kubernetes使用 Dashboard

企业开发 2021-01-23 00:00:29 阅读次数: 0

k8s使用 Dashboard

官方文档地址:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

安装Dashboard

root@k8s-master:~# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看namespace

root@k8s-master:~# kubectl get namespace
NAME                   STATUS   AGE
kubernetes-dashboard   Active   16m
root@k8s-master:~# kubectl get deployment --namespace=kubernetes-dashboard kubernetes-dashboard
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard        1/1     1            1           15m
root@k8s-master:~# kubectl get service --namespace=kubernetes-dashboard kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes-dashboard        ClusterIP   10.110.248.161   <none>        443/TCP    34m

外网访问权限设置

kubectl proxy --address='0.0.0.0' --port=8888 --accept-hosts='^*$'
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' //默认8001端口

浏览器访问:
http://192.168.20.223:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

添加用户和绑定角色

cat > dash-admin-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:

- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
  EOF
root@k8s-master:~# kubectl apply -f dash-admin-user.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

生成token

root@k8s-master:~# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

输入内容:
Name:         admin-user-token-42kpk
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: ba33d8bd-e949-44d5-909e-e5c02148c966

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ilk1dmVfZ3k2SjVZZlQ1b0w0aW5QMksyd3R1Rl8zWTFEaEtETC01Y1hxT3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTQya3BrIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYTMzZDhiZC1lOTQ5LTQ0ZDUtOTA5ZS1lNWMwMjE0OGM5NjYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.nSWaPC1_GNnt9yBilQfWoQnuMJPRZ6u4rWCFMLf0fOOvlEYW3vH6K9fbiqCsaJ7nMuxgs9irYc0t6UtCnYgviEvCayzTgExw7D8GurUwCXK45vjMLCT2_QhsKoDBCHaXoux-HMvNEAsirDcwnxI3xHaNoF3JEBXau-B8wTNNmGz_2Wk4xa1SgmThR3NKapJOZqQshK0QvqnRS7Brr7Qb8HJZYeOD1i6vte3wSTGNiLN9tkpvQy-JFFthxInuIXvMXx3cBZrKho6wxnvpjMX7mtP4IqBDDg5DxKx126j4L-FM9upkfOrFbaHj_6fVkLiMUWE3xdka_w9mjijod28mig

记录最后一行的token。
如果没记录下来可以通过下面的方法查

找到用户名admin-user里的Mountable secretsadmin-user-token-42kpk,继续查:
kubectl describe secrets --namespace=kubernetes-dashboard admin-user-token-42kpk 就能输出token了

浏览器输入token还是不能登录,按F12Network里的config,错误是401 Unauthorized未授权,好像dashboard 1.7之后外网访问就不行了

{status: 401, plugins: [], errors: [{,…}]}
errors: [{,…}]
0: {,…}
ErrStatus: {metadata: {}, status: "Failure", message: "MSG_LOGIN_UNAUTHORIZED_ERROR", reason: "Unauthorized",…}
code: 401
message: "MSG_LOGIN_UNAUTHORIZED_ERROR"
metadata: {}
reason: "Unauthorized"
status: "Failure"
plugins: []
status: 401

解决方案参考:
https://segmentfault.com/a/1190000023130407

通过ssh转发端口的方式

在本地电脑输入
ssh -L localhost:8001:localhost:8001 -NT root@k8s-master
输入root密码成功转发,浏览器访问
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
输入token,登录,登录成功。

猜你喜欢

转载自blog.51cto.com/xiaozhenkai/2601481
今日推荐
周排行
STM32驱动四线I2C的OLED例程
Error querying database. Cause: org.apache.ibatis.builder.IncompleteElementException: Could not fin
写在前面的一些话
算法设计与分析 4.2 洪尼玛与网络攻防战
IntelliJ IDEA 创建Java项目
MySQL5.5服务器安装
vue-router 懒加载
百度网盘批量重命名器安卓手机版
Python - 具名元组(collections.namedtuple)
[bzoj2638]黑白染色——思维题+最短路 大佬们的博客 Some Links
每日归档
更多
2025-02-24(0)
2025-02-23(0)
2025-02-22(0)
2025-02-21(0)
2025-02-20(0)
2025-02-19(0)
2025-02-18(0)
2025-02-17(0)
2025-02-16(0)
2025-02-15(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022