/dashboard/
pathType: Prefix
EOF
# 运行
root@master1:~/yaml# kubectl apply -f ingress-kubernetes-dashboard.yaml
ingress.networking.k8s.io/dashboard created
# 查看
root@master1:~/yaml# kubectl get ingress -n kubernetes-dashboard
NAME CLASS HOSTS ADDRESS PORTS AGE
dashboard nginx demo.test.nginx 80 11s
# f.浏览器访问
https://demo.test.nginx/#/login
1.3 token登录
# a. 创建service账号dashboard-admin
[root@master ~]# kubectl create serviceaccount dashboard-admin
# b. dashboard-admin绑定角色cluster-admin
[root@master ~]# kubectl create clusterrolebinding dashboard-admin-rb --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin
# c. 创建Secret
cat dashboard-admin-token.yaml
apiVersion: v1
kind: Secret
metadata:
name: dashboard-admin-secret
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: dashboard-admin
type: kubernetes.io/service-account-token
#
kubectl apply -f dashboard-admin-token.yaml
# 查看token
root@master01:~/yaml# kubectl describe secret dashboard-admin-secret -n kubernetes-dashboard
Name: dashboard-admin-secret
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: baf7be54-17ac-4e53-8b8c-6cd7106e4992
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImtjZkRSbDExajRpN05FV3pRRDh0NUplRWJNSkhISC1MaFhmYzc4alJWOXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tc2VjcmV0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJhZjdiZTU0LTE3YWMtNGU1My04YjhjLTZjZDcxMDZlNDk5MiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpkYXNoYm9hcmQtYWRtaW4ifQ.uZYy9iYCPOEUIOY-dcbRhUodKtecmhHjZcx1DaUrzZvWFkWEMWxLzN1vUtH1HL88S1j6ObM4wF3P7Yaf873k1b35hGFD0oOCKFTdxhTgVeE59FinPXZF7Hm3wJF68avvISQvQ40YI5a856VxqjYUUjeYMw6dXuVbPTxQgFGfx-Th0oZblj4FR8e878ObZFjMSv3zJzzyomdbW_slbG5WbQzxMmI4F_JvHeIEtr_fH3ACZqrr2mIqphDzUzWCfRXvwY9zVlroQNJtJTumcShsSHIh2GpsbIieZ_yvQaDnI2I4fshdAO9I2EEdrkM0v_kTY0JE94IXzg-uiqE5McTk8Q
# e. 复制token,在浏览器登录
版权声明:本文为Wsjm666原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。