部署dashboard极速入门
介绍说明
dashboard是一款图形化管理K8S集群的解决方案。
参考链接:
https://github.com/kubernetes/dashboard/releases?page=9
1.下载资源清
[root@master231 dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
SVIP:
[root@master231 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/dashboard/01-dashboard.yaml
2.导入镜像
wget http://192.168.21.253/Resources/Kubernetes/Add-ons/dashboard/oldboyedu-dashboard-v2.5.1.tar.gz
操作以及结果
[root@worker232 ~]# docker load -i oldboyedu-dashboard-v2.5.1.tar.gz
[root@worker232 ~]# docker tag harbor.oldboyedu.com/oldboyedu-add-ons/dashboard:v2.5.1 harbor250.oldboyedu.com/oldboyedu-add-ons/dashboard:v2.5.1
[root@worker232 ~]#
[root@worker232 ~]# docker push harbor250.oldboyedu.com/oldboyedu-add-ons/dashboard:v2.5.1
[root@worker232 ~]# wget http://192.168.21.253/Resources/Kubernetes/Add-ons/dashboard/oldboyedu-metrics-scraper-v1.0.7.tar.gz
[root@worker232 ~]# docker load -i oldboyedu-metrics-scraper-v1.0.7.tar.gz
[root@worker232 ~]# docker tag harbor.oldboyedu.com/oldboyedu-add-ons/metrics-scraper:v1.0.7 harbor250.oldboyedu.com/oldboyedu-add-ons/metrics-scraper:v1.0.7
[root@worker232 ~]#
[root@worker232 ~]# docker push harbor250.oldboyedu.com/oldboyedu-add-ons/metrics-scraper:v1.0.7
vim 01-dashboard.yaml
- 1.将8443的svc的类型改为LoadBalancer;
- 2.修改2个镜像的名称即可;
4.部署服务
部署服务
root@master231 dashboard]# kubectl apply -f 01-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-9d986c98c-x8gzf 1/1 Running 0 23s
pod/kubernetes-dashboard-5ccf77bb87-sd7z7 1/1 Running 0 23s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.200.253.69 <none> 8000/TCP 23s
service/kubernetes-dashboard LoadBalancer 10.200.75.249 10.0.0.153 443:8443/TCP 23s
[root@master231 dashboard]#
6.访问Dashboard
https://10.0.0.153/#/login
输入神秘代码: "thisisunsafe".
7.基于token登录实战
- 7.1 创建sa
[root@master231 dashboard]# kubectl create serviceaccount linux97 -o yaml --dry-run=client > 02-sa.yaml
[root@master231 dashboard]#
[root@master231 dashboard]# vim 02-sa.yaml
[root@master231 dashboard]#
[root@master231 dashboard]# cat 02-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: linux97
[root@master231 dashboard]#
[root@master231 dashboard]# kubectl apply -f 02-sa.yaml
serviceaccount/linux97 created
[root@master231 dashboard]#
[root@master231 dashboard]# kubectl get -f 02-sa.yaml
NAME SECRETS AGE
linux97 1 5s
[root@master231 dashboard]#
[root@master231 dashboard]# kubectl get sa linux97
NAME SECRETS AGE
linux97 1 13s
[root@master231 dashboard]#
- 7.2 将sa和内置集群角色绑定
[root@master231 dashboard]# kubectl create clusterrolebinding dashboard-linux97 --clusterrole=cluster-admin --serviceaccount=default:linux97 -o yaml --dry-run=client > 03-clusterrolebinding-sa.yaml
[root@master231 dashboard]#
[root@master231 dashboard]# vim 03-clusterrolebinding-sa.yaml
[root@master231 dashboard]#
[root@master231 dashboard]# cat 03-clusterrolebinding-sa.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-linux97
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: linux97
namespace: default
[root@master231 dashboard]#
[root@master231 dashboard]# kubectl apply -f 03-clusterrolebinding-sa.yaml
clusterrolebinding.rbac.authorization.k8s.io/dashboard-linux97 created
[root@master231 dashboard]#
[root@master231 dashboard]# kubectl get clusterrolebindings dashboard-linux97
NAME ROLE AGE
dashboard-linux97 ClusterRole/cluster-admin 11s
[root@master231 dashboard]#
[root@master231 dashboard]# kubectl get clusterrolebindings dashboard-linux97 -o wide
NAME ROLE AGE USERS GROUPS SERVICEACCOUNTS
dashboard-linux97 ClusterRole/cluster-admin 44s default/linux97
