一路走来,所有遇到的人,帮助过我的、伤害过我的都是朋友,没有一个是敌人。
Dashboard是商业智能仪表盘(business intelligence dashboard,BI dashboard)的简称,它是一般商业智能都拥有的实现数据可视化的模块,是向企业展示度量信息和关键业务指标(KPI)现状的数据虚拟化工具。
一、Dashboard 是 kubernetes 的图形化管理工具,可直观的看到k8s中各个类型控制器的当前运行情况,以及Pod的日志,另外也可直接在 dashboard 中对已有的资源进行资源清单的修改
二、Kubernetes 安装dashboard
1、登录官网查询dashboard 版本
官方GitHub:https://github.com/kubernetes/dashboard
#官网安装的最新版本是v2.7.0,但是不建议安装最新版本
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
2、主机域名配置
[root@master ~]# vi /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 8.8.8.8
3、安装v2.0.0版本
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
100%[=======================================================================================>] 7,552
28.9KB/s in 0.3s
[root@master ~]# ls -rlt | grep recommended.yaml #查看已经下载的 recommended.yaml
-rw-r--r-- 1 root root 7552 Apr 30 17:15 recommended.yaml
[root@master ~]#
4、执行安装命令,查看安装dashboard状态
[root@master ~]# kubectl apply -f recommended.yaml
。。。。。省略
deployment.apps/dashboard-metrics-scraper created
You have new mail in /var/spool/mail/root
5、查看dashboard 服务是否正常运行
[root@master ~]# kubectl get pods -n kubernetes-dashboard -o wide
三、配置启动Dashboard图形化界面
1、查询Dashboard type
kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
2、修改Dashboard type CLUSTER-IP 为 NodePort
[root@master ~]# kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard
查看结果
3、生成证书
#新建目录:
[root@master ~]# mkdir key && cd key
#生成证书
[root@master ~]# openssl genrsa -out dashboard.key 2048
#我用的master主机,也可以用node主机
[root@master ~]# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192,168.87.142'
[root@master ~]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboardcrt
#删除原有的证书secret
kube[root@master ~]# ctl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
#创建新的证书secret
[root@master ~]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
#查看pod
[root@master ~]# kubectl get pod -n kubernetes-dashboard
#重启pod
[root@master ~]# kubectl delete pod kubernetes-dashboard-74d688b6bc-7lqms -n kubernetes-dashboard
4、查看dashboard访问端口
[root@master key]# kubectl get svc -n kubernetes-dashboard
访问端口可以自动生成也可以在recommended.yaml 配置文件中指定
------------
5、访问https://192.168.87.142:31859/#/login
四、登录dashboard配置
1、创建用户令牌
[root@master ~]# vi admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
# 执行命令
[root@master ~]# kubectl create -f admin-user.yaml
2、绑定用户关系
[root@master ~]# vim admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
~
[root@master ~]# kubectl create -f admin-user-role-binding.yaml
3、获取令牌
[root@master ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-whglp
Namespace: kubernetes-dashboard
Labels:
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: ff2786d9-4ead-4b64-99b3-f54e69998d65
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImU1RVppZktZWlhrZWE3Vks0NjY2NXFQUWRGcnZQb3c0MjQtWnpTNThwM28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXdoZ2xwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJmZjI3ODZkOS00ZWFkLTRiNjQtOTliMy1mNTRlNjk5OThkNjUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.bEbnTbnkQb_2n-7PrOTlgTO9LtjgKlIgVllWchn4O5Ef1MlA4F8LBXDrxoV6d2-m2xwzrgUNBZv-JYYVFmwNEUA3ECMrBfq4gNSlRxPjSzlcBMfb2re3wyx2bDwg_YIqZSpnrYUXrtPS1NKMX4F67aqWHkOpU8EE_nBcYdwHCVRboaE5ju_G8Nh2jGH4TVpNI5BhfxigHOCYe5yCG2ix35RC8BojEafYhA-iefzPqvAy8Gd-L5H738EfbMzITZxeTz8IGf7R8NQIg1suecA1OUP7_gd3MunEQj7r-Jk774h-NLEN2Wo4VfL7DJglwDiLpaRRZ-VVYOl5wOARlJxwag
ca.crt: 1066 bytes
namespace: 20 bytes
You have new mail in /var/spool/mail/root
[root@master ~]#
#标红为token 用作密钥输入
4、效果展示
感谢CDSN各位大佬的经典博文,在迷茫时能够拨云见日,指点迷津,让我继续一路前行!
如有侵权,请留言,我及时删除!