kubernetes dashbord提供了一个WEB UI界面用来查看和管理kubernetes,一般来说一个可视化的界面会让人感到精神振奋,所以我们就先来安装这个dashbord。
一、dashbord部署
在kubernetes官方文档介绍dashbord的地址是:
https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
先根据官方文档提供的dashbord的yaml文件进行部署
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
查看一下生成的pod
kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-856586f554-hzpgx 1/1 Running 0 15m kubernetes-dashboard-78c79f97b4-4hgdb 1/1 Running 0 15m
二、本地访问
安装官方的文档,还行下面命令会启动kubernetes的apiServer服务,就可以打开dashbord
kubectl proxy
本机执行下面命令可以查看返回的HTML
curl http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
这个个命令还有更多的参数,如下
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' --port=8001
这个命令的问题是,只能在本机(master)访问,在其他机器上访问这个地址除了要求https,还要求授权,不能正常访问,下面介绍另外一种方法
三、其他机器访问dashbord
这种方式根据dashbord生成service,来进行访问,先查看svc的状态
kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.102.172.241 <none> 8000/TCP 66s kubernetes-dashboard ClusterIP 10.111.248.226 <none> 443/TCP 66s
生成NodePort
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard
再查看svn状态
kubectl get svc -n kubernetes-dashboard -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR dashboard-metrics-scraper ClusterIP 10.102.172.241 <none> 8000/TCP 93s k8s-app=dashboard-metrics-scraper kubernetes-dashboard NodePort 10.111.248.226 <none> 443:32368/TCP 93s k8s-app=kubernetes-dashboard
注意生成的端口32368,一会在浏览器中要用
四、其他机器浏览器中打开dashbord
在你的工作机器上,不是master上打开浏览器,输入地址:https://kbsm:32368/,(其中kbsm是master的hostname)登录的界面就出来了
这个界面需要登录,两种授权方式,我们用默认的token,这个token要到master机器上去生成
kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token Name: namespace-controller-token-zcskl Type: kubernetes.io/service-account-token token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkxnZ3V6VUhONGYwUy1vc2hVWXdvTklGQzBYRkRPMHFKTFJlWEltTzhWQkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi16Y3NrbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImQ4MjYzMTVlLWE1OWYtNGZlMS1hYjBhLWI5YWViMjVmYThhNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.YMssxWqdudu9HL65bNKE2LKnBLtG0pPSk3hJfzi3HKxtXdiXbe4GCO9WQTA0US0tu2t-9VTlycf8IGFKgG4NoR449uq_sHTjrHsG2pJcR3Yb71pKh-hzxwWPEVzQ2Nkb8pRgUxBK7uH2skHazLrLlQtZtl07acLm21jFP5dUplpUxD0vJn0DhGsjljMmaTHjsNCy-TXygclzNgSLWD4RTlq5ulzVzw_6yHTZ4ammakowVogZjNXGZUkjkv80c9O9RmDP9NoEZu5jocwDdhKKAsz0d3chNx8vwLsE2GPZ6ylvcV5W31jRHe4bg9-MsuHBKmpIsq-Ih6CnLK5dGiZQfw
把上面生成的token输入进去,然后点"登录"
有时候dashbord会提示匿名用户权限问题,导致pod等数据看不到
configmaps is forbidden: User “system:anonymous” cannot list resource “configmaps” in API group “” in the namespace “default” |
执行下面的命令可以解决
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous
至此,dashbord部署完成!
参考资料