zoukankan      html  css  js  c++  java
  • Kubernetes 部署Dashboard UI

    实践环境

    CentOS-7-x86_64-DVD-1810

    Docker 19.03.9

    Kubernetes version: v1.20.5

    发布Dashboard

    可以通过运行以下命令部署Dashboard

    kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
    

    实践如下

    # kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
    namespace/kubernetes-dashboard created
    serviceaccount/kubernetes-dashboard created
    service/kubernetes-dashboard created
    secret/kubernetes-dashboard-certs created
    secret/kubernetes-dashboard-csrf created
    secret/kubernetes-dashboard-key-holder created
    configmap/kubernetes-dashboard-settings created
    role.rbac.authorization.k8s.io/kubernetes-dashboard created
    clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
    rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
    clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
    deployment.apps/kubernetes-dashboard created
    service/dashboard-metrics-scraper created
    deployment.apps/dashboard-metrics-scraper created
    

    访问Dashboard UI

    为了保护你的集群数据,默认情况下,Dashboard 会使用最少的 RBAC 配置进行部署。 当前,Dashboard 仅支持使用 Bearer 令牌登录。

    为演示样本创建登录Token

    当前目录下新建 dashboard-adminuser.yaml(文件名称可自定义,执行命令时指定正确填写对应文件名称即可,下同不再赘述),内容如下

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: admin-user
      namespace: kubernetes-dashboard
    

    运行以下命令,根据上述配置文件创建名为admin-user,归属名称空间为kubernetes-dashboard的服务帐号

    # kubectl apply -f dashboard-adminuser.yaml
    serviceaccount/admin-user created
    

    新建 dashboard-cluster-role-binding.yaml,内容如下

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: admin-user
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: admin-user
      namespace: kubernetes-dashboard
    

    备注:多数情况下,使用kopskubeadm、或其它流行工具配置好集群后,ClusterRole cluster-admin自动创建了。如果不存在,需要先手工创建,并授予必要权限。

    运行以下命令,根据上述配置文件为服务账号创建ClusterRoleBinding

    # kubectl apply -f dashboard-cluster-role-binding.yaml
    clusterrolebinding.rbac.authorization.k8s.io/admin-user created
    

    运行以下命令获取Bear Token

    # kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
    eyJhbGciOiJSUzI1NiIsImtpZCI6ImhmajhXejRnVlFaR1huTnhESGZlQlpVQlZiQ0JqbG5UU19CS05TQktnV3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWNrdjVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzZmMxMGQ5Yi1mMmE4LTQ0YjMtYmIxNC1iNWM0ODEyMjM2NGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JXtlllOrXidMnUTOJt2Z8jkQctULLn0rlb0FwpTfjwcmZm9VknpYjUiek3C_1ddeptt6XanIwXQV58ZHNZ5qgImutZ1Tt9u5Nn25pFWNvcUsyeh_HSrebfOJUBQzj7c_3gC1VKQMSEiR8_d6b8dJBdtaYoQdhwyNciHqFkWyLkCZ5jD7DjOSQfFAQgqIf5ozLxFQiJXabCjagEnCO7nF2esGvlZLu1WiuE0TgR5cDFi2bLln7CTbSB75J96SEyrBsTG9-fp7ay5dH84do94obKo3zn-L1-GySMoj_2tPHcnCajXTpovdylot4wieHpvU26Ss1DsdkMvl8jVf9kO4pg[root@localhost ~]# 
    

    参考连接

    https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

    命令行代理

    可以使用kubectl命令行工具访问Dashboard,如下:

    # kubectl proxy
    

    上述命令执行成功后,可通过以下链接访问Dashboard,不过需要特别注意的是,该链接仅支持从运行上述命令的机器进行访问,即不可远程访问。

    http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
    

    实践时,笔者尝试增加参数运行上述命令,如下,这样虽然可以解决不能远程访问的问题,但是依旧存在问题:点击登录,不跳转。

    # kubectl proxy --address=10.118.80.93 --accept-hosts='^*$'
    

    注意:如果不加 --accept-hosts,访问上述链接时,会提示 Forbidden

    最终解决方案如下:

    1、在安装了dashboard的结点机上运行以下命令

    # kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443
    Forwarding from 0.0.0.0:443 -> 8443
    Handling connection for 443
    Handling connection for 443
    

    2、通过https://node_ip链接进行访问,其中node_ip为上述结点机的ip地址,如下

    输入上述获取的Token,点击登录,完成

    注意:Token有效时间为24小时,过期需要重新生成。

    清理

    运行以下命令,移除用于演示的管理员服务帐号和ClusterRoleBinding

    # kubectl -n kubernetes-dashboard delete serviceaccount admin-user
    # kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user
    

    参考连接

    https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/

    https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md

    https://github.com/kubernetes/dashboard/tree/master/docs

    作者:授客
    QQ:1033553122
    全国软件测试QQ交流群:7156436

    Git地址:https://gitee.com/ishouke
    友情提示:限于时间仓促,文中可能存在错误,欢迎指正、评论!
    作者五行缺钱,如果觉得文章对您有帮助,请扫描下边的二维码打赏作者,金额随意,您的支持将是我继续创作的源动力,打赏后如有任何疑问,请联系我!!!
               微信打赏                        支付宝打赏                  全国软件测试交流QQ群  
                  

  • 相关阅读:
    Windows2012修改光驱盘符
    推薦幾個海外片源站
    Learning Puppet — Variables, Conditionals, and Facts
    红灯是否可以掉头?
    Windows Server 2008
    Learning Puppet — Resource Ordering
    Learning Puppet — Manifests
    Learning Puppet — Resources and the RAL
    quotas and disk replace on netapp
    美国夏令时与冬令时的区别
  • 原文地址:https://www.cnblogs.com/shouke/p/15350598.html
Copyright © 2011-2022 走看看