• [k8s]kubernetes dashboard的安装


    之前一直使用的是命令行,但是又觉得如果连控制台都还没有动手实践过会不会有点low

    1、安装dashboard

      参阅官网的安装方法,https://github.com/kubernetes/dashboard,安装很简单,如果慢可以使用其它的镜像网站,我这里使用的是mirrorgooglecontainers/kubernetes-dashboard-amd64,然后重新打了k8s.gcr.io/kubernetes-dashboard-amd64的tag

    2、暴露服务

      

    root@ubuntu-kubeadm-master:~# cat dash-board.yaml 
    apiVersion: v1
    kind: Service
    metadata:
      name: kubernetes-dashboard
      namespace: kube-system
    spec:
      type: NodePort
      selector:
        k8s-app: kubernetes-dashboard
      ports:
      - port: 443
        targetPort: 8443
    

     这里使用的是nodeport的方式,重点是spec.type里和metadata.namespace一定要注明,暴露后即可查看相应的暴露端口,当然自己也可以指定在30000-32767之间的端口

    root@ubuntu-kubeadm-master:~# kubectl get svc -n kube-system -o wide
    NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE   SELECTOR
    kube-dns               ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   10d   k8s-app=kube-dns
    kubernetes-dashboard   NodePort    10.108.214.161   <none>        443:31912/TCP            10d   k8s-app=kubernetes-dashboard
    

      即可在集群内任一节点使用https的访问方式进行指定端口的访问

    这里使用令牌的方式登录

    3、关于令牌的获取首先需要创建一个dashboardadmin,然后使用集群层级的管理员解决将其进行绑定,这里使用yaml的方式

    root@ubuntu-kubeadm-master:~# cat k8s-admin.yaml 
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: dashboard-admin
      namespace: kube-system
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: dashboard-admin
    subjects:
      - kind: ServiceAccount
        name: dashboard-admin
        namespace: kube-system
    roleRef:
      kind: ClusterRole
      name: cluster-admin
      apiGroup: rbac.authorization.k8s.io
    

      4、创建后即可看到相应的密钥

    root@ubuntu-kubeadm-master:~# kubectl get secret -n kube-system
    NAME                                             TYPE                                  DATA   AGE
    attachdetach-controller-token-gf5m7              kubernetes.io/service-account-token   3      10d
    bootstrap-signer-token-nwflq                     kubernetes.io/service-account-token   3      10d
    certificate-controller-token-4jbjc               kubernetes.io/service-account-token   3      10d
    clusterrole-aggregation-controller-token-ck2fl   kubernetes.io/service-account-token   3      10d
    coredns-token-676g5                              kubernetes.io/service-account-token   3      10d
    cronjob-controller-token-q8g58                   kubernetes.io/service-account-token   3      10d
    daemon-set-controller-token-rl5qp                kubernetes.io/service-account-token   3      10d
    dashboard-admin-token-95mjj                      kubernetes.io/service-account-token   3      26s   《---- 这里
    

      5、将里面的token复制贴到网页上即可

    root@ubuntu-kubeadm-master:~# kubectl describe secret dashboard-admin-token-95mjj -n kube-system 
    Name:         dashboard-admin-token-95mjj
    Namespace:    kube-system
    Labels:       <none>
    Annotations:  kubernetes.io/service-account.name: dashboard-admin
                  kubernetes.io/service-account.uid: 178237ba-6db5-11e9-b6ab-000c299c4717
    
    Type:  kubernetes.io/service-account-token
    
    Data
    ====
    ca.crt:     1025 bytes
    namespace:  11 bytes
    token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOTVtamoiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMTc4MjM3YmEtNmRiNS0xMWU5LWI2YWItMDAwYzI5OWM0NzE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.Tv9_dOSeFfEo4TeNsu0j1-kEbjo6aU3EXj2IID5-gOyRrdypxsjpM8GSgHrod2Nm9JD75hRaZnS39xhIqzOE8NNpumhZuP6TZ-1l3Op3Me96VWVFus2Qi6GzHN28MKHhhRs1VgY9ALBNoAjRLxSvGSoOSbdB8x66z81ErreN02eYQumy-l-KX-eYDEmz3ggGPYqAE3KA0WdB8JaSy7WRuVAtNy3SJtYRbfilVQ-Jn33cnGpv3gkp4YqhpjzvUwzo2DpW-kKQuUL_Y6oZee_bn3Rj4Nv64FMVHDbBnobH3yKaHSRei5SRHZ2LxPlt8HNhSi473gofgeO2SdxEH-KPNg
    

      6、将token这一段复制进网页完成登录 

  • 相关阅读:
    弃用!Github 上用了 Git.io 缩址服务的都注意了
    创建一个unicloud项目步骤
    win10 文件夹右键卡死解决办法
    微信公众号微信CRM和公众号管理软件 侯斯特
    openlayer,地图底图白色 修改为深色显示
    WPF 通用权限开发框架 (ABP)
    chromuim内核video audio标签自动播放
    字符串,16进制互转
    虚拟机VMware16+Ubuntu20.04配置LOAMLIVOX
    curl centos 使用详解
  • 原文地址:https://www.cnblogs.com/baylorqu/p/10807087.html
Copyright © 2020-2023  润新知