Dashbord
官方地址:
https://github.com/kubernetes/dashboard
安装Dashboard:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
$ kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-76679bc5b9-wvq6q 1/1 Running 0 164m
kubernetes-dashboard-65bb64d6cb-kjn9g 1/1 Running 2 164m
$ kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.99.122.6 <none> 8000/TCP 165m
kubernetes-dashboard ClusterIP 10.98.32.114 <none> 443/TCP 165m
$ kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard
$ kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.99.122.6 <none> 8000/TCP 165m
kubernetes-dashboard NodePort 10.98.32.114 <none> 443:32435/TCP 165m
访问Dashboard:
# 集群中任意一台服务器地址+端口号
https://192.168.222.100:32435
登录方式:
- Token认证方式登录
- Kubeconfig认证方式登录
Token认证方式登录:
- 创建ServiceAccount,根据其管理目标,使用rolebinding或clusterrolebinding绑定至合理role或clusterrole;
- 获取到此ServiceAccount的secret,查看secret的详细信息,其中就有token;
- 生成kubeconfig文件
-
- kubectl config set-cluster --kubeconfig=/PATH/TO/SOMEFILE
- kubectl config set-credentials NAME --token=$KUBE_TOKEN --kubeconfig=/PATH/TO/SOMEFILE
- kubectl config set-context
- kubectl config use-context
$ kubectl create serviceaccount dashboard -n kubernetes-dashboard
$ kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
$ kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard
$ kubectl describe sa dashboard -n kubernetes-dashboard
Name: dashboard
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: dashboard-token-vtncb
Tokens: dashboard-token-vtncb
Events: <none>
$ kubectl describe secret dashboard-token-vtncb -n kubernetes-dashboard
将查询结果中的"token值"复制到UI上,即可完成登录;
因为我们将创建的serviceaccount绑定在了cluster-admin上面,所有cluster-admin角色拥有的权限,在这里这个Pod(Dashboard)都有;
KubeConfig认证方式登录:
- 创建ServiceAccount,根据其管理目标,使用rolebinding或clusterrolebinding绑定至合理role或clusterrole;
- 获取secret的详细信息,
$ kubectl craete serviceaccount def-ns-admin -n default $ kubectl config set-cluster kubernetes --server="https://192.168.133.128:6443" --certificate-authority=/etc/kubernetes/pki/ca.crt --kubeconfig=./def-ns-admin.conf $ kubectl config view --kubeconfig=./def-ns-admin.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crt server: https://192.168.133.128:6443 name: kubernetes contexts: [] current-context: "" kind: Config preferences: {} users: [] # 基于serviceaccount的Token与API Server进行认证; $ kubectl get secret NAME TYPE DATA AGE def-ns-admin-token-qhkfj kubernetes.io/service-account-token 3 31m $ DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-qhkfj -o jsonpath={.data.token} | base64 -d) $ kubectl config set-credentials def-ns-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=./def-ns-admin.conf $ kubectl config view --kubeconfig=./def-ns-admin.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crt server: https://192.168.133.128:6443 name: kubernetes contexts: [] current-context: "" kind: Config preferences: {} users: - name: def-ns-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3Vud
C9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1xaGtmaiIsIm
t1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW5
0L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyNmNlMWZhNC0yZWUwLTRlZTktYmMzZi1lZDg3MTViOTE4NTQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVm
YXVsdDpkZWYtbnMtYWRtaW4ifQ.l_BMlpcuoSmTHZktsCJHdieXinpNHgD8SBM765dF4e7dnftCKJkhteWlYudO2fbzrphhd2hHLXob6O6ttV_tTUMkbcfK7ZwtVZ
QUbAm0k00ir9hsifmhAELMNL12TCqa7bnMTkzMw0IKS6fICr_wSyVYFgBgrdX_mn-nk7GN-sDyf1BxXrYZ9iyf6rAJfdRWmv2_C5an0jJwUeQ8xHp-wMJCH_CqmU6
9i8VcUL8Sy6QngtQ5wuSg6OC2ybUsnQJalTDcoJw4MbctxM6eh-QT-Uwyk4-wjz2vVJtv0DvhvQQC-equ99N9g1Nd3Gg7FMOwBZdM6-DMyNoeCcRKwBaLfw $ kubectl config view --kubeconfig=./def-ns-admin.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crt server: https://192.168.133.128:6443 name: kubernetes contexts: - context: cluster: kubernetes user: def-ns-admin name: def-ns-admin@kubernetes current-context: "" kind: Config preferences: {} users: - name: def-ns-admin user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3Vud
C9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1xaGtmaiIsIm
t1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW5
0L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyNmNlMWZhNC0yZWUwLTRlZTktYmMzZi1lZDg3MTViOTE4NTQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVm
YXVsdDpkZWYtbnMtYWRtaW4ifQ.l_BMlpcuoSmTHZktsCJHdieXinpNHgD8SBM765dF4e7dnftCKJkhteWlYudO2fbzrphhd2hHLXob6O6ttV_tTUMkbcfK7ZwtVZ
QUbAm0k00ir9hsifmhAELMNL12TCqa7bnMTkzMw0IKS6fICr_wSyVYFgBgrdX_mn-nk7GN-sDyf1BxXrYZ9iyf6rAJfdRWmv2_C5an0jJwUeQ8xHp-wMJCH_CqmU6
9i8VcUL8Sy6QngtQ5wuSg6OC2ybUsnQJalTDcoJw4MbctxM6eh-QT-Uwyk4-wjz2vVJtv0DvhvQQC-equ99N9g1Nd3Gg7FMOwBZdM6-DMyNoeCcRKwBaLfw $ kubectl config use-context def-ns-admin@kubernetes --kubeconfig=./def-ns-admin.conf $ sz ./def-ns-admin.conf
