在前两篇的基础上,我们继续基于Kubernetes搭建dashboard及应用服务。
安装kubernetes dashboard
首先还是老套路,下载依赖镜像:
docker pull gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1
docker tag gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
docker rmi gcr.azk8s.cn/google_containers/kubernetes-dashboard-amd64:v1.10.1
- 下载kubernetes-dashboard.yaml文件:
wget [https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml](https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml)
- 修改 kubernetes-dashboard.yaml
kubernetes的service默认的网络模型是CLUSTER-IP,也就是暴露在service的网络内,这里我们改成暴露在master机器的IP上。我们在targetPort后面添加两行,分别指定dashboard以NodePort的方式暴露在哪个端口,端口记得限制只能在31000-33000之间,这里我们选择了32001端口。
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 32001
type: NodePort
- 安装kubernetes dashboard
kubectl apply -f kubernetes-dashboard.yaml
- 查看dashboard运行状态
# kubectl get deployment kubernetes-dashboard -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1/1 1 1 25h
- 查看kube-system这个namespace下的服务运行状态:
# kubectl get services -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 28h
kubernetes-dashboard NodePort 10.109.142.27 <none> 443:32001/TCP 25h
- 查看端口暴露情况
# netstat -ntlp|grep 32001
tcp6 0 0 :::32001 :::* LISTEN 3741/kube-proxy
-
通过virtualbox暴露网络
端口转发 -
访问dashboard
输入: http://127.0.0.1:32001 访问dashboard:
image.png
至此安装完成。
创建用户
## 创建用户
# kubectl create serviceaccount kaka -n kube-system
serviceaccount/kaka created
## 为用户授权cluster-admin角色
# kubectl create clusterrolebinding kaka --clusterrole=cluster-admin --serviceaccount=kube-system:kaka
clusterrolebinding.rbac.authorization.k8s.io/kaka created
## 查看访问Dashboard的令牌
# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/kaka/{print $1}')
Name: kaka-token-cfk4x
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kaka
kubernetes.io/service-account.uid: 44a30976-35b5-402c-a0dd-627432c01dc1
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJ
uZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXM
uaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrYWthLXRva2VuLWNmazR4Iiwia3ViZXJuZXR
lcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imtha2EiLCJrdWJlcm5ldGVz
LmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0NGEzMDk3Ni0zNWI1LTQwM
mMtYTBkZC02Mjc0MzJjMDFkYzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0Z
W06a2FrYSJ9.QM40KH3MsSmIZPIhdCVB744brQ-rxZoecnyG8dZ5s13WDAksf0ITrkXg-
ljHNORpszvDhJyx682i7z3ikqx2b8GKoNDHIrwuA6xVDZIJfQX3BioRoPcU_ENu-qaEQ24LlXbdy7-
hGeVpmpaBXNerjpamhgL9hMOJX2vOYSUZeW8AtR5KPIaRtThvw1ENQbI0Uj7sGJ5Wq1I7sfaKtbcEQ
LhGLToisqMGCGt8KZhnDN82f8B3DRfw3iyT5LLiQbIUH4a5lL8p5v3IK-
osIWaegnI4bqRWADrCmZglOMnjNYikL13_PGQPhFLsjQAgmoiLiZR5WFmYguoArkMjSDwb9g
将token复制粘贴到仪表板的令牌里,点击登录,进入管理页面:
dashboard主页
至此dashboard安装配置完成。
网友评论