kubernetes dashboard 部署
一、描述
kubernetes dashboard是kubernetes管理的Web UI的工具,您可以使用仪表板将容器化的应用程序部署到Kubernetes集群,对容器化的应用程序进行故障排除以及管理集群资源。您可以使用Dashboard来概述集群上运行的应用程序,以及创建或修改单个Kubernetes资源(例如Deployments,Jobs,DaemonSets等)。例如,您可以使用部署向导来扩展部署,启动滚动更新,重新启动Pod或部署新应用程序。kubernetes dashboard还提供有关集群中Kubernetes资源状态以及可能发生的任何错误的信息。
如图:
ui-dashboard.png
二、 部署kubernetes dashboard UI
默认情况下,仪表板用户界面未部署。要部署它,请运行以下命令:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
域名:raw.githubusercontent.com,电信有可能访问不了,移动可以,可以通过手机移动(是移动卡的话)共享热点解决。
2.1、命令行代理
您可以通过运行以下命令,使用kubectl命令行工具访问kubernetes dashboard
kubectl proxy
默认会一直监听8001端口,对于我们开发来说,缺点很明只要这个进程断了,就访问不了。
[http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/).
只能从执行命令的计算机上访问UI 。请参阅kubectl proxy --help以获取更多选项。
2.2、Dashboard UI
如图:
2.3、登录令牌
现在,我们需要找到可用于登录的令牌。执行以下命令:
对于Bash:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
对于Powershell:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)
它应该打印如下内容:
Name: admin-user-token-v57nw
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 0303243c-4040-4a58-8a47-849ee9ba79c1
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ
现在复制令牌并将其粘贴到Enter token登录屏幕上的字段中。
如图:
signin.png
登录后的页面如上第一张图.
三、dashboard 开启http 免密登陆
kubernetes dashboard 官方原版默认开启的https 及认证,在个人环境或者私有环境中可以使用http及关闭认证,方便登陆。
文本介绍修改dashboard yaml 方法,在 1.9 、1.10、2.0.0-beta8验证通过。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
yaml 文件中镜像地址可以换成阿里的,下载起来更快!镜像对应如下:
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
3.1、修改deployment
需要改两处:
port 增加 9090, 原本镜像中就是有9090 非安全端口的,只是yaml文件没有暴露出来
args 下面 ‘- --auto-generate-certificates’ 注释掉, 前面添加 #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
name: https
- containerPort: 9090
protocol: TCP
name: http
args:
# - --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"beta.kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
3.2、修改service
1、增加端口,target指向9090
配置nodeport,方便通过节点ip+nodeport 访问,即输入 k8s节点ip:32000
就可以访问到dashboard
2、注意记得添加 ‘ type: NodePort’
如下:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 32001
name: https
- port: 80
targetPort: 9090
nodePort: 32000
name: http
type: NodePort
selector:
k8s-app: kubernetes-dashboard
通过yaml文件创建,文件放在本地执行更好。
kubectl create -f kubernetes-dashboard.yaml
3.2、访问测试
通过节点ip:32000 访问,现在访问不用token,或账户密码。
WX20200226-003323@2x.png
