[k8s]kubernetes dashboard的安裝
阿新 • • 發佈:2019-05-04
ror 方式 NPU cert au3 ubuntu detach 服務 unknown
之前一直使用的是命令行,但是又覺得如果連控制臺都還沒有動手實踐過會不會有點low
1、安裝dashboard
參閱官網的安裝方法,https://github.com/kubernetes/dashboard,安裝很簡單,如果慢可以使用其它的鏡像網站,我這裏使用的是mirrorgooglecontainers/kubernetes-dashboard-amd64,然後重新打了k8s.gcr.io/kubernetes-dashboard-amd64的tag
2、暴露服務
[email protected]:~# cat dash-board.yaml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 443
targetPort: 8443
這裏使用的是nodeport的方式,重點是spec.type裏和metadata.namespace一定要註明,暴露後即可查看相應的暴露端口,當然自己也可以指定在30000-32767之間的端口
[email protected]:~# kubectl get svc -n kube-system -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 10d k8s-app=kube-dns kubernetes-dashboard NodePort 10.108.214.161 <none> 443:31912/TCP 10d k8s-app=kubernetes-dashboard
即可在集群內任一節點使用https的訪問方式進行指定端口的訪問
這裏使用令牌的方式登錄
3、關於令牌的獲取首先需要創建一個dashboardadmin,然後使用集群層級的管理員解決將其進行綁定,這裏使用yaml的方式
[email protected]:~# cat k8s-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
4、創建後即可看到相應的密鑰
[email protected]:~# kubectl get secret -n kube-system NAME TYPE DATA AGE attachdetach-controller-token-gf5m7 kubernetes.io/service-account-token 3 10d bootstrap-signer-token-nwflq kubernetes.io/service-account-token 3 10d certificate-controller-token-4jbjc kubernetes.io/service-account-token 3 10d clusterrole-aggregation-controller-token-ck2fl kubernetes.io/service-account-token 3 10d coredns-token-676g5 kubernetes.io/service-account-token 3 10d cronjob-controller-token-q8g58 kubernetes.io/service-account-token 3 10d daemon-set-controller-token-rl5qp kubernetes.io/service-account-token 3 10d dashboard-admin-token-95mjj kubernetes.io/service-account-token 3 26s 《---- 這裏
5、將裏面的token復制貼到網頁上即可
[email protected]:~# kubectl descrebe secret dashboard-admin-token-95mjj -n kube-system
Error: unknown command "descrebe" for "kubectl"
Did you mean this?
describe
Run ‘kubectl --help‘ for usage.
unknown command "descrebe" for "kubectl"
Did you mean this?
describe
[email protected]:~# kubectl describe secret dashboard-admin-token-95mjj -n kube-system
Name: dashboard-admin-token-95mjj
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 178237ba-6db5-11e9-b6ab-000c299c4717
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOTVtamoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTc4MjM3YmEtNmRiNS0xMWU5LWI2YWItMDAwYzI5OWM0NzE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Tv9_dOSeFfEo4TeNsu0j1-kEbjo6aU3EXj2IID5-gOyRrdypxsjpM8GSgHrod2Nm9JD75hRaZnS39xhIqzOE8NNpumhZuP6TZ-1l3Op3Me96VWVFus2Qi6GzHN28MKHhhRs1VgY9ALBNoAjRLxSvGSoOSbdB8x66z81ErreN02eYQumy-l-KX-eYDEmz3ggGPYqAE3KA0WdB8JaSy7WRuVAtNy3SJtYRbfilVQ-Jn33cnGpv3gkp4YqhpjzvUwzo2DpW-kKQuUL_Y6oZee_bn3Rj4Nv64FMVHDbBnobH3yKaHSRei5SRHZ2LxPlt8HNhSi473gofgeO2SdxEH-KPNg
6、將token這一段復制進網頁完成登錄
[k8s]kubernetes dashboard的安裝