kubernetes部署dashboard可视化插件

版权声明：本文为博主原创文章，转载请注明出处。 https://blog.csdn.net/networken/article/details/85607593

dashboard简介

Kubernetes 大部分的操作都是通过命令行工具 kubectl 完成的，为了提供更丰富的用户体验，Kubernetes 还开发了一个基于 Web 的 Dashboard，用户可以用 Kubernetes Dashboard 部署容器化的应用、监控应用的状态、执行故障排查任务以及管理 Kubernetes 各种资源。
在 Kubernetes Dashboard 中可以查看集群中应用的运行状态，也能够创建和修改各种 Kubernetes 资源，比如 Deployment、Job、DaemonSet 等。用户可以 Scale Up/Down Deployment、执行 Rolling Update、重启某个 Pod 或者通过向导部署新的应用。Dashboard 能显示集群中各种资源的状态以及日志信息。
官方参考链接：
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/#deploying-the-dashboard-ui

kubernetes集群准备

kubeadm部署3节点kubernetes1.13.0集群（1master节点+2node节点），集群部署参考：
https://blog.csdn.net/networken/article/details/84991940

部署dashboard

安装dashboard
Kubernetes 默认没有部署 Dashboard，可通过如下命令安装：

kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

获取kubernetes-dashboard.yaml文件：
由于yml文件中指定镜像从google仓库下载，这里先下载yaml文件，替换镜像下载路径从阿里云镜像仓库下载：

[centos@k8s-master ~]$wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
#替换images路径
[centos@k8s-master ~]$ vim kubernetes-dashboard.yaml
......
 containers:
      - name: kubernetes-dashboard
        #image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
        ports:
......

然后执行以下命令部署dashboard服务：

[centos@k8s-master ~]$ kubectl create -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
[centos@k8s-master ~]$

Dashboard 会在 kube-system namespace 中创建自己的 Deployment 和 Service。

[centos@k8s-master ~]$ kubectl get deployment kubernetes-dashboard --namespace=kube-system
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1/1     1            1           21m
[centos@k8s-master ~]$
[centos@k8s-master ~]$ kubectl get service kubernetes-dashboard --namespace=kube-system
NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.104.254.251   <none>        443:30001/TCP   21m
[centos@k8s-master ~]$

查看pod状态运行正常：

[centos@k8s-master ~]$ kubectl get pod --namespace=kube-system -o wide | grep kubernetes-dashboard
kubernetes-dashboard-847f8cb7b8-wrm4l   1/1     Running   0          19m   10.244.2.5      k8s-node2    <none>           <none>
[centos@k8s-master ~]$

因为 Service 是 ClusterIP 类型，为了便于本地访问，我们可通过以下命令修改成 NodePort 类型，并指定端口为30001，修改后可以基于ip:30001的方式来访问。
在文件中的spec部分下添加type: NodePort和nodePort: 30001，添加位置如下所示:

[centos@k8s-master ~]$  kubectl edit service kubernetes-dashboard --namespace=kube-system
......
spec:
  clusterIP: 10.104.254.251
  externalTrafficPolicy: Cluster
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
    nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

保存修改再次查看service，此时修改已经生效，TYPE为NodePort，端口为30001。

[centos@k8s-master ~]$ kubectl --namespace=kube-system get service kubernetes-dashboard     
NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.233.207.111   <none>        443:30001/TCP   3m22s
[centos@k8s-master ~]$ 

通过浏览器访问 Dashboard ，https://192.168.92.56:30001/，登录界面如下：

创建登录令牌
Dashboard 支持 Kubeconfig 和 Token 两种认证方式，我们这里选择Token方式登录。
创建admin-user.yaml文件，内容如下：

[centos@k8s-master ~]$ vim admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system

执行：kubectl create -f admin-user.yaml，并查看service

[centos@k8s-master ~]$ kubectl create -f admin-user.yaml
serviceaccount/admin created
clusterrolebinding.rbac.authorization.k8s.io/admin created
[centos@k8s-master ~]$ kubectl describe serviceaccounts admin -n kube-system
Name:                admin
Namespace:           kube-system
Labels:              k8s-app=kubernetes-dashboard
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   admin-token-nngz2
Tokens:              admin-token-nngz2
Events:              <none>
[centos@k8s-master ~]$

获取token名称后查看token：

[centos@k8s-master ~]$ kubectl describe secrets admin-token-nngz2 -n kube-system
Name:         admin-token-nngz2
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 69c9d23c-fea1-11e8-b2e3-000c291c2                                                                               5f3

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY                                                                               2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSI                                                                               sImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1ubmd6M                                                                               iIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiI                                                                               sImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjY5YzlkMjNjL                                                                               WZlYTEtMTFlOC1iMmUzLTAwMGMyOTFjMjVmMyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJ                                                                               lLXN5c3RlbTphZG1pbiJ9.kuQAF7LsA_80ql-4hGhyn7ScR77NmlU7hNUqxP-gYnZyiaWTznse7FA9uvwr                                                                               15Mmb2yO-_7McaCLER77VJkDalLV0kdwG6PG05c4vxT-7HBzg6TFch1jLHSx2QIso5LfKm4sz_Mm7agYT5                                                                               bFGBSWZKt5Lk6wITewx78QkIipdz3F7oqlRNE0abrk6BdX3RcIVwt--ooFGKnEzLtZ9epc8w0TceQLl2p-                                                                               pbZj093Us44Xjc8P8_lnvmjwqfM8Y2ukdcGnJNTSu3u_zkUK_G8dsq9LdqJORkVh4gf29XONQcx-DD1NOw                                                                               Yiektw0DlxEab8fwT8nqWqqsj4Ea1xtWfTCg
[centos@k8s-master ~]$

复制最后一行token:后的内容,登录dashboard:

admin登录dashboard
为了简化配置，我们也可以通过配置文件 dashboard-admin.yaml 为 Dashboard 默认用户赋予 admin 权限。

[centos@k8s-master ~]$ vim dashboard-admin.yaml 
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubrnetes-dashboard
subjects:
   - kind: ServiceAccount
     name: kubernetes-dashboard
     namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin

执行 kubectl apply 使之生效。

[centos@k8s-master ~]$ kubectl apply -f dashboard-admin.yaml 
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
[centos@k8s-master ~]$ 

现在直接点击登录页面的 SKIP 也可以进入 Dashboard 。