当前位置:网站首页>Kubernetes-18: installation and use of dashboard

Kubernetes-18: installation and use of dashboard

2020-11-09 19:33:00 Vfan-Cloud

Helm install Dashboard

brief introduction

Dashboard yes kubernetes Graphical management tools for , It can be seen intuitively that k8s The current operation of each type of controller in , as well as Pod Log , In addition, you can also directly in dashboard Modify the resource list of existing resources in .

 

 

 

install

Be careful : The premise is that it has been installed helm Tools , If not installed, please refer to my other essays :https://www.cnblogs.com/v-fan/p/13949025.html

#  install  helm  Of  repo Source 
helm repo add k8s-dashboard https://kubernetes.github.io/dashboard
​
#  install Dashboard, Be careful : To install to kube-system Only in the name space can you control the whole cluster 
[root@Centos8 ~]# helm install k8s-dashboard/kubernetes-dashboard --version 2.6.0 -n k8s-dashboard --namespace kube-system
NAME:   k8s-dashboard
LAST DEPLOYED: Sat Sep 12 11:43:46 2020
NAMESPACE: kube-system
STATUS: DEPLOYED
​
RESOURCES:
==> v1/ClusterRole
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ClusterRoleBinding
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ConfigMap
NAME                                         DATA  AGE
k8s-dashboard-kubernetes-dashboard-settings  0     1s
​
==> v1/Deployment
NAME                                READY  UP-TO-DATE  AVAILABLE  AGE
k8s-dashboard-kubernetes-dashboard  0/1    1           0          1s
​
==> v1/Pod(related)
NAME                                                 READY  STATUS             RESTARTS  AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79  0/1    ContainerCreating  0         1s
​
==> v1/Role
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/RoleBinding
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/Secret
NAME                                      TYPE    DATA  AGE
k8s-dashboard-kubernetes-dashboard-certs  Opaque  0     1s
kubernetes-dashboard-csrf                 Opaque  0     1s
kubernetes-dashboard-key-holder           Opaque  0     1s
​
==> v1/Service
NAME                                TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)  AGE
k8s-dashboard-kubernetes-dashboard  ClusterIP  10.111.75.108  <none>       443/TCP  1s
​
==> v1/ServiceAccount
NAME                                SECRETS  AGE
k8s-dashboard-kubernetes-dashboard  1        1s
​
​
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************
​
Get the Kubernetes Dashboard URL by running:
  export POD_NAME=$(kubectl get pods -n kube-system -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=k8s-dashboard" -o jsonpath="{.items[0].metadata.name}")
  echo https://127.0.0.1:8443/
  kubectl -n kube-system port-forward $POD_NAME 8443:8443

In the echo, you can see , stay kube-system Under the name space is k8s Create cluster ClusterRole、ClusterRoleBinding、ConfigMap、Deployment、Pod(related)、Role、RoleBinding、Secret、Service and ServiceAccount And so on

Details available helm The official manual :https://hub.helm.sh/charts/k8s-dashboard/kubernetes-dashboard

 

View yes Pod Whether it starts normally 
[root@Centos8 dashboard]# kubectl get pod -n kube-system
NAME                                                 READY   STATUS        RESTARTS   AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79   0/1     ImagePullBackOff   0  2m59s

Find out Pod Status as ImagePullBackOff , Because of the mirror image , Take a look at the required image :

[root@Centos8 dashboard]# kubectl describe pod k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79 -n kube-system
  Normal   BackOff    72s (x7 over 3m13s)   kubelet, testcentos7  Back-off pulling image "kubernetesui/dashboard:v2.0.3"

 

Import the image manually , And pass in all the node The node can be :

[root@Centos8 dashboard]# docker pull kubernetesui/dashboard:v2.0.3
v2.0.3: Pulling from kubernetesui/dashboard
d5ba0740de2a: Pull complete 
Digest: sha256:45ef224759bc50c84445f233fffae4aa3bdaec705cb5ee4bfe36d183b270b45d
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.3

Look again Pod state , The normal operation :

[root@Centos8 ~]# kubectl get pod -n kube-system
NAME                                                  READY   STATUS    RESTARTS   AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79   1/1     Running   0          102s

 

To configure

modify service Of type The type is Nodeport, Make it accessible externally 

#  The default is  ClusterIp
[root@Centos8 ~]# kubectl get svc -n kube-system
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   
k8s-dashboard-kubernetes-dashboard   ClusterIP   10.111.75.108    <none>        443/TCP   
​
#  modify 
[root@Centos8 ~]# kubectl edit svc k8s-dashboard-kubernetes-dashboard -n kube-system
...
ports:
  - name: https
    nodePort: 30001
type: NodePort
...
service/k8s-dashboard-kubernetes-dashboard edited
​
# Modification successful 
[root@Centos8 ~]# kubectl get svc -n kube-system
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   
k8s-dashboard-kubernetes-dashboard   NodePort    10.111.75.108    <none>    443:30001/TCP

Dashboard The default is https

 

visit

https://192.168.152.53:3000

 

 

Prompt selection is to use Token How to connect or Kubeconfig Way to connect , Look at your mood .

