kubernetes使用 Dashboard

企业开发 2021-01-23 00:00:29 阅读次数: 0

k8s使用 Dashboard

官方文档地址:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

安装Dashboard

root@k8s-master:~# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看namespace

root@k8s-master:~# kubectl get namespace
NAME                   STATUS   AGE
kubernetes-dashboard   Active   16m
root@k8s-master:~# kubectl get deployment --namespace=kubernetes-dashboard kubernetes-dashboard
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard        1/1     1            1           15m
root@k8s-master:~# kubectl get service --namespace=kubernetes-dashboard kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes-dashboard        ClusterIP   10.110.248.161   <none>        443/TCP    34m

外网访问权限设置

kubectl proxy --address='0.0.0.0' --port=8888 --accept-hosts='^*$'
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' //默认8001端口

浏览器访问:
http://192.168.20.223:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

添加用户和绑定角色

cat > dash-admin-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:

- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
  EOF
root@k8s-master:~# kubectl apply -f dash-admin-user.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

生成token

root@k8s-master:~# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

输入内容:
Name:         admin-user-token-42kpk
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: ba33d8bd-e949-44d5-909e-e5c02148c966

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ilk1dmVfZ3k2SjVZZlQ1b0w0aW5QMksyd3R1Rl8zWTFEaEtETC01Y1hxT3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTQya3BrIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYTMzZDhiZC1lOTQ5LTQ0ZDUtOTA5ZS1lNWMwMjE0OGM5NjYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.nSWaPC1_GNnt9yBilQfWoQnuMJPRZ6u4rWCFMLf0fOOvlEYW3vH6K9fbiqCsaJ7nMuxgs9irYc0t6UtCnYgviEvCayzTgExw7D8GurUwCXK45vjMLCT2_QhsKoDBCHaXoux-HMvNEAsirDcwnxI3xHaNoF3JEBXau-B8wTNNmGz_2Wk4xa1SgmThR3NKapJOZqQshK0QvqnRS7Brr7Qb8HJZYeOD1i6vte3wSTGNiLN9tkpvQy-JFFthxInuIXvMXx3cBZrKho6wxnvpjMX7mtP4IqBDDg5DxKx126j4L-FM9upkfOrFbaHj_6fVkLiMUWE3xdka_w9mjijod28mig

记录最后一行的token。
如果没记录下来可以通过下面的方法查

找到用户名admin-user里的Mountable secretsadmin-user-token-42kpk,继续查:
kubectl describe secrets --namespace=kubernetes-dashboard admin-user-token-42kpk 就能输出token了

浏览器输入token还是不能登录,按F12Network里的config,错误是401 Unauthorized未授权,好像dashboard 1.7之后外网访问就不行了

{status: 401, plugins: [], errors: [{,…}]}
errors: [{,…}]
0: {,…}
ErrStatus: {metadata: {}, status: "Failure", message: "MSG_LOGIN_UNAUTHORIZED_ERROR", reason: "Unauthorized",…}
code: 401
message: "MSG_LOGIN_UNAUTHORIZED_ERROR"
metadata: {}
reason: "Unauthorized"
status: "Failure"
plugins: []
status: 401

解决方案参考:
https://segmentfault.com/a/1190000023130407

通过ssh转发端口的方式

在本地电脑输入
ssh -L localhost:8001:localhost:8001 -NT root@k8s-master
输入root密码成功转发,浏览器访问
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
输入token,登录,登录成功。

猜你喜欢

转载自blog.51cto.com/xiaozhenkai/2601481
今日推荐
周排行
Leetcode简单题61~80
解决zookeeper磁盘IO高的问题
多线程相关方法详解
Maven-setting.xml文件详解
Maven 项目的 classpath 理解
渊亭科技大数据笔试题
配置JVM内存分配
计算机网络个人学习笔记 (三)网络层 :第三部分 连载
js中两个等号(==)和三个等号(===)的区别
用C程序自动打开电脑上的程序
每日归档
更多
2024-09-18(0)
2024-09-17(0)
2024-09-16(0)
2024-09-15(0)
2024-09-14(0)
2024-09-13(0)
2024-09-12(0)
2024-09-11(0)
2024-09-10(0)
2024-09-09(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022