一、Dashboard简介
Dashboard是一个基于Web的Kubernetes用户界面。您可以使用Dashboard将容器化应用程序部署到Kubernetes集群、对容器化应用程序进行故障排除以及管理集群资源。您可以使用Dashboard了解集群上运行的应用程序的概览,以及创建或修改单个Kubernetes资源(例如Deployment、Jobs、DaemonSet 等)。例如,您可以使用部署向导扩展部署、启动滚动更新、重新启动pod或部署新应用程序。
仪表板还提供有关集群中Kubernetes资源状态以及可能发生的任何错误的信息。
二、安装Kubernetes-dashboard
注意:K8s版本:V1.20.11,基于Kubernetes-dashboard2.2.0
1、下载配置文件
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
2、修改配置文件
[root@master ~]# vim recommended.yaml
# 需要修改的内容如下所示
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort# 增加内容 ports: - port: 443 targetPort: 8443 nodePort: 30000# 增加内容 selector: k8s-app: kubernetes-dashboard |
3、安装Dashboard
[root@master ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
4、查看secret
[root@master ~]# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-859g4 kubernetes.io/service-account-token 3 4m28s
kubernetes-dashboard-certs Opaque 0 4m28s
kubernetes-dashboard-csrf Opaque 1 4m28s
kubernetes-dashboard-key-holder Opaque 2 4m28s
kubernetes-dashboard-token-7l47s kubernetes.io/service-account-token 3 4m28s
5、查看Service
[root@master ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 172.16.133.136 <none> 8000/TCP 4m7s
kubernetes-dashboard NodePort 172.16.2.59 <none> 443:30000/TCP 4m7s
6、获取Token
[root@master ~]# kubectl describe secret -n kubernetes-dashboard kubernetes-dashboard-token-7l47s
Name: kubernetes-dashboard-token-7l47s
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 83838411-a84b-4d87-824e-e0f974a48e81
Type: kubernetes.io/service-account-token
Data
====
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlpZQmhlZXVmVXctQjlleG1ZVlhhbXZMb1k2Z1d2Z0FkaHFIRXU0MkNtZXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi03bDQ3cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjgzODM4NDExLWE4NGItNGQ4Ny04MjRlLWUwZjk3NGE0OGU4MSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.EQCjLReemQP8avSITvj_tjWWwSUK8Mgkt3hTYXJlXJfOtftEnQPKIE0OA32rUHMnbS7ViWSL5ju1Fie92HJ2ow8eSWfBKdFo9nvJ2jZMR97KCAP-HrUe7D98l_RjA1dyUWSkBlzQL2rhbcsbCr07AHu09bbmum4QaTkbOzv82LAvSyZe5nrWeu3bhXoOnX9narF4VMvAA18QK187SWIKb0lHJe-2uzbbsKaoTB7ntK53Vngr6uAk5H9p9auEq0ngucjA9sdX8rR_f577QjORi7WlbbDuZNUgf_oK7xep2MD1mAIiWZtx9vhuIUFoECMYkww-o9Fk01hglVUsOTflUA
ca.crt: 1066 bytes
方式二:
[root@master ~]# Token=$(kubectl -n kubernetes-dashboard get secret |awk '/kubernetes-dashboard-token/ {print $1}')
[root@master ~]# kubectl describe secrets -n kubernetes-dashboard ${Token} |grep token |awk 'NR==3 {print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6IlpZQmhlZXVmVXctQjlleG1ZVlhhbXZMb1k2Z1d2Z0FkaHFIRXU0MkNtZXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi03bDQ3cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjgzODM4NDExLWE4NGItNGQ4Ny04MjRlLWUwZjk3NGE0OGU4MSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.EQCjLReemQP8avSITvj_tjWWwSUK8Mgkt3hTYXJlXJfOtftEnQPKIE0OA32rUHMnbS7ViWSL5ju1Fie92HJ2ow8eSWfBKdFo9nvJ2jZMR97KCAP-HrUe7D98l_RjA1dyUWSkBlzQL2rhbcsbCr07AHu09bbmum4QaTkbOzv82LAvSyZe5nrWeu3bhXoOnX9narF4VMvAA18QK187SWIKb0lHJe-2uzbbsKaoTB7ntK53Vngr6uAk5H9p9auEq0ngucjA9sdX8rR_f577QjORi7WlbbDuZNUgf_oK7xep2MD1mAIiWZtx9vhuIUFoECMYkww-o9Fk01hglVUsOTflUA
7、登录Kubernetes-Dashboard
# 浏览器输入https://IP:30033/,如下图所示
# 输入Token登录,如下图,因为权限不足导致无法显示namespace资源
8、授权kubernetes-dashboard,防止找不到namespace资源
[root@master ~]# kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/serviceaccount-cluster-admin created
9、再次访问Kubernetes-Dashboard,如下图
10、设置Token过期时间
注意:用Token登陆kubernetes-dashboard,默认的token认证时间是900s/15分钟,失效需要重新登录非常麻烦,参数修改token过期时间为1天。
方式一:修改recommended.yaml文件,重新apply即可
[root@master ~]# vim recommended.yaml
spec: containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.2.0 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard - --token-ttl=86400# 增加参数 |
[root@master ~]# kubectl apply -f recommended.yaml
方式二:kubernetes-dashboard平台修改配置
1)选择kubernetes-dashboard命名空间
2)编辑deployment/kubernetes-dashboard配置文件
3)在对应位置添加- --token-ttl=86400
4)点击更新即可生效
