0
0

Kubernetes实战(二十六)-K8S 部署Dashboard UI

Kubernetes Dashboard是Kubernetes集群的通用、基于Web的UI。它允许用户管理集群中运行的应用程序并对其进行故障排除,以及管理集群本身。
访问到DashBoard有两种方式:

  • 通过KubernetesAPI访问:Dashboard是Kubernetes的内置的UI插件,由APIServer提供的一个URL提供访问入口:/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy,集群外部主机想要访问到Dashboard需要两个条件:kube-proxy创建一个端口并信任允许外部主机访问到KubernetesAPI+HTTPS协议!
  • 通过NodePort类型的Service访问:集群外部主机可直接通过"https://<任一节点主机IP>:"访问到DashBoard。

本文将采用通过NodePort类型的Service访问方式部署Dashboard UI。

参考文档:
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md#login-not-available

1 安装Dashboard

根据配置清单安装Dashboard,会创建Cluster类型的Service,仅只能从集群内部主机访问到Dashboard,所以这边需要简单修改一下,将Service修改为NodePort类型,这样外部主机也可以访问它。

  1. # wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml
  2. # vim kubernetes-dashboard.yaml
  3. kind: Service
  4. apiVersion: v1
  5. metadata:
  6.   labels:
  7.     k8s-app: kubernetes-dashboard
  8.   name: kubernetes-dashboard
  9.   namespace: kubernetes-dashboard
  10. spec:
  11.   type: NodePort
  12.   ports:
  13.     - port: 443
  14.       targetPort: 8443
  15.   selector:
  16.     k8s-app: kubernetes-dashboard
  17. # kubectl apply -f kubernetes-dashboard.yaml 
  18. namespace/kubernetes-dashboard created
  19. serviceaccount/kubernetes-dashboard created
  20. service/kubernetes-dashboard created
  21. secret/kubernetes-dashboard-certs created
  22. secret/kubernetes-dashboard-csrf created
  23. secret/kubernetes-dashboard-key-holder created
  24. configmap/kubernetes-dashboard-settings created
  25. role.rbac.authorization.k8s.io/kubernetes-dashboard created
  26. clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
  27. rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
  28. clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
  29. deployment.apps/kubernetes-dashboard created
  30. service/dashboard-metrics-scraper created
  31. deployment.apps/dashboard-metrics-scraper created
  32. # kubectl get pod --namespace=kubernetes-dashboard
  33. NAME                                         READY   STATUS    RESTARTS   AGE
  34. dashboard-metrics-scraper-799d786dbf-xx9j7   1/1     Running   0          3m16s
  35. kubernetes-dashboard-fb8648fd9-rgc2z         1/1     Running   0          3m17s

2 访问到Dashboard

  1. # kubectl get service --namespace=kubernetes-dashboard
  2. NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
  3. dashboard-metrics-scraper   ClusterIP   10.97.23.158    <none>        8000/TCP        4m6s
  4. kubernetes-dashboard        NodePort    10.103.40.153   <none>        443:32358/TCP   4m7s
  5. # netstat -lnupt |grep 32358
  6. tcp        0      0 0.0.0.0:32358           0.0.0.0:*               LISTEN      41631/kube-proxy

3 选择登录到Dashboard要使用的身份认证方式

登录进入Dashboard需要进行身份认证。
Dashboard服务在Pod中运行,Pod想要访问并获取到集群相关信息的话则需要创建一个ServiceAccount以验证身份。
Dashboard想要管理Kubernetes集群需要进行身份认证,目前支持Token和Kubeconfig两种方式。

Token:创建一个拥有集群角色"cluster-admin"的服务账户"dashboard-admin",然后使用dashboard-admin的Token即可!当然你也可以根据特殊需要创建拥有指定权限的集群角色将其绑定到对应的服务账户上,以管理集群中指定资源。