[root@master231 dashboard]#
- 7.3 浏览器使用token登录【注意,你的token和我的不一样】
[root@master231 dashboard]# kubectl get secrets `kubectl get sa linux97 -o jsonpath='{.secrets[0].name}'` -o jsonpath='{.data.token}' |base64 -d ; echo
eyJhbGciOiJSUzI1NiIsImtpZCI6IlNCUF9mT01TOHVleGIxc1JvdzdzODhPMVg2YmExdm5weWpJZ3BLUDVNQWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImxpbnV4OTctdG9rZW4tcGZmeHgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibGludXg5NyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImU4YmZkMTE0LWY5NzItNGQyZC1iYjI4LTY4NWFiZTMxMjE1OSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmxpbnV4OTcifQ.Y5UNPod7a5HyjJjia_a25lARq9aZT9sS50rH9I9-j8ldYNeoZybMC0vohPBCnEy_aVknNNzTn2WTCQaN0wKg6dIjQNCvodegmf_h8yU0u63KGB5XggkcJvSdA7OeehAViZ9c-u9vQF_WsT4PujSw73aqhbGbtazmvgCrxOTYNYE0ZyPwqibGvm7kqmSnDiE_0ajX2tNR3G-OSGUbZF-FeZeJdEJ8QJsOct63wTyBNnmlFEebuVr9QELMgtNrzIvZjIOdfb0VhV1mFLqqFQymtmRuGQDbIisgv_ci6EUjwl41A_myceuclbzcFKiO4pIk9VKQdjmj3BjpodNA1ArRUw
[root@master231 dashboard]#
使用Kubeconfig授权登录实战(彩蛋)
配置文件详解
1.创建kubeconfig文件
cat > oldboyedu-generate-context-conf.sh <<'EOF'
#!/bin/bash
# auther: Jason Yin
# 获取secret的名称
SECRET_NAME=`kubectl get sa linux97 -o jsonpath='{.secrets[0].name}'`
# 指定API SERVER的地址
API_SERVER=10.0.0.231:6443
# 指定kubeconfig配置文件的路径名称
KUBECONFIG_NAME=./oldboyedu-k8s-dashboard-admin.conf
# 获取用户的tocken
TOCKEN=`kubectl get secrets $SECRET_NAME -o jsonpath={.data.token} | base64 -d`
# 在kubeconfig配置文件中设置群集项
kubectl config set-cluster oldboyedu-k8s-dashboard-cluster --server=$API_SERVER --kubeconfig=$KUBECONFIG_NAME
# 在kubeconfig中设置用户项
kubectl config set-credentials oldboyedu-k8s-dashboard-user --token=$TOCKEN --kubeconfig=$KUBECONFIG_NAME
# 配置上下文,即绑定用户和集群的上下文关系,可以将多个集群和用户进行绑定哟~
kubectl config set-context oldboyedu-admin --cluster=oldboyedu-k8s-dashboard-cluster --user=oldboyedu-k8s-dashboard-user --kubeconfig=$KUBECONFIG_NAME
# 配置当前使用的上下文
kubectl config use-context oldboyedu-admin --kubeconfig=$KUBECONFIG_NAME
EOF
bash oldboyedu-generate-context-conf.sh
kuboard快速入门实战
步骤以及命令
官网地址:
https://kuboard.cn/
参考链接:
https://kuboard.cn/install/v3/install-in-k8s.html
1.部署kuboard
[root@master231 kuboard]# wget https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
[root@master231 kuboard]# kubectl apply -f kuboard-v3-swr.yaml
namespace/kuboard created
configmap/kuboard-v3-config created
serviceaccount/kuboard-boostrap created
clusterrolebinding.rbac.authorization.k8s.io/kuboard-boostrap-crb created
daemonset.apps/kuboard-etcd created
deployment.apps/kuboard-v3 created
service/kuboard-v3 created
[root@master231 kuboard]#
[root@master231 kuboard]# kubectl get pods -n kuboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kuboard-agent-2-55b9bfbb7c-89nff 1/1 Running 2 (2m43s ago) 2m55s 10.100.0.56 master231 <none> <none>
kuboard-agent-6f4885bcd7-7xzz8 1/1 Running 2 (2m44s ago) 2m55s 10.100.0.55 master231 <none> <none>
kuboard-etcd-trt8q 1/1 Running 0 3m58s 10.0.0.231 master231 <none> <none>
kuboard-v3-685dc9c7b8-bhqfw 1/1 Running 0 3m58s 10.100.0.54 master231 <none> <none>
[root@master231 kuboard]#
镜像地址:
http://192.168.14.253/Resources/Kubernetes/Project/kuboard/kuboard-on-k8s/kuboard-v3-swr.yaml
2.访问 Kuboard
[root@master231 kuboard]# kubectl get svc -n kuboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kuboard-v3 NodePort 10.200.117.52 <none> 80:30080/TCP,10081:30081/TCP,10081:30081/UDP 4m36s
[root@master231 kuboard]#
在浏览器中打开链接 http://10.0.0.233:30080
输入初始用户名和密码,并登录
用户名: admin
密码: Kuboard123
浙公网安备 33010602011771号