一、描述
kubernetes dashboard是kubernetes管理的Web UI的工具,您可以使用儀表板將容器化的應(yīng)用程序部署到Kubernetes集群,對(duì)容器化的應(yīng)用程序進(jìn)行故障排除以及管理集群資源。您可以使用Dashboard來概述集群上運(yùn)行的應(yīng)用程序,以及創(chuàng)建或修改單個(gè)Kubernetes資源(例如Deployments,Jobs,DaemonSets等)。例如,您可以使用部署向?qū)頂U(kuò)展部署,啟動(dòng)滾動(dòng)更新,重新啟動(dòng)Pod或部署新應(yīng)用程序。kubernetes dashboard還提供有關(guān)集群中Kubernetes資源狀態(tài)以及可能發(fā)生的任何錯(cuò)誤的信息。
如圖:
二、 部署kubernetes dashboard UI
默認(rèn)情況下,儀表板用戶界面未部署。要部署它,請(qǐng)運(yùn)行以下命令:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
域名:raw.githubusercontent.com,電信有可能訪問不了,移動(dòng)可以,可以通過手機(jī)移動(dòng)(是移動(dòng)卡的話)共享熱點(diǎn)解決。
2.1、命令行代理
您可以通過運(yùn)行以下命令,使用kubectl命令行工具訪問kubernetes dashboard
kubectl proxy
默認(rèn)會(huì)一直監(jiān)聽8001端口,對(duì)于我們開發(fā)來說,缺點(diǎn)很明只要這個(gè)進(jìn)程斷了,就訪問不了。
[http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/).
只能從執(zhí)行命令的計(jì)算機(jī)上訪問UI 。請(qǐng)參閱kubectl proxy --help以獲取更多選項(xiàng)。
2.2、Dashboard UI
如圖:
2.3、登錄令牌
現(xiàn)在,我們需要找到可用于登錄的令牌。執(zhí)行以下命令:
對(duì)于Bash:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
對(duì)于Powershell:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)
它應(yīng)該打印如下內(nèi)容:
Name: admin-user-token-v57nw
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 0303243c-4040-4a58-8a47-849ee9ba79c1
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ
現(xiàn)在復(fù)制令牌并將其粘貼到Enter token登錄屏幕上的字段中。
如圖:
登錄后的頁(yè)面如上第一張圖.
三、dashboard 開啟http 免密登陸
kubernetes dashboard 官方原版默認(rèn)開啟的https 及認(rèn)證,在個(gè)人環(huán)境或者私有環(huán)境中可以使用http及關(guān)閉認(rèn)證,方便登陸。
文本介紹修改dashboard yaml 方法,在 1.9 、1.10、2.0.0-beta8驗(yàn)證通過。
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
yaml 文件中鏡像地址可以換成阿里的,下載起來更快!鏡像對(duì)應(yīng)如下:
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0=registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
3.1、修改deployment
需要改兩處:
port 增加 9090, 原本鏡像中就是有9090 非安全端口的,只是yaml文件沒有暴露出來
args 下面 ‘- --auto-generate-certificates’ 注釋掉, 前面添加 #
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
name: https
- containerPort: 9090
protocol: TCP
name: http
args:
# - --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"beta.kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
3.2、修改service
1、增加端口,target指向9090
配置nodeport,方便通過節(jié)點(diǎn)ip+nodeport 訪問,即輸入 k8s節(jié)點(diǎn)ip:32000
就可以訪問到dashboard
2、注意記得添加 ‘ type: NodePort’
如下:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 32001
name: https
- port: 80
targetPort: 9090
nodePort: 32000
name: http
type: NodePort
selector:
k8s-app: kubernetes-dashboard
通過yaml文件創(chuàng)建,文件放在本地執(zhí)行更好。
kubectl create -f kubernetes-dashboard.yaml
3.2、訪問測(cè)試
通過節(jié)點(diǎn)ip:32000 訪問,現(xiàn)在訪問不用token,或賬戶密碼。
