3.3 安装 dashboard

github仓库地址

dashboard-2.0 版本中性能指标监控依赖于 metrics-server,yaml文件已经内置了,但命令行还是依赖上一章节部署的 metrics-server

最新版本是:v2.4.0

下载清单文件

wget -O dashboard-v2.4.0.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

修改清单文件

增加对外访问接口 NodePort,部署了 metallb 的也可以使用 LoadBalancer

使用 NodePort

cp dashboard-v2.4.0.yaml{,.ori}
sed -i '39a\  type: NodePort' dashboard-v2.4.0.yaml
sed -i '43a\      nodePort: 30443' dashboard-v2.4.0.yaml

使用 LoadBalancer

sed -i '39a\  type: LoadBalancer' dashboard-v2.4.0.yaml

修改镜像拉取策略

sed -i '48,58d' dashboard-v2.4.0.yaml # 创建自定义证书时需要
sed -i '/imagePullPolicy/s@Always@IfNotPresent@' dashboard-v2.4.0.yaml

diff dashboard-v2.4.0.yaml.ori dashboard-v2.4.0.yaml
39a40
>   type: NodePort
42a44
>       nodePort: 30443
53,63d54
<   name: kubernetes-dashboard-certs
<   namespace: kubernetes-dashboard
< type: Opaque
<
< ---
<
< apiVersion: v1
< kind: Secret
< metadata:
<   labels:
<     k8s-app: kubernetes-dashboard
191c182
<           imagePullPolicy: Always
---
>           imagePullPolicy: IfNotPresent

创建 kubernetes-dashboard 名称空间

kubectl create namespace kubernetes-dashboard
namespace/kubernetes-dashboard created

最新的谷歌浏览器用自带的证书页面无法访问,需使用自定义证书,如果是 Firefox 可以不需要

openssl genrsa -out dashboard.key 2048
openssl req -days 36500 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

创建 kubernetes-dashboard-certs 对象

kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key \
  --from-file=dashboard.crt -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created

部署 dashboard-v2.4.0

kubectl apply -f dashboard-v2.4.0.yaml

输出如下

Warning: resource namespaces/kubernetes-dashboard is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
namespace/kubernetes-dashboard configured
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

dashboard 创建 serviceAccount

tee dashboard-admin.yaml<<EOF
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard
EOF

kubectl create -f dashboard-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-bind-cluster-role created

获取token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret \
  | grep dashboard-admin | awk '{print $1}') | grep token: | awk '{print $2}'

输出如下

eyJhbGciOiJSUzI1NiIsImtpZCI6InBBWG9jOUFuWlNJMGQ5QnhEakRXUmVMV0xKSGEtMEpOdkM3cjBISUZOUkkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tejZ0czUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmVmMWQ0OTMtNDk2Ni00ZTExLTkxNTMtZDUzYzlkYTA3NTlmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.wlrgSQDXNwejbFDeAgTxBpOJLRMLr3mo8I_w0ymtXFLDM_NswrUuO-JV3AnqL8Kxb0TCP4Mp2NpNpxQ7rIREn1COqO41TvySaD0kWqHCaW6yOzR9pEAac0y6SKELQrBQYpE0wVaOnqHauG8q4oSlF5RoDA3Y_26bopHABj9W8v4lgSkdWwQov3pDYeixPKb-SqGt572fJsPnAJznDDm0dWJu5xYYUzR14i_WUBdiX90BH-cuO-COQXBwziZIQ84qpEJhltejili4fBL0FC9lnb9DNkYIaVLaXHsey2T4w3IRnSVL11fOkZGtaMAB4hXMO0J_5VvEwhRlajfC1nMeIA

访问 dashboard

打开浏览器 https://192.168.122.192输入上面获取到的 token 进行访问

kubernetes-dashboard

生成 kubeconfig 文件

DASHBOARD_TOKEN=$(kubectl get secret -n kubernetes-dashboard $(kubectl get secret -n kubernetes-dashboard \
  | grep dashboard-admin-token | awk '{print $1}') -o jsonpath={.data.token}|base64 -d)
kubectl config set-cluster kubernetes --server=192.168.122.100:8443 --kubeconfig=dashboard-admin.conf
kubectl config set-credentials dashboard-admin --token=${DASHBOARD_TOKEN} --kubeconfig=dashboard-admin.conf
kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=dashboard-admin.conf
kubectl config use-context dashboard-admin@kubernetes --kubeconfig=dashboard-admin.conf

拷贝 dashboard-admin.conf 到要访问集群 dashboard 的电脑上,登录时选择 kubeconfig 登录,并选择 dashboard-admin.conf 文件。

Copyright © huangzhongde.cn 2021 all right reserved,powered by Gitbook该文件修订时间: 2022-01-28 21:41:24

results matching ""

    No results matching ""