k8s配置Dashboard

    K8S Dashboard是官方的一个基于WEB的用户界面,专门用来管理K8S集群,并可展示集群的状态。K8S集群安装好后默认没有包含Dashboard,我们需要额外创建它。

1、安装dashboard

1.1、下载准备需要的文件

经过修改过后的文件,已经可以正常使用的文件

  • 创建dashboard
    1
    2
    3
    4
    5
    6
    7
    [root@k8s-master-01 dashboard]# kubectl create -f kubernetes-dashboard.yaml 
    secret/kubernetes-dashboard-certs created
    serviceaccount/kubernetes-dashboard created
    role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
    rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
    deployment.apps/kubernetes-dashboard created
    service/kubernetes-dashboard created

1.2、查看服务状态和pod

1
2
3
4
5
[root@k8s-master-01 ~]# kubectl get service --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 18h
kube-system coredns ClusterIP 10.254.0.10 <none> 53/UDP,53/TCP 16h
kube-system kubernetes-dashboard NodePort 10.254.51.226 <none> 443:30001/TCP 15h
  • 查看service描述

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    [root@k8s-master-01 ~]# kubectl describe  service kubernetes-dashboard -n kube-system
    Name: kubernetes-dashboard
    Namespace: kube-system
    Labels: k8s-app=kubernetes-dashboard
    Annotations: <none>
    Selector: k8s-app=kubernetes-dashboard
    Type: NodePort
    IP: 10.254.51.226
    Port: <unset> 443/TCP
    TargetPort: 8443/TCP
    NodePort: <unset> 30001/TCP
    Endpoints: 10.254.39.3:8443
    Session Affinity: None
    External Traffic Policy: Cluster
    Events: <none>
  • 查看pod描述

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    [root@k8s-master-01 ~]# kubectl describe pod kubernetes-dashboard-6c655d9445-6zntr --namespace=kube-system
    Name: kubernetes-dashboard-6c655d9445-6zntr
    Namespace: kube-system
    Node: 172.21.17.31/172.21.17.31
    Start Time: Thu, 29 Aug 2019 17:47:20 +0800
    Labels: k8s-app=kubernetes-dashboard
    pod-template-hash=6c655d9445
    Annotations: <none>
    Status: Running
    IP: 10.254.39.3

2、授权Dashboard账户集群管理权限

若果不进行授权操作,打开dashboard会报错,如下图
img

  • 新建kubrnetes-dashboard-admin-rbac.yaml

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    # cat kubernetes-dashboard-admin-rbac.yaml 
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: admin-user
    namespace: kube-system
    ---
    # Create ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
    name: admin-user
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
    subjects:
    - kind: ServiceAccount
    name: admin-user
    namespace: kube-system
  • 执行创建

    1
    # kubectl create -f kubernetes-dashboard-admin-rbac.yaml

找到kubernete-dashboard-admin的token,复制token在dashboard页面进行登录,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@k8s-master-01 dashboard]# kubectl -n kube-system get secret | grep admin-user
admin-user-token-qv49g kubernetes.io/service-account-token 3 15h

[root@k8s-master-01 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-qv49g
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: ea3f0e3f-ca42-11e9-8716-fa163effd55b

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXF2NDlnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlYTNmMGUzZi1jYTQyLTExZTktODcxNi1mYTE2M2VmZmQ1NWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.AbdsJdgi9d0rCYrmvoJkWf32HKSMT03OyOX55aRhPptjzIjDcGxxQYecT0w58N7Z_2L2RwTBfOrm4B3wTEDfFZKgYsnGJQOzJMtZDN9w5YJg2xGQ27E3KisTbbQzd_I5DgxSZWW75GwWf756_bIQpWuXNRO_KjheyWuNNv0tSEYRiXpcboSQpb-8R-Km-vP85mxke6s5cJFSk0WLMjFWow1vOF1ns23NZ5nslEmYOMZF3_Fxybh3LbiCyrpD4c0FtfRcXaBIBqACeyCPRriYMIIJq3OJjI-DzuqUedu1x2xH2prB4mNjxlKt2-7q0M1zCuvm5JhW_LzWgveu9ni2ig

3、配置文件修改说明

    dashboard 文件被修改,默认的token失效的时间是900秒,15分钟,每15分钟就要进行一次认证,这样对于运维人员来说就不是特别的方便,我们可以通过修改token-ttl参数来设置,主要是修改dashborad的yaml文件,并重新建立即可

3.1、在配置文件修改/添加

1
2
3
4
5
6
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --token-ttl=43200
  • 重建pod
    1
    [root@k8s-master-01 dashboard]# kubectl apply -f kubernetes-dashboard.yaml

我们可以输入任意节点的ip加30001端口就可以访问dashboard, https://{ip}:30001。

其他操作

    每天我们来公司要登录dashboard的时候都要去输入一次token,每次去获取token的时候都要输入很长的一串,这里为了方便,可以写一个脚本,要token的时候执行一下脚本,就可以。

  • 创建脚本

    1
    2
    3
    # vim kube-token
    #!/bin/bash
    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
  • 设置脚本

    1
    2
    # chmod +x kube-token
    # mv kube-token /usr/bin
坚持原创技术分享,您的支持将鼓励我继续创作!
0%