2020-06-27 k8s Dashboard

一、windows系统使用kubectl

1、windows安装Chocolatey

参考文章Installing Chocolatey
管理员运行 powershell

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

image.png

2、安装kubectl

参考文章Kubernetes Command Line Interface (CLI)
1.18.2

choco install kubernetes-cli

image.png

3、config文件

注意到在之前安装k8s有如下步骤

image.png
所以我们把这个admin.conf文件下载到本地，
拷贝到C:\Users\your user name\.kube\ 目录下

3、验证

• kubectl config get-contexts
  image.png
• kubectl get nodes
  image.png
  猜测是因为虚拟机的时间跟本地不同
  image.png
• 修复

timedatectl set-local-rtc 1
timedatectl set-timezone Asia/Shanghai
yum -y install ntp
#通过阿里云时间服务器校准时间
ntpdate ntp1.aliyun.com
#时间信息写入硬件
hwclock -w

image.png

• 重试

  
  image.png

二、安装Dashboard

0、参考文章

• kubernetes.io 网页界面 (Dashboard)
• https://github.com/kubernetes/dashboard
• Creating sample user
• Kubernetes Dashboard 安装与使用
• How To Install Kubernetes Dashboard with NodePort
• Kubernetes的三种外部访问方式：NodePort、LoadBalancer 和 Ingress
• 浅析从外部访问 Kubernetes 集群中应用的几种方式

1、安装

• 下载文件到本地

https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

• 安装

kubectl apply -f .\kubernetes-dashboard.yaml

image.png

• 查看运行情况

kubectl get pods -n kubernetes-dashboard

image.png

• 启用代理

kubectl proxy

image.png

• 本地主机访问
  http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
  可以看到登录界面
  image.png

2、授权

• 新建文件 auth.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

• kubectl 应用文件

kubectl apply -f .\auth.yaml

image.png

kubectl get deployment -n kubernetes-dashboard 

image.png

• 获取token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)

image.png

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

• 复制token串，粘贴到登录界面即可

3.1、改为NodePort

image.png

kubectl edit service kubernetes-dashboard -n kubernetes-dashboard

将上图的值改为NodePort，保存

image.png

kubectl get svc --all-namespaces

image.png

3.2、改为NodePort -- 另一种方式

• 回滚之前的操作

kubectl delete -f .\auth.yaml
kubectl delete -f .\kubernetes-dashboard.yaml 

• 修改kubernetes-dashboard.yaml
Service下添加type: NodePort
  image.png
• 部署

kubectl apply -f .\kubernetes-dashboard.yaml
kubectl get deployments -n kubernetes-dashboard
kubectl get pods -n kubernetes-dashboard
kubectl get service -n kubernetes-dashboard

image.png

kubectl apply -f .\auth.yaml

image.png

• 访问
  使用任意一个node节点【centos-master或centos-node】的ip+port即可访问

kubectl get svc -n kubernetes-dashboard

image.png
https://192.168.32.129:30667
https://192.168.32.131:30667

经测试，谷歌浏览器无法访问，edge可以
复制token，登录

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)

image.png