开始之前请先部署好 k8s 集群,教程可参考另一篇文章 基于阿里云公网IP安装部署k8s集群 。
安装 kubernetes-dashboard
kubernetes-dashboard: Github
本例k8s版本是 v1.18.0,对应的 dashboard 是 v2.0.3 这个版本;具体版本对应可查看 https://github.com/kubernetes/dashboard/releases 。
- 执行以下命令安装
kubernetes-dashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml[root@lanweihong lanweihong]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created- 使用
kubectl get pods --all-namespaces查看,成功创建;
[root@lanweihong lanweihong]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7ff77c879f-ps2qk 1/1 Running 0 5m30s
kube-system coredns-7ff77c879f-z74sd 1/1 Running 0 5m30s
kube-system etcd-izm5e5rmf8lyj4q8ezhgbyz 1/1 Running 0 5m40s
kube-system kube-apiserver-izm5e5rmf8lyj4q8ezhgbyz 1/1 Running 0 5m40s
kube-system kube-controller-manager-izm5e5rmf8lyj4q8ezhgbyz 1/1 Running 0 5m40s
kube-system kube-flannel-ds-7cmxk 1/1 Running 0 4m
kube-system kube-proxy-lbkk2 1/1 Running 0 5m30s
kube-system kube-scheduler-izm5e5rmf8lyj4q8ezhgbyz 1/1 Running 0 5m39s
kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-xbkcl 1/1 Running 0 2m2s
kubernetes-dashboard kubernetes-dashboard-7f99b75bf4-cz8bw 1/1 Running 0 2m2s配置 kubernetes-dashboard
kubernetes-dashbaord 安装完成后,kubernetes-dashbaord 默认 service 的类型为 ClusterIP,为了能从外部访问控制面板,需要开放为 NodePort 类型:
# 查看现有服务
[root@lanweihong software]# kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 6m34s
kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 6m32s
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.97.111.147 <none> 8000/TCP 2m48s
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.107.193.11 <none> 443/TCP 2m48s- 修改为
NodePort类型
kubectl edit services -n kubernetes-dashboard kubernetes-dashboard将 type 改为 NodePort,保存退出;
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2021-04-11T10:18:54Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "33097"
selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
uid: 38jsd1sd-4045-448b-b70f-mia218mda8s
spec:
clusterIP: 10.102.198.114
ports:
- port: 443
protocol: TCP
targetPort: 8443
# 添加固定端口
nodePort: 30000
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
# 修改
type: NodePort
status:
loadBalancer: {}再次使用kubectl -n kubernetes-dashboard get service kubernetes-dashboard 查看服务,已成功修改。
[root@lanweihong lanweihong]# kubectl -n kubernetes-dashboard get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.107.193.11 <none> 443:30000/TCP 4m37s此时通过 https 访问 30000 端口即可打开 dashboard 控制台,需要 使用token 或 kubeconfig 登录,我们继续往下操作;
为了保证数据安全性,集群默认开启了RBAC认证授权,需要授权的用户才可以访问kubernetes集群,因此需要授权用户访问集群,集群中已经有了cluster-admin的角色,我们创建用户后关联角色即可:
[root@lanweihong lanweihong]# cat dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard创建 admin-user 用户,并与 cluster-admin 角色关联;
- 创建登录用户
[root@lanweihong k8s]# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created查看用户列表:
[root@lanweihong k8s]# kubectl get serviceaccounts -n kubernetes-dashboard
NAME SECRETS AGE
admin-user 1 3m28s
default 1 33m
kubernetes-dashboard 1 33m- 查看
admin-user的 token:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')- 拿到 token 后,使用 token 登录 kubenetes-dashboard
其他命令:
# 删除用户
kubectl -n kubernetes-dashboard delete serviceaccount admin-user
# 移除角色绑定
kubectl -n kubernetes-dashboard delete clusterrolebinding admin-userkubernetes-dashboard 提供了原生的k8s管理工具,提供一个便捷的可视化界面,方便使用控制台管理k8s资源,dashboard提供的功能相对原生,企业可以根据公司的需求通过api进行二次开发,以满足需求。对于k8s管理员而言,一般以使用命令行或yaml文件为主。