dashboard可以给用户提供一个可视化的 Web 界面来查看当前集群的各种信息。用户可以用 Kubernetes Dashboard 部署容器化的应用、监控应用的状态、执行故障排查任务以及管理 Kubernetes 各种资源
Kubernetes-Dashboard 的安装步骤主要有以下几步:
安装部署 kubernetes-dashboard
创建访问账户
访问 kubernetes-dashboard 的 UI 界面
安装dashboard
[root@k8s-master ~]# curl https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml > kubernetes-dashboard.yaml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4577 100 4577 0 0 7527 0 --:--:-- --:--:-- --:--:-- 7540
[root@k8s-master ~]# sed -i "s/k8s.gcr.io/registry.cn-hangzhou.aliyuncs.com\/google_containers/g" ./kubernetes-dashboard.yaml
[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
访问地址:
https://<MASTER_IP>:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
Dashboard 支持 Kubeconfig 和 Token 两种认证方式,我们这里选择Token认证方式登录:
创建登录用户
[root@k8s-master ~]# cat > dashboard_service_account_admin.yaml << EOF > apiVersion: v1 > kind: ServiceAccount > metadata: > name: admin-user > namespace: kube-system > EOF[root@k8s-master ~]# kubectl apply -f dashboard_service_account_admin.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/admin-user configured
创建集群角色绑定
[root@k8s-master ~]# cat > dashboard_cluster_role_binding_admin.yaml << EOF > apiVersion: rbac.authorization.k8s.io/v1 > kind: ClusterRoleBinding > metadata: > name: admin-user > roleRef: > apiGroup: rbac.authorization.k8s.io > kind: ClusterRole > name: cluster-admin > subjects: > - kind: ServiceAccount > name: admin-user > namespace: kube-system > EOF[root@k8s-master ~]# kubectl apply -f dashboard_cluster_role_binding_admin.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
clusterrolebinding.rbac.authorization.k8s.io/admin-user configured
获取用户登录 Token:
[root@k8s-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') > admin-token.yaml && cat admin-token.yaml
Name: admin-user-token-ztr5d
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 2e6cb0ae-0442-431f-9a57-1d7fbf2c06b5
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXp0cjVkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyZTZjYjBhZS0wNDQyLTQzMWYtOWE1Ny0xZDdmYmYyYzA2YjUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Myu3i6HKxE9InMCPiS3GPbLAWoad5GLthYtHSynELjrA6D0H8PuYuhy93tpXfnS5DJHYer2j1gCXKIOcjzZ5J7BREckgqjOdJNKmh8dkGhVirf6NAvtrNyGMv1cJT9rOY6Z6V-RnM--H_4nFt6JRRdyuoOp8j1UO7ae5yob72K7-vQB7dPKl0T0dJFZyTGE_65Bm4YGreGgzdH44PmWa9rzWnbpfx1tW3pTNO-PQXjibtSBj2io1Wc4iO50wI7TB7DBQ0rOBqaue-_GvbLPNlB0f9HsBk2my2KBFLNGtPJGxcAxYngQSicu-DDM-_tbP15czDSpyC1fwfKbzh6Qx1g
ca.crt: 1025 bytes
namespace: 11 bytes
[root@k8s-master ~]# grep 'client-certificate-data' $HOME/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
[root@k8s-master ~]# grep 'client-key-data' $HOME/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
[root@k8s-master ~]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-web-client"
Enter Export Password: #密码自己设置
Verifying - Enter Export Password:
把获取到的Token复制到登录界面的Token输入框中:
成功登陆dashboard:
