前提
- 已安装K8S环境
安装kubernetes-dashboard流程
下载文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
修改配置文件
配置文件修改前后对比
1.由于本地无法连接到国外镜像站点
imagePullPolicy: IfNotPresent
2.会自动安装kubernetes-dashboard到随机节点,所以我们需要指定节点
nodeSelector:
type: master
3.安装完成后,需要外网访问,所以需要暴露端口
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
[root@k8smaster dashboard]# kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.111.89.26 <none> 443:30001/TCP 36m
查看端口,地址
启动配置
# 移除
kubectl delete -f kubernetes-dashboard.yaml
# 添加
kubectl create -f kubernetes-dashboard.yaml
浏览器查看
chrome 浏览器无法打开、firefox可以
现象
由于默认用户会出现权限不足的问题,不采用默认用户
- 默认用户现象
[root@k8smaster dashboard]# kubectl get secret
NAME TYPE DATA AGE
default-token-pgq9d kubernetes.io/service-account-token 3 5d
[root@k8smaster dashboard]# kubectl describe secrets/default-token-pgq9d
# 得到token,网页登录
-
出现问题
出现问题
- 创建用户
vim create-admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
kubectl create -f binding-admin-user.yml
- 绑定用户
vim binding-admin-user.yml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl create -f binding-admin-user.yml
- 获取token
[root@k8smaster dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-hqdbm
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: d18cfc30-0fd2-4144-8693-f05cc43aad15
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Im16dlV5UE1DYXBlTXB1QTZBQ1I1emlEbVhMb3B5bDNJWHZDdDVwZFlUSFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWhxZGJtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkMThjZmMzMC0wZmQyLTQxNDQtODY5My1mMDVjYzQzYWFkMTUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.GauI0wcqns6im2-_c4krFdMZF3HjUVQGFITKcO63oOygPWe9UZyVmItG2oMHKsHNNnLPfFeLrBuKW9xf3IMYzI9STQug-RSyTue0agQAFAu3B_KZ0y4CdiMR5sPu-q8qzv64AePgvNtCU8s5vKUbPeeViGTNCukNe4rEKQx3V90d3NG2o5hbClQmfJc0ve64o0Nj2NN3pu113YrJ62tQq-XueqNSanCyGnNLFVbqqoqL4gT5qBEFyPsn8xq2RkwkFfkLJUR59a5dZTZyEwK_3QClYzqhBaUvBMYcVbpidfbfN2ydrnDKgzK2Y1MEjMQswaT6zOn1i-0FX99ZAZC9qw
[root@k8smaster dashboard]# vim create-admin-user.yml
[root@k8smaster dashboard]# vim binding-admin-user.yml
-
过程截图
过程截图
输入token
输入token
熟悉命令
- 查看运行在哪一个节点上
# 查看运行在哪一个节点上
kubectl --namespace=kube-system describe pod NAME
用上面命令查出部署在node1节点,node1节点没有本地镜像导致没有安装成功
- 查看kubernetes-dashboard内网地址、端口
[root@k8smaster dashboard]# kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.111.89.26 <none> 443:30001/TCP 45m
- 运行情况
[root@k8smaster dashboard]# kubectl --namespace=kube-system get deployment kubernetes-dashboard
NAME READY UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1/1 1 1 45m
- 查看所有
[root@k8smaster dashboard]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-58cc8c89f4-48ddc 1/1 Running 0 4d23h
kube-system coredns-58cc8c89f4-kqg2z 1/1 Running 0 4d23h
kube-system etcd-k8smaster 1/1 Running 0 4d23h
kube-system kube-apiserver-k8smaster 1/1 Running 0 4d23h
kube-system kube-controller-manager-k8smaster 1/1 Running 0 4d23h
kube-system kube-flannel-ds-amd64-57mf5 1/1 Running 0 4d22h
kube-system kube-flannel-ds-amd64-kjhmx 1/1 Running 0 4d22h
kube-system kube-flannel-ds-amd64-sqkb4 1/1 Running 0 4d22h
kube-system kube-proxy-868zg 1/1 Running 0 4d22h
kube-system kube-proxy-gtl7v 1/1 Running 0 4d22h
kube-system kube-proxy-m6n8t 1/1 Running 0 4d23h
kube-system kube-scheduler-k8smaster 1/1 Running 0 4d23h
kube-system kubernetes-dashboard-5445c79c54-c8tck 1/1 Running 0 46m
- 获取登录token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk ‘{print $1}‘)
遇到问题
使用google无法打开,使用firefox可以
-
现象
image.png
无法启动
-
现象
image.png
-
解决办法
- 分析由于无法下载到kubernetes-dashboard镜像所以kubernetes-dashboard出现状态为CrashLoopBackOff
- 方法一: 通过代理解决
- 方法二:通过国内镜像源解决
- 方法三:下载到本地解决
- 方法四:下载到本地k8smaster节点后,其他节点k8snode1以及其他节点上并未下载,所以可以在所有节点上都下载,或者指定master节点部署。
- 分析由于无法下载到kubernetes-dashboard镜像所以kubernetes-dashboard出现状态为CrashLoopBackOff
-
下文采用方法四
- 修改配置kubernetes-dashboard.yaml
# 修改配置kubernetes-dashboard.yaml
# 修改指定master节点部署
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
# 绑定master节点
nodeSelector:
type: master
containers:
- name: kubernetes-dashboard
image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1
# 使用本地镜像
imagePullPolicy: IfNotPresent
修改位置
- 重新安装
kubectl delete -f kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard.yaml
完整配置文件
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Role & Role Binding ------------------- #
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
rules:
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubernetes-dashboard-minimal
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
nodeSelector:
type: master
containers:
- name: kubernetes-dashboard
image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1
imagePullPolicy: IfNotPresent
#image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
网友评论