本文已参与「新人创作礼」活动,一起开启掘金创作之路
一、下载并修改部署文件 dashboard.yaml
[root@master1 ~]# docker pull kubernetesui/dashboard:v2.5.1
[root@master1 ~]# docker tag kubernetesui/dashboard:v2.5.1 harbor.demo/k8s/dashboard:v2.5.1
[root@master1 ~]# docker push harbor.demo/k8s/dashboard:v2.5.1
[root@master1 ~]# mkdir -p /opt/install/dashboard
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
[root@master1 dashboard]# cp recommended.yaml dashboard.yaml
[root@master1 dashboard]# vi dashboard.yaml
[root@master1 dashboard]# diff recommended.yaml dashboard.yaml
39a40
> type: NodePort
41a43
> nodePort: 30443
190a193,194
> imagePullSecrets:
> - name: harbor-demo-secret
193c197
< image: kubernetesui/dashboard:v2.5.1
---
> image: harbor.demo/k8s/dashboard:v2.5.1
[root@master1 dashboard]#
- 国内容器镜像地址 codechina.csdn.net/mirrors/kub…
- yaml文件地址codechina.csdn.net/mirrors/kub…
- NodePort:这里通过宿主机的IP地址登录 Dashboard,端口30443
二、部署 Dashboard
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# kubectl apply -f dashboard.yaml
[root@master1 dashboard]# kubectl create secret docker-registry harbor-demo-secret \
--docker-server=https://harbor.demo --docker-username=admin \
--docker-password=Harbor12345678 --docker-email=11461337@qq.com -n kubernetes-dashboard
[root@master1 dashboard]#
三、查看Dashboard 运行状态
[root@master1 ~]# ss -lp | grep 30443
tcp LISTEN 0 4096 *:30443 *:* users:(("kube-proxy",pid=16349,fd=14))
[root@master1 ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-799d786dbf-lpq89 1/1 Running 0 59m
pod/kubernetes-dashboard-77ff5df894-jxvfv 1/1 Running 0 52m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.1.118.31 <none> 8000/TCP 59m
service/kubernetes-dashboard NodePort 10.1.177.39 <none> 443:30443/TCP 59m
[root@master1 ~]# kubectl -n kubernetes-dashboard get sa
NAME SECRETS AGE
default 1 59m
kubernetes-dashboard 1 59m
[root@master1 ~]# kubectl -n kubernetes-dashboard get secrets
NAME TYPE DATA AGE
default-token-trn9k kubernetes.io/service-account-token 3 59m
harbor-demo-secret kubernetes.io/dockerconfigjson 1 59m
kubernetes-dashboard-certs Opaque 0 59m
kubernetes-dashboard-csrf Opaque 1 59m
kubernetes-dashboard-key-holder Opaque 2 59m
kubernetes-dashboard-token-2l4t4 kubernetes.io/service-account-token 3 59m
[root@master1 ~]#
四、登录 Dashboard
1、登录地址 https://172.16.100.151:30443 IP可以是任意一个宿主机的IP地址
2、获取Token
[root@master1 ~]# kubectl create sa dashboard-admin -n kube-system
[root@master1 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
[root@master1 ~]# ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
[root@master1 ~]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}')
[root@master1 ~]# echo ${DASHBOARD_LOGIN_TOKEN}
eyJhbGciOiJSUzI1NiIsImtpZCI6Ijh6RmZ0ZGM2aEktVVpBbmJzS0ZoelJmOE50aEVxY0tjaW5NNThoZnJKS2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcXRmazYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNzNhMWU4YTItMTlhMy00NTMwLTliZmYtM2YwYWY2YTg3ZmYxIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.K1hcYdUS0ChtFOWr6wr1oxzayqiMkSw4gqySDqX0LmsAhg99Cuxr3Vk2jp9AUa5vvGtw1_h8IC4lknTomg6y3Ebu4gh9C6cbn01NUIUdSwwPZdNHedHz2pn-u_7dXO5AKRp30r32rgxbHhQoeM9wpgMhAnZESlwYLJTGMJ0FjcOgOuZNNvPCQJDsWsgXMgRZQ_VwsQbxAXxkOUTOW3kSHnhyumoWVzX1jEHC-y4Kxj-mLfwEXVMZ8bBQltcjBqhoxlB2BsBXi1B1XBauo5QfJcaiiDV3qeVdQcZnxYhJoVHc36EzAbL0MkhhWChSKAdu5X2bqaL4e0Fjc0b3GUqyIg
[root@master1 ~]#
- 复制上述 token,在登录页面粘贴,点击“登录”,进入首页
3、首页
4、Pod监控页面
5、ConfigMap页面,可以切换命名空间
6、查看宿主机列表
7、查看Node1监控信息
8、每次获取Token,复制粘贴Token,登录Dashboard比较麻烦,可以创建Kubeconfig文件,用于登录
[root@master1 ~]# cd /opt/install/dashboard
[root@master1 dashboard]# kubectl config set-cluster k8s-demo \
--certificate-authority=/etc/kubernetes/cert/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=dashboard.kubeconfig
[root@master1 dashboard]# kubectl config set-credentials dashboard_user_admin \
--token=${DASHBOARD_LOGIN_TOKEN} \
--kubeconfig=dashboard.kubeconfig
[root@master1 dashboard]# kubectl config set-context default \
--cluster=k8s-demo \
--user=dashboard_user_admin \
--kubeconfig=dashboard.kubeconfig
[root@master1 dashboard]# kubectl config use-context default --kubeconfig=dashboard.kubeconfig
- 设置客户端认证参数,使用前面创建的 Token
- 把dashboard.kubeconfig文件下载到PC端,例如 sz dashboard.kubeconfig
- 如果开始不知道怎么修改 dashboard.yaml,可以在成功启动后,登录Dashboard前执行下面的命令
[root@master1 ~]# kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard \
-p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
- 也可以通过 kubectl proxy 或者 kubectl port-forward 访问,例如
[root@master1 ~]# kubectl port-forward -n kubernetes-dashboard svc/kubernetes-dashboard 4443:443 --address 0.0.0.0
Forwarding from 0.0.0.0:4443 -> 8443
Handling connection for 4443
Handling connection for 4443
... ... ... ...
- 上述命令执行后,在浏览器输入登录地址 https://172.16.100.151:4443 ,这个IP只能是执行命令的宿主机IP地址
参考
- 先用起来,通过操作实践认识kubernetes(k8s),积累多了自然就理解了
- 把理解的知识分享出来,自造福田,自得福缘
- 追求简单,容易使人理解,知识的上下文也是知识的一部分,例如版本,时间等
- 欢迎留言交流,也可以提出问题,一般在周末回复和完善文档
- Jason@vip.qq.com 2022-6-2