Use... Here Token Connect , see Token Method :

[root@Centos8 ~]# kubectl get secret -n kube-system |grep dashboard
k8s-dashboard-kubernetes-dashboard-certs         Opaque                                0 
k8s-dashboard-kubernetes-dashboard-token-xpjj8   kubernetes.io/service-account-token   3 
​
[root@Centos8 ~]# kubectl describe secret k8s-dashboard-kubernetes-dashboard-token-xpjj8 -n kube-system | grep token
Name:         k8s-dashboard-kubernetes-dashboard-token-xpjj8
Type:  kubernetes.io/service-account-token
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrOHMtZGFzaGJvYXJkLWt1YmVybmV0ZXMtZGFzaGJvYXJkLXRva2VuLXhwamo4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Ims4cy1kYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1YjRjMzViYi02Mzc3LTRhY2EtYWY0Yy1mZmQyYjg2OWFmM2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06azhzLWRhc2hib2FyZC1rdWJlcm5ldGVzLWRhc2hib2FyZCJ9.WTibcCYSOqTpfyTBT6vqsHULTfmWh3TU3NcQHIf-yZw-r5pdd2H5Edz4VqG6d_Ef1zwCzD6Burvdq80gQps7Ju9FdxLl_cjNgq6r9fycaYUMIedrgof7w43BIyBiwh064f3SFpJuZToVxErdHBnLToDpiNjJ0rbsn79oRufA6VRbqA0ogstcFfZ55lWGuEZ7JoDOUH_vno1geZQvk8LJLfd75EeMEBaq_F7I_7go5cydPvi11Sm3hKigOY53wwsBlvNJ3FlTfZMAxPb5IP024cJB-zXXdZjiUDGzeagcwAqrKdKwZl78RW1q0VXM5QwtL08dOBDgoOHMFeiSkeEjyw

take Token Paste the value of into the web page , Click login to .

 

however , By default , Go straight into , It does not have access to the entire cluster itself , So we have to deal with dashborad Of SA Carry out a ClusterRoleBinding The operation of :

vim dashbindins.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-1
subjects:
- kind: ServiceAccount
  name: k8s-dashboard-kubernetes-dashboard
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

take cluster-admin Give permission to the name k8s-dashboard-kubernetes-dashboard Of SA,cluster-admin Is the default role of the cluster , Have all permissions for the entire cluster , If there are personalized needs , Define one for yourself ClusterRole It's OK, too

 

Binding :

[root@Centos8 dashboard]# kubectl create -f dashbindins.yaml 
clusterrolebinding.rbac.authorization.k8s.io/dashboard-1 created

When the binding is complete , Refresh again dashboard The interface of , You can see the resources of the entire cluster .

 

Personalized parameters

Dashboard By default https In the form of , as everyone knows ,https You need to bind the certificate , Let's go directly through helm Method is installed with auto binding config Certificate in file :

crt:grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d
kry:grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

 

But if we want to define our own https certificate , We can create dashboard When using the method of specifying variables :

First the dashboard Download the file :

[root@Centos8 dashboard]# helm fetch k8s-dashboard/kubernetes-dashboard
[root@Centos8 dashboard]# ls
kubernetes-dashboard-2.6.0.tgz
​
[root@Centos8 dashboard]# tar zxvf kubernetes-dashboard-2.6.0.tgz
[root@Centos8 kubernetes-dashboard]# ls
charts  Chart.yaml  README.md  requirements.lock  requirements.yaml  templates  values.yaml

 

Create a variable file :

vim dashboardvaluse.yaml

image: 
  repository: k8s.gcr.io/kubernetes-dashboard-amd64 #  Specify the repository 
  tag: v1.10.1  # Specify the version 
ingress:
  enabled: true #ingress Open or not 
  hosts:
  - k8s.vfancloud.com   # Specify domain name 
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  tls:  # Appoint secret, That is to specify your certificate 
  - secretName: repository-ssl
    hosts:
    - k8s.vfancloud.com
rbac:
  clusterAdminRole: true

establish tls:kubectl create secret tls repository-ssl --key server.key --cert server.crt

 

After editing , Create with -f Specify this variable file :

[root@Centos8 kubernetes-dashboard]# helm install . --version 2.6.0 -n k8s-dashboard --namespace kube-system -f dashboardvaluse.yaml
NAME:   k8s-dashboard
LAST DEPLOYED: Wed Sep 23 21:58:42 2020
NAMESPACE: kube-system
STATUS: DEPLOYED
​
RESOURCES:
==> v1/ClusterRole
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ClusterRoleBinding
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ConfigMap
NAME                                         DATA  AGE
k8s-dashboard-kubernetes-dashboard-settings  0     2s
​
==> v1/Deployment
NAME                                READY  UP-TO-DATE  AVAILABLE  AGE
k8s-dashboard-kubernetes-dashboard  0/1    1           0          2s
​
==> v1/Pod(related)
NAME                                                 READY  STATUS             RESTARTS  AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-5dkhj  0/1    ContainerCreating  0         1s
​
==> v1/Role
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/RoleBinding
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/Secret
NAME                                      TYPE    DATA  AGE
k8s-dashboard-kubernetes-dashboard-certs  Opaque  0     2s
kubernetes-dashboard-csrf                 Opaque  0     2s
kubernetes-dashboard-key-holder           Opaque  0     2s
​
==> v1/Service
NAME                                TYPE       CLUSTER-IP   EXTERNAL-IP  PORT(S)  AGE
k8s-dashboard-kubernetes-dashboard  ClusterIP  10.97.71.25  <none>       443/TCP  2s
​
==> v1/ServiceAccount
NAME                                SECRETS  AGE
k8s-dashboard-kubernetes-dashboard  1        2s
​
==> v1beta1/Ingress
NAME                                HOSTS              ADDRESS  PORTS  AGE
k8s-dashboard-kubernetes-dashboard  hub.vfancloud.com  80, 443  2s
​
​
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************
From outside the cluster, the server URL(s) are:
     https://hub.vfancloud.com

thus , The following steps are the same as those shown above , binding ClusterRole You can use https://hub.vfancloud.com Visit , The above variable file only specifies some values , Specific other optional variables can be viewed on the official website .

 

Use the domain name to access :https://hub.vfancloud.com:31087

版权声明
本文为[Vfan-Cloud]所创,转载请带上原文链接,感谢

边栏推荐

猜你喜欢

随机推荐