Book source: "CKA/CKAD Examination Guide: Complete Strategy from Docker to Kubernetes"
While studying, I organize the teacher's course content and test notes and share them with everyone. Infringement will be deleted. Thank you for your support!
Attached is a summary post: CKA exam preparation experiment | Summary-CSDN Blog
All the previous operations are performed on the command line. In fact, there are many web interface tools to help us manage kubernetes, such as KubeSphere, rancher, etc. This section mainly talks about how to install the dashboard that comes with kubernetes.
Step 1: Download and install the yaml files required by the dashboard.
Download dashboard-recommended.yaml (the download address is https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml ). After downloading, you can name it dashboard-recommended.yaml, or (no duplicate names) is uploaded to the master (vms10).
Step 2: View the image used by this file.
##########实操验证##########
[root@vms10 ~]# grep image dashboard-recommended.yaml
image: kubernetesui/dashboard:v2.0.0
imagePullPolicy: Always
image: kubernetesui/metrics-scraper:v1.0.4
[root@vms10 ~]#
Download these two images on all nodes and change the image download policy to IfNotPresent.
Step 3: Apply dashboard-recommended.yaml.
##########实操验证##########
[root@vms10 ~]# kubectl apply -f dashboard-recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@vms10 ~]#
This file will create a namespace kubernetes-dashboard.
Step 4: View svc in the kubernetes-dashboard namespace.
##########实操验证##########
[root@vms10 ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.105.203 <none> 8000/TCP 16s
kubernetes-dashboard ClusterIP 10.105.122.44 <none> 443/TCP 16s
[root@vms10 ~]#
Step 5: Use the kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard command to change the type of kubernetes-dashboard to NodePort.
##########实操验证##########
[root@vms10 ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.105.203 <none> 8000/TCP 54s
kubernetes-dashboard NodePort 10.105.122.44 <none> 443:31527/TCP 54s
[root@vms10 ~]#
Step 6: Access the dashboard through port 31112 of the physical machine and enter https://192.168.26.10:31112/ in the address bar. Click the "Advanced" button, as shown in Figure 15-4.
Click the "Accept the risk and continue" button, as shown in Figure 15-5.
Here you can use kubeconfig to log in, or you can use Token to log in. Use Token to log in here, as shown in Figure 15-6. So how many tokens are there?
Step 7: Determine which sa the dashboard pod is running as.
Check the file dashboard-recommended.yaml. All resources (roles, deployment, etc.) defined in it are run in the namespace kubernetes-dashboard. Find the serviceAccountName field in the section that defines deployment. You can confirm that the dashboard process is running as the kubernetes-dashboard sa in the namespace kubernetes-dashboard.
Grant relevant permissions to this sa:
##########实操验证##########
[root@vms10 ~]# kubectl create clusterrolebinding dashsa --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashsa created
[root@vms10 ~]#
Here, the cluster role cluster-admin is authorized directly to it.
Step 8: View the secret in the kubernetes-dashboard namespace.
##########实操验证##########
[root@vms10 ~]# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-8jwsj kubernetes.io/service-account-token 3 5m24s
kubernetes-dashboard-certs Opaque 0 5m24s
kubernetes-dashboard-csrf Opaque 1 5m24s
kubernetes-dashboard-key-holder Opaque 2 5m24s
kubernetes-dashboard-token-4k2wm kubernetes.io/service-account-token 3 5m24s
[root@vms10 ~]#
Here you can see that the secret corresponding to this sa is kubernetes-dashboard-token-q248x.
Note: When readers practice, the characters following kubernetes-dashboard-token-- are different from here. They are randomly generated.
Step 9: View the specific information of this kubernetes-dashboard-token-q248x.
##########实操验证##########
[root@vms10 ~]# kubectl describe secrets kubernetes-dashboard-token-4k2wm -n kubernetes-dashboard
Name: kubernetes-dashboard-token-4k2wm
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 51c5b238-4505-4ec5-b33f-dff7bb52bcec
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImxWV0t5cXN1eU5XRnNMaFhLSjA5Qnh3Z011bHE5S1lEWG9JRVQtODdxUW8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi00azJ3bSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUxYzViMjM4LTQ1MDUtNGVjNS1iMzNmLWRmZjdiYjUyYmNlYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.v5v5ffVfvVkkd15F1lBpEfF7HUfpTEuC1yXolq7GgANN829do_UfAnbXOyKotCghLmFJvVOsKR974ZVH0mEKH5KRhqTwQ1yMkqXnMlXWW2LULEoT8NZkeusPmXy5Uw8HYKQnmnN7zlguVplMb-RIsaqQPTcd7F5FpahB_0ooKHdV1FDr64NlACnV3jWLEYdgqAcNvZrAfy8feCFz1iBBWajhmpbbopCgw64Cwb9yDXnq3ZONYjVUW4EUjucBUaoh_xqiZFBJJkk2IZ6J7IG_1IJe5kJ2ChtapHNEo4KEjcaDlbV0vPIjcVqCQegnl8j2XJb_0Ttfxrp9T5S-a9AodA
ca.crt: 1066 bytes
namespace: 20 bytes
[root@vms10 ~]#
The large section of characters after the Token here is what we need.
Step 10: Copy and paste this Token into the browser and click Login, as shown in Figure 15-7.
Please practice the specific operations on the dashboard by yourself.