  1. # 创建一个专用于Dashboard的服务账户"dashboard-admin"
  2. # kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
  3. serviceaccount/dashboard-admin created
  4. # 为服务账户"dashboard-admin"绑定到拥有超级管理员权限的集群角色"cluster-admin"
  5. # 则dashboard-admin就拥有了超级管理员权限
  6. # kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
  7. clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
  8. # 创建的服务账户,会自动生成一个Token,它是Secret类型的资源对象
  9. # 我们可以使用以下操作获取到服务账户"dashboard-admin"的Token以用于Dashboard身份验证
  10. # kubectl get secrets -n kubernetes-dashboard |grep dashboard-admin-token
  11. dashboard-admin-token-2bxfl        kubernetes.io/service-account-token   3      66s
  12. # kubectl describe secrets/dashboard-admin-token-2bxfl -n kubernetes-dashboard
  13. Name:         dashboard-admin-token-2bxfl
  14. Namespace:    kubernetes-dashboard
  15. Labels:       <none>
  16. Annotations:  kubernetes.io/service-account.name: dashboard-admin
  17.               kubernetes.io/service-account.uid: 492a031e-db41-4a65-a8d4-af0e240e7f9d
  19. Type:  kubernetes.io/service-account-token
  21. Data
  22. ====
  23. ca.crt:     1103 bytes
  24. namespace:  20 bytes
  25. token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImFXTzZFUElaS2RoTUpScHFwNzJSNUN5eU1lcFNSZEZqNWNNbi1VbFV2Zk0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tMmJ4ZmwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDkyYTAzMWUtZGI0MS00YTY1LWE4ZDQtYWYwZTI0MGU3ZjlkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.l5VEIPd9nIsJuXMh86rjFHhkIoZmg5nlDw7Bixn0b3-KT1r6o7WRegq8DJyVk_iiIfRnrrz5jjuOOkCKwXwvI1NCfVdsuBKXFwFZ1Crc-BwHjIxWbGuZfEGxSbN8du4T4xcUuNU-7HuZQcGDY23uy68aPqWSm8UoIcOFwUgVcYkKlOuW76tIXxG_upxWpWZz74aMDUIkjar7sdWXzMr1m5G43TLE9Z_lKCgoV-hc4Fo9_Er-TIAPqDG6-sfZZZ9Raldvn3j380QDYahUKaGKabnOFDXbODKOQ1VKRizgiRTOqt-z9YRPTcyxQzfheKC8DTb2X8D-E4x6azulenNgqw

Kubeconfig:Token是很长的复杂的密钥字符串,使用它进行身份认证并不方便,所以Dashboard支持使用Kubeconfig文件的方式登陆到Dashboard。
基于上面Token的创建的服务账户,创建一个Kubeconfig配置文件。

