CKA exam preparation experiment | Install dashboard

Enterprise 2023-09-29 19:09:08 views: null

Book source: "CKA/CKAD Examination Guide: Complete Strategy from Docker to Kubernetes"

While studying, I organize the teacher's course content and test notes and share them with everyone. Infringement will be deleted. Thank you for your support!

Attached is a summary post: CKA exam preparation experiment | Summary-CSDN Blog

All the previous operations are performed on the command line. In fact, there are many web interface tools to help us manage kubernetes, such as KubeSphere, rancher, etc. This section mainly talks about how to install the dashboard that comes with kubernetes.

Step 1: Download and install the yaml files required by the dashboard.

Download dashboard-recommended.yaml (the download address is https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml ). After downloading, you can name it dashboard-recommended.yaml, or (no duplicate names) is uploaded to the master (vms10).

Step 2: View the image used by this file.

##########实操验证##########
[root@vms10 ~]# grep image dashboard-recommended.yaml
          image: kubernetesui/dashboard:v2.0.0
          imagePullPolicy: Always
          image: kubernetesui/metrics-scraper:v1.0.4
[root@vms10 ~]#

Download these two images on all nodes and change the image download policy to IfNotPresent.

Step 3: Apply dashboard-recommended.yaml.

##########实操验证##########
[root@vms10 ~]# kubectl apply -f dashboard-recommended.yaml 
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@vms10 ~]#

This file will create a namespace kubernetes-dashboard.

Step 4: View svc in the kubernetes-dashboard namespace.

##########实操验证##########
[root@vms10 ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.105.105.203   <none>        8000/TCP   16s
kubernetes-dashboard        ClusterIP   10.105.122.44    <none>        443/TCP    16s
[root@vms10 ~]#

Step 5: Use the kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard command to change the type of kubernetes-dashboard to NodePort.

##########实操验证##########
[root@vms10 ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.105.105.203   <none>        8000/TCP        54s
kubernetes-dashboard        NodePort    10.105.122.44    <none>        443:31527/TCP   54s
[root@vms10 ~]#

Step 6: Access the dashboard through port 31112 of the physical machine and enter https://192.168.26.10:31112/ in the address bar. Click the "Advanced" button, as shown in Figure 15-4.

Click the "Accept the risk and continue" button, as shown in Figure 15-5.

Here you can use kubeconfig to log in, or you can use Token to log in. Use Token to log in here, as shown in Figure 15-6. So how many tokens are there?

Step 7: Determine which sa the dashboard pod is running as.

Check the file dashboard-recommended.yaml. All resources (roles, deployment, etc.) defined in it are run in the namespace kubernetes-dashboard. Find the serviceAccountName field in the section that defines deployment. You can confirm that the dashboard process is running as the kubernetes-dashboard sa in the namespace kubernetes-dashboard.

Grant relevant permissions to this sa:

##########实操验证##########
[root@vms10 ~]# kubectl create clusterrolebinding dashsa --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashsa created
[root@vms10 ~]#

Here, the cluster role cluster-admin is authorized directly to it.

Step 8: View the secret in the kubernetes-dashboard namespace.

##########实操验证##########
[root@vms10 ~]# kubectl get secret -n kubernetes-dashboard
NAME                               TYPE                                  DATA   AGE
default-token-8jwsj                kubernetes.io/service-account-token   3      5m24s
kubernetes-dashboard-certs         Opaque                                0      5m24s
kubernetes-dashboard-csrf          Opaque                                1      5m24s
kubernetes-dashboard-key-holder    Opaque                                2      5m24s
kubernetes-dashboard-token-4k2wm   kubernetes.io/service-account-token   3      5m24s
[root@vms10 ~]#

Here you can see that the secret corresponding to this sa is kubernetes-dashboard-token-q248x.

Note: When readers practice, the characters following kubernetes-dashboard-token-- are different from here. They are randomly generated.

Step 9: View the specific information of this kubernetes-dashboard-token-q248x.

##########实操验证##########
[root@vms10 ~]# kubectl describe secrets kubernetes-dashboard-token-4k2wm -n kubernetes-dashboard 
Name:         kubernetes-dashboard-token-4k2wm
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 51c5b238-4505-4ec5-b33f-dff7bb52bcec

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImxWV0t5cXN1eU5XRnNMaFhLSjA5Qnh3Z011bHE5S1lEWG9JRVQtODdxUW8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi00azJ3bSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUxYzViMjM4LTQ1MDUtNGVjNS1iMzNmLWRmZjdiYjUyYmNlYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.v5v5ffVfvVkkd15F1lBpEfF7HUfpTEuC1yXolq7GgANN829do_UfAnbXOyKotCghLmFJvVOsKR974ZVH0mEKH5KRhqTwQ1yMkqXnMlXWW2LULEoT8NZkeusPmXy5Uw8HYKQnmnN7zlguVplMb-RIsaqQPTcd7F5FpahB_0ooKHdV1FDr64NlACnV3jWLEYdgqAcNvZrAfy8feCFz1iBBWajhmpbbopCgw64Cwb9yDXnq3ZONYjVUW4EUjucBUaoh_xqiZFBJJkk2IZ6J7IG_1IJe5kJ2ChtapHNEo4KEjcaDlbV0vPIjcVqCQegnl8j2XJb_0Ttfxrp9T5S-a9AodA
ca.crt:     1066 bytes
namespace:  20 bytes
[root@vms10 ~]#

The large section of characters after the Token here is what we need.

Step 10: Copy and paste this Token into the browser and click Login, as shown in Figure 15-7.

Please practice the specific operations on the dashboard by yourself.

Guess you like

Origin blog.csdn.net/guolianggsta/article/details/133358094
Recommended
Ranking
APPIUM operation package, based on java-client-7.0.0
Find the answer
A Case Study of Internal Network Security Analysis of a Hospital
java-springboot简单易学的员工管理系统
php20 invoicing
hyperledger fabric information
Fourth day of June 2019 No. 20 (do do things according to plan)
Linux desktop share breaks through 3%
Pinpointing the nuances JSON format beautify
System modeling software SpecialModeler
Daily
More
2024-07-05(0)
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)

Code World

© 2018 codetd.com