Kubernetes 部署Dashboard UI
2021-09-28 23:04
519 查看
实践环境
CentOS-7-x86_64-DVD-1810
Docker 19.03.9
Kubernetes version: v1.20.5
发布Dashboard
可以通过运行以下命令部署
Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
实践如下
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yamlnamespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
访问Dashboard UI
为了保护你的集群数据,默认情况下,Dashboard 会使用最少的 RBAC 配置进行部署。 当前,Dashboard 仅支持使用 Bearer 令牌登录。
为演示样本创建登录Token
当前目录下新建
dashboard-adminuser.yaml(文件名称可自定义,执行命令时指定正确填写对应文件名称即可,下同不再赘述),内容如下
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard
运行以下命令,根据上述配置文件创建名为
admin-user,归属名称空间为
kubernetes-dashboard的服务帐号
# kubectl apply -f dashboard-adminuser.yaml serviceaccount/admin-user created
新建
dashboard-cluster-role-binding.yaml,内容如下
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
备注:多数情况下,使用
kops、
kubeadm、或其它流行工具配置好集群后,
ClusterRole
cluster-admin自动创建了。如果不存在,需要先手工创建,并授予必要权限。
运行以下命令,根据上述配置文件为服务账号创建
ClusterRoleBinding。
# kubectl apply -f dashboard-cluster-role-binding.yaml clusterrolebinding.rbac.authorization.k8s.io/admin-user created
运行以下命令获取
Bear Token
# kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" eyJhbGciOiJSUzI1NiIsImtpZCI6ImhmajhXejRnVlFaR1huTnhESGZlQlpVQlZiQ0JqbG5UU19CS05TQktnV3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWNrdjVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzZmMxMGQ5Yi1mMmE4LTQ0YjMtYmIxNC1iNWM0ODEyMjM2NGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JXtlllOrXidMnUTOJt2Z8jkQctULLn0rlb0FwpTfjwcmZm9VknpYjUiek3C_1ddeptt6XanIwXQV58ZHNZ5qgImutZ1Tt9u5Nn25pFWNvcUsyeh_HSrebfOJUBQzj7c_3gC1VKQMSEiR8_d6b8dJBdtaYoQdhwyNciHqFkWyLkCZ5jD7DjOSQfFAQgqIf5ozLxFQiJXabCjagEnCO7nF2esGvlZLu1WiuE0TgR5cDFi2bLln7CTbSB75J96SEyrBsTG9-fp7ay5dH84do94obKo3zn-L1-GySMoj_2tPHcnCajXTpovdylot4wieHpvU26Ss1DsdkMvl8jVf9kO4pg[root@localhost ~]#
参考连接
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
命令行代理
可以使用
kubectl命令行工具访问
Dashboard,如下:
# kubectl proxy
上述命令执行成功后,可通过以下链接访问
Dashboard,不过需要特别注意的是,该链接仅支持从运行上述命令的机器进行访问,即不可远程访问。
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
实践时,笔者尝试增加参数运行上述命令,如下,这样虽然可以解决不能远程访问的问题,但是依旧存在问题:点击登录,不跳转。
# kubectl proxy --address=10.118.80.93 --accept-hosts='^*$'
注意:如果不加
--accept-hosts,访问上述链接时,会提示
Forbidden
最终解决方案如下:
1、在安装了
dashboard的结点机上运行以下命令
# kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443 Forwarding from 0.0.0.0:443 -> 8443 Handling connection for 443 Handling connection for 443
2、通过
https://node_ip链接进行访问,其中
node_ip为上述结点机的
ip地址,如下
输入上述获取的Token,点击登录,完成
注意:
Token有效时间为24小时,过期需要重新生成。
清理
运行以下命令,移除用于演示的管理员服务帐号和
ClusterRoleBinding
# kubectl -n kubernetes-dashboard delete serviceaccount admin-user # kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user
参考连接
https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md
相关文章推荐
- kubernetes中部署dashboard UI
- Kubernetes部署Dashboard
- 基于kubernetes集群部署DashBoard
- 记录在GCP上创建Clusters Kubernetes并部署本地kubernetes-dashboard(踩了一个坑)
- kubernetes集群中部署kube-ui
- 019.Kubernetes二进制部署插件dashboard
- kubernetes1.5.2--部署dashboard服务
- kubernetes-dashboard部署
- 终于不用敲命令了——Kubernetes之Dashboard部署与使用详解
- Kubernetes 部署Dashboard
- <转>kubernetes集群中部署kube-ui
- Kubernetes--学习笔记-5-Kubernetes Web UI部署 error getsockopt:no route to host
- k8s集群之kubernetes-dashboard和kube-dns组件部署安装
- Kubernetes集群中部署dashboard
- Kubernetes kube-ui 安装部署
- 使用离线包部署kubernetes 1.9.0、kubernetes-dashboard 1.8
- [置顶] kubernetes1.5.2--部署dashboard服务
- Kubernetes 1.7.5部署以及kubernates-dashboard 1.7安装
- Kubernetes1.91(K8s)安装部署过程(八)-- kubernetes-dashboard安装
- CentOS 7 Kubernetes应用部署指南 Kubeapps+Dashboard+Helm