k8s dashboard安装

安装

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
$ kubectl apply -f recommended.yaml

注意,版本要和k8s版本匹配,具体参考:https://github.com/kubernetes/dashboard/releases

拉镜像:

$ docker pull kubernetesui/dashboard:v2.5.1

更改为nodePort

把刚下载的 recommended.yaml 中443和8443位置所在的Service加一句,如下图:
k8s dashboard安装_第1张图片

重新启动生效:

$ kubectl apply -f recommended.yaml 

查看是否在运行

$ kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-799d786dbf-6bx5b   1/1     Running   0          18s
kubernetes-dashboard-6b6b86c4c5-7jgsk        1/1     Running   0          18s

找到所在Node节点:

$ kubectl get pods -o wide -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-799d786dbf-stdff   1/1     Running   0          15m   10.244.1.8   node01   <none>           <none>
kubernetes-dashboard-fb8648fd9-kkx47         1/1     Running   0          15m   10.244.1.7   node01   <none>           <none>

找到Service的端口:

$ kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.101.201.191   <none>        8000/TCP        32m
kubernetes-dashboard        NodePort    10.102.41.203    <none>        443:30538/TCP   32m

这里显示是node01,那么在浏览器中的地址就是:https://node01-IP:30538

登录界面

此时,如果用chrome访问,会出现不安全的网站的提示:
k8s dashboard安装_第2张图片

此时,随便点击 chrome 空白位置,输入 thisisunsafe 即进入登录界面。
k8s dashboard安装_第3张图片

有2种认证方式,我们使用token来登录。

Token查看

找到secret名称:

$ kubectl get secret -n kubernetes-dashboard
NAME                               TYPE                                  DATA   AGE
default-token-92tvb                kubernetes.io/service-account-token   3      44m
kubernetes-dashboard-certs         Opaque                                0      44m
kubernetes-dashboard-csrf          Opaque                                1      44m
kubernetes-dashboard-key-holder    Opaque                                2      44m
kubernetes-dashboard-token-kzzcz   kubernetes.io/service-account-token   3      44m

查看 secret 的值:

$ kubectl describe secret kubernetes-dashboard-token-kzzcz -n kubernetes-dashboard
Name:         kubernetes-dashboard-token-kzzcz
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 3906dcf6-5daf-484c-abed-ef8583a8781f

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjlSYjV6YkpmeGpmTTV5cGdxWHJVYVdiQ2Q2aWV3N0F0SEJCamc5TFJTOVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1renpjeiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjM5MDZkY2Y2LTVkYWYtNDg0Yy1hYmVkLWVmODU4M2E4NzgxZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.KgDZGiiUPGeLT4QD4AH1CStOpECfHAMDqNCcnN2nrhd2koiWyoJp1yi0kUyNdLDmHA2RYW7_Dff-vRICfwDgi9V15KHLIU7VBtxFiIiHdyQ6tHH5BkV0yLnE-jW3zeXnpZ2RcFbPalVZnHA-0YybhnTy8Fxen642Lx7Lp8o_zTRL1aIrmuREJWiKiC6rZqy3mcLj7mqnQbVf7Hstx48rFa6MltHZfhEBMUL_ngd4LxNndYseFuIQWlwoX89NhabTU91TxboXPGvcdbgpp_sxp5hv0lsR1Jsdlh2FIsXOkZdLbkOEsLhDANK6Oo6aBpIYFcAMYW8FetsGz5H7Oli7nQ
ca.crt:     1099 bytes
namespace:  20 bytes

把token拷贝进去,登录即可。
k8s dashboard安装_第4张图片

错误

RBAC权限问题

虽然部署好了,但是啥都没有,过一会,报了好些个错误:
k8s dashboard安装_第5张图片

经过查询,是由于权限问题导致。需要把 kubernetes-dashboard绑定cluster-admin权限。

$ kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard

clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created

此时,刷新页面就出来了:
k8s dashboard安装_第6张图片

参考:

  • kubernetes(k8s)中部署dashboard可视化面板
  • 两种方法k8s安装dashboard组件
  • Kubernetes Dashboard 安装配置
  • k8s安装dashboard
  • Kubernetes-Dashboard 在 chrome(证书不可信任)解决办法
  • k8s-安装dashboard

你可能感兴趣的:(docker,后端开发,kubernetes,docker,容器)