  1. # 查看集群信息
  2. # kubectl cluster-info
  3. Kubernetes control plane is running at https://192.168.124.100:9443
  4. # 创建kubeconfig文件并设置集群相关
  5. # kubectl config set-cluster kubernetes --embed-certs=true --server="https://192.168.124.100:9443" --certificate-authority=/etc/kubernetes/pki/ca.crt --kubeconfig=dashboard-admin.kubeconfig
  6. # 设置认证相关到kubeconfig文件
  7. # 默认情况下服务账户的Token是base64编码格式,如果需要将其写到kubeconfig中的则需要使用"base64 -d"进行解
  8. # 码
  9. # Token=$(kubectl get secrets/dashboard-admin-token-2bxfl -n kubernetes-dashboard -o jsonpath={.data.token} |base64 -d)
  10. # kubectl config set-credentials dashboard-admin --token=${Token} --kubeconfig=./dashboard-admin.kubeconfig 
  11. # 设置上下文相关到kubeconfig文件
  12. # kubectl config set-context dashboard-admin --cluster=kubernetes  --user=dashboard-admin --kubeconfig=./dashboard-admin.kubeconfig 
  13. # 设置当前要使用的上下文到kubeconfig文件
  14. # kubectl config use-context dashboard-admin --cluster=kubernetes  --user=dashboard-admin --kubeconfig=./dashboard-admin.kubeconfig
  15. # 最后得到以下文件
  16. # cat dashboard-admin.kubeconfig
  17. apiVersion: v1
  18. clusters:
  19. - cluster:
  20.     certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQ0FYRFRJeU1EUXhNVEEwTXpnME1Gb1lEekl4TWpJd016RTRNRFF6T0RRd1dqQVZNUk13RVFZRApWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCjR0RDRmU2ZmcHU1WS9KUGJrQWgvdG0xS1lSeWQ5YU9MVk9xTDQyc1M5YmxiZGh0WU9QSHYvWEpVb1k1ZSs5MXgKUE9NbnZnWmhiR29uditHQWVFazRKeUl4MTNiTm1XUk1DZ1QyYnJIWlhvcm5QeGE0ZlVsNHg5K2swVEc5ejdIMAo0cjF5MFkzWXNXaGJIeHBwL0hvQzNRR2JVWVJyMm03NVgxTWUvdFFCL25FcUNybUZxNkRveEU3REIxMkRnemE4CjBrM3FwZllGZHBOcnZBakdIcUlSZ0ZxT24ybDVkb0c3bGVhbkIrY2wxQWltUnZCMDdQdlVKdVhrK1N5NUhmdnMKNzYyYXJRYklNMUlISkJ0ZXBaQzVjYi9pNGZhcWNrTXJaeTZvanlnN2JPcjBuMlpQcHV5SnR5QjhLMnJDZCtYZApTeXlrZG44S0MxRlRSR0p6dkdpaVRRSURBUUFCbzFrd1Z6QU9CZ05WSFE4QkFmOEVCQU1DQXFRd0R3WURWUjBUCkFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVucEhxdGJzZ01CcSt4Q1MzTVErWnk4akFpeFV3RlFZRFZSMFIKQkE0d0RJSUthM1ZpWlhKdVpYUmxjekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBRHhpR3c2bk5NV1hRMnVlRgppK2R2Nittc1FUT0JCWWJENkhIblVETUtnK0loaEcwclA5MkFRRjFWcUZaN1ZDSTgyWmJ5VnVWSmVvMjlkdjZpClBDeFJzWERxdHl0TG1CMkFPRUxXOFdqSCtheTZ5a3JYbGIwK1NIZ1Q3Q1NJRHhRdG9TeE8rK094WjhBb1JGMmUKTy94U1YxM0E0eG45RytmUEJETkVnWUJHbWd6L1RjSjZhYnljZnNNaGNwZ1kwKzJKZlJDemZBeFNiMld6TzBqaApucFRONUg2dG1ST3RlQ2h3anRWVDYrUXBUSzdkN0hjNmZlZ0w0S1pQZDEwZ0hyRFV1eWtpY01UNkpWNXNJSjArCmw5eWt2V1R2M2hEN0NJSmpJWnUySjdod0FGeW1hSmxzekZuZEpNZUFEL21pcDBMQk40OUdER2M2UFROdUw0WHEKeUxrYUhRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  21.     server: https://192.168.124.100:9443
  22.   name: kubernetes
  23. contexts:
  24. - context:
  25.     cluster: kubernetes
  26.     user: dashboard-admin
  27.   name: dashboard-admin
  28. current-context: dashboard-admin
  29. kind: Config
  30. preferences: {}
  31. users:
  32. - name: dashboard-admin
  33.   user:
  34.     token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImFXTzZFUElaS2RoTUpScHFwNzJSNUN5eU1lcFNSZEZqNWNNbi1VbFV2Zk0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tMmJ4ZmwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNDkyYTAzMWUtZGI0MS00YTY1LWE4ZDQtYWYwZTI0MGU3ZjlkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.l5VEIPd9nIsJuXMh86rjFHhkIoZmg5nlDw7Bixn0b3-KT1r6o7WRegq8DJyVk_iiIfRnrrz5jjuOOkCKwXwvI1NCfVdsuBKXFwFZ1Crc-BwHjIxWbGuZfEGxSbN8du4T4xcUuNU-7HuZQcGDY23uy68aPqWSm8UoIcOFwUgVcYkKlOuW76tIXxG_upxWpWZz74aMDUIkjar7sdWXzMr1m5G43TLE9Z_lKCgoV-hc4Fo9_Er-TIAPqDG6-sfZZZ9Raldvn3j380QDYahUKaGKabnOFDXbODKOQ1VKRizgiRTOqt-z9YRPTcyxQzfheKC8DTb2X8D-E4x6azulenNgqw

4 选择Kubeconfig文件登陆Dashboard即可

标签: kubernetes ui 容器
本文转载自: https://blog.csdn.net/ygq13572549874/article/details/136056789
版权归原作者 alden_ygq 所有, 如有侵权,请联系我们删除。
登录后发布评论

“Kubernetes实战(二十六)-K8S 部署Dashboard UI”的评论:

还没有评论
关于作者
...
overfit同步小助手
文章同步
相关阅读

网络安全法-网络运行安全

使用selenium/drissionpage时如何阻止chrome自动跳转http到https

docker desktop 里部署的Open WebUI 管理员密码忘记了的处理方法

在ubuntu20.04中搭建onsite比赛运行环境

利用开源的低代码表单设计器FcDesigner高效管理和渲染复杂表单结构

Kafka学习笔记

【前端】浏览器输入url到页面呈现发生了什么?