Service Mesh服務網格技術探究---VMWare+k8s叢集+Istio系列:k8s叢集之kubernetes-dashboard安裝
阿新 • • 發佈:2021-09-17
一、安裝kubernetes-dashboard
安裝dashboard需要先下載recommended.yaml檔案,如果下載的時候報錯,請參考前文在hosts檔案裡配置github的地址。
執行以下命令下載檔案
[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml --2021-09-17 14:07:51-- https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yamlResolving raw.githubusercontent.com (raw.githubusercontent.com)... 199.232.28.133, 199.232.96.133, 185.199.108.133 Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.28.133|:443... connected. HTTP request sent, awaiting response... Read error (Success.) in headers. Retrying.--2021-09-17 14:08:33-- (try: 2) https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.28.133|:443... failed: Connection refused. Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.232.96.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 7543 (7.4K) [text/plain] Saving to: ‘recommended.yaml’ recommended.yaml 100%[============================================================================>] 7.37K --.-KB/s in 0s 2021-09-17 14:08:55 (16.6 MB/s) - ‘recommended.yaml’ saved [7543/7543]
修改recommended.yaml檔案,在spec中增加如下配置:
[root@k8s-master ~]# vim recommended.yaml --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ##################新增這個配置 ports: - port: 443 targetPort: 8443 nodePort: 30000 ################新增這個配置 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1
以上配置增加完成之後執行如下命令,建立pod,並檢視dashboard的狀態。
[root@k8s-master ~]# kubectl create -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [root@k8s-master ~]# kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.102.62.153 <none> 8000/TCP 12s kubernetes-dashboard NodePort 10.110.179.54 <none> 443:30000/TCP 12s [root@k8s-master ~]#
此時可以用瀏覽器訪問https://192.168.186.132:30000/#/login,如下圖:
二、建立登入token
這裡有Token和Kubeconfig兩種登入方式,我採用的是第一種方式,以下是生成token的步驟:
1:建立token
[root@k8s-master ~]# kubectl create sa dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
2:授權token訪問許可權
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
3:獲取token
[root@k8s-master ~]# ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}') [root@k8s-master ~]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}') [root@k8s-master ~]# echo ${DASHBOARD_LOGIN_TOKEN} eyJhbGciOiJSUzI1NiIsImirtyuioptpZCI6Ik45QXZnWVB4a011Q25I8V1dKOEdFWHM2blJJaU5sQTNRR2wyanN6WExQSzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZ2cydm4iLCJpordWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTlmZDUwNzItNTlhNi00NTcwLThkMTMtOTg0OTBhOTA4MDM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50O9iuhbmt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.42l75va-u1HYxOOey8obrxID8YdXwx3jwqrycFZUHZ8gmj0uYSHPmXHm3mt1iM15S_nZmMjaZZPbeUxmhf2D_khsG29t6_RaEad19YnWU4V5ibc9qHOCz2RtFEfh_S3rhcePJ5grP30NPZ1c6-4qKyAvgwLuwhSnphebkMLi-q5ELul4dl3t7yzyFjUphq1KZOvJQD-U3njdY8XCPwxQIKO7Ymi6m0Tm2a2dldXbaQPfCCgCdFumCJ7TfEJLFwK8CW3dAuzUQ6jKYneOgt2Jb0EaUGvFoZqcDRd96J_-K7F4rKZtmwEPsltRtz71i7_5_84b8smZnwJZj409hPDJfw [root@k8s-master ~]#
4:登入
用上一步生成的token登入dashboard
登入後的頁面如圖:
三、常用的token命令
1、檢視token
[root@k8s-master ~]# kubeadm token list TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS en5aq7.2fnljgjetdr3ou5w 20h 2021-09-18T02:57:34Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
2、建立token
[root@k8s-master ~]# kubeadm token create
3、刪除token
[root@k8s-master ~]# kubeadm token delete tokenxxxxxxxxxxxxxxxx
4、獲取node節點加入叢集的token
kubeadm token create --print-join-command
kuberneters-dashboard安裝完成,接下來開始安裝node節點及加入k8s叢集。
~~~未完待續