1. 技术文章
  2. kubernetes系列教程(2)kubernetes 1.14.1集群部署 kubernetes-dashboard

kubernetes系列教程(2)kubernetes 1.14.1集群部署 kubernetes-dashboard

前提是你 提交于 2020-01-16 10:14:09

kubernetes系列教程(2)kubernetes 1.14.1集群部署 kubernetes-dashboard


k8s 默认没有 web 管理页面,可以通过安装呢 Dashboard 来增加一个管理界面

下载 Dashboard yaml 文件

[root@node-1 test]# wget http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml
--2020-01-12 15:17:47--  http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml
正在解析主机 pencil-file.oss-cn-hangzhou.aliyuncs.com (pencil-file.oss-cn-hangzhou.aliyuncs.com)... 118.31.219.216
正在连接 pencil-file.oss-cn-hangzhou.aliyuncs.com (pencil-file.oss-cn-hangzhou.aliyuncs.com)|118.31.219.216|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:4577 (4.5K) [application/octet-stream]
正在保存至: “kubernetes-dashboard.yaml”

100%[==================================================================>] 4,577       --.-K/s 用时 0s      

2020-01-12 15:17:47 (416 MB/s) - 已保存 “kubernetes-dashboard.yaml” [4577/4577])

打开下载的文件添加一项:type: NodePort,暴露出去 Dashboard 端口,方便外部访问。

.......
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort      #新增
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

这里部署可能存在一个问题,在 yaml 文件 kubernetes-dashboard.yaml 中拉取了一个镜像 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1,没有配置 docker 代理网络的可能拉取不下来,需要更换镜像源下载,如下:

更换镜像库下载
[root@node-1 ~]# docker pull  gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1
v1.10.1: Pulling from google_containers/kubernetes-dashboard-amd64
9518d8afb433: Pull complete 
Digest: sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747
Status: Downloaded newer image for gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1

重新打标签
[root@node-1 ~]# docker tag  gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1  k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

还需要修改文件里面的镜像拉取方式如下:

    spec:
      containers:
      - name: kubernetes-dashboard
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
        imagePullPolicy: IfNotPresent

部署

[root@node-1 test]# kubectl  create -f kubernetes-dashboard.yaml 
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created


[root@node-1 test]# kubectl get pods --all-namespaces -o wide | grep dashboard
kube-system   kubernetes-dashboard-5f7b999d65-n4sv8   1/1     Running   0          3m25s   10.244.1.3      node-2   <none>           <none>

创建简单用户

创建服务账号和集群角色绑定配置文件

创建 dashboard-adminuser.yaml 文件,加入以下内容:

[root@node-1 test]# vim dashboard-adminuser.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-admin
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system

创建用户和角色绑定

[root@node-1 test]# kubectl apply -f dashboard-adminuser.yaml 
serviceaccount/kubernetes-dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-admin created

查看 Token

[root@node-1 test]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-admin-token | awk '{print $1}')
Name:         kubernetes-dashboard-admin-token-4nccd
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard-admin
              kubernetes.io/service-account.uid: 015ea687-350e-11ea-94c5-525400b007f4

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi00bmNjZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAxNWVhNjg3LTM1MGUtMTFlYS05NGM1LTUyNTQwMGIwMDdmNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.tpThErVxP54-kNuuDF8U0N-dOw1T3qZjcLZ7PdUaFMCyo0Xxx0ZGDJQwUaD2VXslmcmar2xulFRwxuY_jpbkAnD5kipMlmvvhbGkkYpBxJOah3nplPGjE7_fm2NyfsbMpypIwbU1xEaStDArea7lzkQn9H1ojNXzw8wgUAqxDwr9zn0HIpiy9ckqg1fejUSYullmd6m92eVifIRmvFuN1lUrfti_ZyExvmgAcYZtGcrrWup12HJVndKA0Cqdc721fHd5GNWItCH-Uu9H3_qdlUG47DdrUKC3fhJPgBBD87ChvrRa-XYN5qak1AWwumy9RNwhFysKLp_QAoWFlimn1A
ca.crt:     1025 bytes

复制Token内容。

登录 Dashboard

查看 Dashboard 端口号

[root@node-1 test]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
kube-dns               ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   17h
kubernetes-dashboard   NodePort    10.109.191.121   <none>        443:30138/TCP            3m47s

访问 Dashboard

https://192.168.1.101:30138在这里插入图片描述

选择令牌,并输入上文中保留的 token 即可登录

在这里插入图片描述
在这里插入图片描述

https://yq.aliyun.com/articles/653081

标签
Kubernetes
dashboard
node
k8s
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!