k8s配置Dashboard

发表于   |   更新于 | 分类于 | | 阅读次数: | 总览

    K8S Dashboard是官方的一个基于WEB的用户界面,专门用来管理K8S集群,并可展示集群的状态。K8S集群安装好后默认没有包含Dashboard,我们需要额外创建它。

1、安装dashboard

1.1、下载准备需要的文件

经过修改过后的文件,已经可以正常使用的文件

  • 创建dashboard
    1
    2
    3
    4
    5
    6
    7
    [root@k8s-master-01 dashboard]# kubectl create -f kubernetes-dashboard.yaml 
    secret/kubernetes-dashboard-certs created
    serviceaccount/kubernetes-dashboard created
    role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
    rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
    deployment.apps/kubernetes-dashboard created
    service/kubernetes-dashboard created

1.2、查看服务状态和pod

1
2
3
4
5
[root@k8s-master-01 ~]# kubectl get service --all-namespaces
NAMESPACE     NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
default       kubernetes             ClusterIP   10.254.0.1      <none>        443/TCP         18h
kube-system   coredns                ClusterIP   10.254.0.10     <none>        53/UDP,53/TCP   16h
kube-system   kubernetes-dashboard   NodePort    10.254.51.226   <none>        443:30001/TCP   15h

  • 查看service描述

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    [root@k8s-master-01 ~]# kubectl describe  service kubernetes-dashboard -n kube-system
    Name:                     kubernetes-dashboard
    Namespace:                kube-system
    Labels:                   k8s-app=kubernetes-dashboard
    Annotations:              <none>
    Selector:                 k8s-app=kubernetes-dashboard
    Type:                     NodePort
    IP:                       10.254.51.226
    Port:                     <unset>  443/TCP
    TargetPort:               8443/TCP
    NodePort:                 <unset>  30001/TCP
    Endpoints:                10.254.39.3:8443
    Session Affinity:         None
    External Traffic Policy:  Cluster
    Events:                   <none>

  • 查看pod描述

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    [root@k8s-master-01 ~]# kubectl describe pod kubernetes-dashboard-6c655d9445-6zntr --namespace=kube-system
    Name:           kubernetes-dashboard-6c655d9445-6zntr
    Namespace:      kube-system
    Node:           172.21.17.31/172.21.17.31
    Start Time:     Thu, 29 Aug 2019 17:47:20 +0800
    Labels:         k8s-app=kubernetes-dashboard
                    pod-template-hash=6c655d9445
    Annotations:    <none>
    Status:         Running
    IP:             10.254.39.3

2、授权Dashboard账户集群管理权限

若果不进行授权操作,打开dashboard会报错,如下图
img

  • 新建kubrnetes-dashboard-admin-rbac.yaml

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    # cat kubernetes-dashboard-admin-rbac.yaml 
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: admin-user
      namespace: kube-system
    ---
    # Create ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: admin-user
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: admin-user
      namespace: kube-system

  • 执行创建

    1
    # kubectl create -f kubernetes-dashboard-admin-rbac.yaml

找到kubernete-dashboard-admin的token,复制token在dashboard页面进行登录,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@k8s-master-01 dashboard]# kubectl -n kube-system get secret | grep admin-user
admin-user-token-qv49g             kubernetes.io/service-account-token   3      15h

[root@k8s-master-01 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-qv49g
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: ea3f0e3f-ca42-11e9-8716-fa163effd55b

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1359 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXF2NDlnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlYTNmMGUzZi1jYTQyLTExZTktODcxNi1mYTE2M2VmZmQ1NWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.AbdsJdgi9d0rCYrmvoJkWf32HKSMT03OyOX55aRhPptjzIjDcGxxQYecT0w58N7Z_2L2RwTBfOrm4B3wTEDfFZKgYsnGJQOzJMtZDN9w5YJg2xGQ27E3KisTbbQzd_I5DgxSZWW75GwWf756_bIQpWuXNRO_KjheyWuNNv0tSEYRiXpcboSQpb-8R-Km-vP85mxke6s5cJFSk0WLMjFWow1vOF1ns23NZ5nslEmYOMZF3_Fxybh3LbiCyrpD4c0FtfRcXaBIBqACeyCPRriYMIIJq3OJjI-DzuqUedu1x2xH2prB4mNjxlKt2-7q0M1zCuvm5JhW_LzWgveu9ni2ig

3、配置文件修改说明

    dashboard 文件被修改,默认的token失效的时间是900秒,15分钟,每15分钟就要进行一次认证,这样对于运维人员来说就不是特别的方便,我们可以通过修改token-ttl参数来设置,主要是修改dashborad的yaml文件,并重新建立即可

3.1、在配置文件修改/添加

1
2
3
4
5
6
ports:
- containerPort: 8443
  protocol: TCP
args:
  - --auto-generate-certificates
  - --token-ttl=43200
  • 重建pod
    1
    [root@k8s-master-01 dashboard]# kubectl apply -f kubernetes-dashboard.yaml

我们可以输入任意节点的ip加30001端口就可以访问dashboard, https://{ip}:30001。

其他操作

    每天我们来公司要登录dashboard的时候都要去输入一次token,每次去获取token的时候都要输入很长的一串,这里为了方便,可以写一个脚本,要token的时候执行一下脚本,就可以。

  • 创建脚本

    1
    2
    3
    # vim kube-token
    #!/bin/bash
    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

  • 设置脚本

    1
    2
    # chmod +x kube-token
    # mv kube-token /usr/bin
坚持原创技术分享,您的支持将鼓励我继续创作!
0%