简介
Kubernetes 仪表板(Dashboard)是基于网页的 Kubernetes 用户界面。 你可以使用仪表板:
- 展示了 Kubernetes 集群中的资源状态信息和所有报错信息。
- 把容器应用部署到 Kubernetes 集群中。
- 对容器应用排错。
- 管理集群资源。
- 获取运行在集群中的应用的概览信息。
- 创建或者修改 Kubernetes 资源 (比如:Deployment,Job,DaemonSet 等等)。
安装
根据 Kubernetes 版本选择 Kubernetes 仪表板的版本号,具体如下表:
| Kubernetes 版本 | Kubernetes 仪表板版本 |
|---|---|
| 1.17 | 2.0.0-rc7 |
| 1.18 | 2.0.3 |
| 1.19 | 2.0.5 |
| 1.20 | 2.3.1 |
| 1.21 | 2.4.0 |
| 1.23 | 2.5.1 |
| 1.24 | 2.6.0 |
执行如下命令安装 Kubernetes 仪表板 2.6.0:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
输出如下:
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
执行如下命令查看Pod是否已启动:
kubectl get pod -n kubernetes-dashboard
当我们看到状态都为 Running 时,就说明已经启动成功了,如下所示:
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-8c47d4b5d-l9wrz 1/1 Running 0 2m46s
kubernetes-dashboard-5676d8b865-p9qkp 1/1 Running 0 2m46s
访问
执行 kubectl proxy 命令后,就可以访问了,访问路径:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
我们可以看到Kubernetes 仪表板的登录界面,如下图:
创建用户
我们要创建一个名为 one-more-admin 的 ServiceAccount ,用来登录 Kubernetes 仪表板。然后再为这个 ServiceAccount 创建一个 Secret ,最后创建一个 ClusterRolebinding,将其绑定到 Kubernetes 集群中默认初始化的 cluster-admin 这个 ClusterRole 上面。
把以下内容保存为one-more-admin.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: one-more-admin
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: one-more-admin
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: one-more-admin
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: one-more-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: one-more-admin
namespace: kubernetes-dashboard
然后,执行以下命令创建:
kubectl apply -f one-more-admin.yaml
输出如下:
serviceaccount/one-more-admin created
secret/one-more-admin created
clusterrolebinding.rbac.authorization.k8s.io/one-more-admin created
然后,执行以下命令获取到 Token :
kubectl -n kubernetes-dashboard describe secret one-more-admin
输出如下:
Name: one-more-admin
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: one-more-admin
kubernetes.io/service-account.uid: 7ce2bedd-b32f-4ec9-8e42-feb1a09b27e5
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkJnMDBqZFA1eE5DNV9GVXZWQm9Ramp3ZG5wVGFaUXEzRUd1UlU4QTFTbDQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJvbmUtbW9yZS1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJvbmUtbW9yZS1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjdjZTJiZWRkLWIzMmYtNGVjOS04ZTQyLWZlYjFhMDliMjdlNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpvbmUtbW9yZS1hZG1pbiJ9.GAXznIvsWtNJR5EAXMQ2iCa5P3ERg4vZmMYi5E3EDZvaFLD2yltjCv5Ib9sEeMEZ1n9Us6ij6RJNYggl-DhiZL4v8PwDq7LVEBjgbctDn1tOk0mEyWtK3I7vDsvpmc6IXpwIkCUhK427aBBDtz1IjBLIhR070nHmT-SeIoyPKuHle7vOPxSl1gsqnhpWFvhRxvhn65uUqIpz6F2yzqRs1afbmbuyocXt-FRTnHzgf4PZkkB_OU0vC3EUnyjLb_qE8hdWMyluAwFzXoOBkQFektOfHd5ypzfSf2jncrSjWOw_0TJtHsv3OLG9qEzcJm4IiRqW_XUDF3n9DXwnX6zdgQ
把其中的 token 输入到 Kubernetes 仪表板登录即可,如下图:
网友评论