k8s使用 Dashboard

官方文檔位址：https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

安裝Dashboard

root@k8s-master:~# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

檢視namespace

root@k8s-master:~# kubectl get namespace
NAME                   STATUS   AGE
kubernetes-dashboard   Active   16m

root@k8s-master:~# kubectl get deployment --namespace=kubernetes-dashboard kubernetes-dashboard
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard        1/1     1            1           15m

root@k8s-master:~# kubectl get service --namespace=kubernetes-dashboard kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
kubernetes-dashboard        ClusterIP   10.110.248.161   <none>        443/TCP    34m

外網通路權限設定

kubectl proxy --address='0.0.0.0' --port=8888 --accept-hosts='^*$'
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' //預設8001端口

浏覽器通路：

http://192.168.20.223:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

添加使用者和綁定角色

cat > dash-admin-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:

- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
  EOF

root@k8s-master:~# kubectl apply -f dash-admin-user.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

生成token

root@k8s-master:~# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

輸入内容：
Name:         admin-user-token-42kpk
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: ba33d8bd-e949-44d5-909e-e5c02148c966

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ilk1dmVfZ3k2SjVZZlQ1b0w0aW5QMksyd3R1Rl8zWTFEaEtETC01Y1hxT3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTQya3BrIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYTMzZDhiZC1lOTQ5LTQ0ZDUtOTA5ZS1lNWMwMjE0OGM5NjYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.nSWaPC1_GNnt9yBilQfWoQnuMJPRZ6u4rWCFMLf0fOOvlEYW3vH6K9fbiqCsaJ7nMuxgs9irYc0t6UtCnYgviEvCayzTgExw7D8GurUwCXK45vjMLCT2_QhsKoDBCHaXoux-HMvNEAsirDcwnxI3xHaNoF3JEBXau-B8wTNNmGz_2Wk4xa1SgmThR3NKapJOZqQshK0QvqnRS7Brr7Qb8HJZYeOD1i6vte3wSTGNiLN9tkpvQy-JFFthxInuIXvMXx3cBZrKho6wxnvpjMX7mtP4IqBDDg5DxKx126j4L-FM9upkfOrFbaHj_6fVkLiMUWE3xdka_w9mjijod28mig

記錄最後一行的token。

如果沒記錄下來可以通過下面的方法查

找到使用者名

admin-user

裡的

Mountable secrets

是

admin-user-token-42kpk

,繼續查：

kubectl describe secrets --namespace=kubernetes-dashboard admin-user-token-42kpk

就能輸出token了

{status: 401, plugins: [], errors: [{,…}]}
errors: [{,…}]
0: {,…}
ErrStatus: {metadata: {}, status: "Failure", message: "MSG_LOGIN_UNAUTHORIZED_ERROR", reason: "Unauthorized",…}
code: 401
message: "MSG_LOGIN_UNAUTHORIZED_ERROR"
metadata: {}
reason: "Unauthorized"
status: "Failure"
plugins: []
status: 401

在本地電腦輸入
ssh -L localhost:8001:localhost:8001 -NT root@k8s-master
輸入root密碼成功轉發，浏覽器通路
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
輸入token，登入，登入成功。

kubernetes使用 Dashboardk8s使用 Dashboard

k8s使用 Dashboard

安裝Dashboard

外網通路權限設定

添加使用者和綁定角色

生成token

繼續閱讀

k8s Dashboard 調研

【k8s學習系列】第2篇，規模和更新部署k8s學習系列前言規模和更新部署總結

Kubernetes - Kubernetes 元件

k8s部署es叢集和kibana

kubernetes學習筆記--挂載GlusterFS存儲卷

Kubernetes - Xshell連接配接虛拟機 & 搭建Kubernetes基礎叢集

Kubernetes學習--資源管理方式

k8s資源管理1. 基礎2. 依賴3. Pod4. 控制器5. Service

3 第三章資源管理

kubernetes-雲原生技術進階第18講：Kubernetes 排程和資源管理第18講：Kubernetes 排程和資源管理一、Kubernetes 排程過程二、Kubernetes 基礎排程力三、Kubernetes 進階排程能力

通過serviceAccount的secret通路kubernetes API Server前提設定環境變量通過curl通路restAPI額外部分

cephadm離線搭建v17.2.0 Quincy版本Ceph叢集叢集規劃準備工作

使用jvm監控工具(jconsole、jvisualvm)通過jmx遠端連接配接kubernetes上的java應用

Error: docker-ce conflicts with 2:docker-1.13.1-53.git774336d.el7.centos.x86_64

golang建構Dockerfile，并打包成鏡像，運作在docker和k8s上

使用kubeadm+calico部署kubernetes v1.25.3