gpt4 book ai didi

Kubernetes(k8s)Web-UI界面(一):部署和访问仪表板(Dashboard)

转载 作者:我是一只小鸟 更新时间:2023-06-29 14:31:23 24 4
gpt4 key购买 nike

目录
  • 一.系统环境
  • 二.前言
  • 三.仪表板(Dashboard)简介
  • 四.部署Kubernetes仪表板(Dashboard)
  • 五.访问Kubernetes仪表板(Dashboard)
    • 5.1 使用token登录Dashboard
    • 5.2 对sa账号kubernetes-dashboard授权
    • 5.3 访问Dashboard
  • 六.总结
  • 七.附加信息

一.系统环境

本文主要基于Kubernetes1.21.9和Linux操作系统CentOS7.4.

服务器版本 dashboard版本 docker软件版本 Kubernetes(k8s)集群版本 CPU架构
CentOS Linux release 7.4.1708 (Core) v2.5.1 Docker version 20.10.12 v1.21.9 x86_64

Kubernetes集群架构:k8scloude1作为master节点,k8scloude2,k8scloude3作为worker节点.

服务器 操作系统版本 CPU架构 进程 功能描述
k8scloude1/192.168.110.130 CentOS Linux release 7.4.1708 (Core) x86_64 docker,kube-apiserver,etcd,kube-scheduler,kube-controller-manager,kubelet,kube-proxy,coredns,calico k8s master节点
k8scloude2/192.168.110.129 CentOS Linux release 7.4.1708 (Core) x86_64 docker,kubelet,kube-proxy,calico k8s worker节点
k8scloude3/192.168.110.128 CentOS Linux release 7.4.1708 (Core) x86_64 docker,kubelet,kube-proxy,calico k8s worker节点

二.前言

Kubernetes仪表板(Dashboard)是一个基于Web的用户界面,用于可视化监控和管理Kubernetes集群。它提供了对集群资源、应用程序部署和状态等信息的实时查看和操作.

使用Kubernetes仪表板(Dashboard)的 前提 是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》 https://www.cnblogs.com/renshengdezheli/p/16686769.html.

三.仪表板(Dashboard)简介

Kubernetes仪表板是一个功能强大的工具,它允许您以图形化方式管理Kubernetes集群。通过仪表板,您可以:

  • 查看集群的总体概况、节点状态和资源使用情况。
  • 管理和监控Pod、Deployment、Service等Kubernetes对象。
  • 进行应用程序的故障诊断和调试。
  • 创建和编辑Deployment、Service、Ingress等资源配置。

了解了仪表板的基本功能后,让我们开始部署和访问Kubernetes仪表板.

四.部署Kubernetes仪表板(Dashboard)

本次部署的是2.5.1版本的dashboard,下载dashboard的安装yaml文件.

                        
                          [root@k8scloude1 safe]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml

[root@k8scloude1 safe]# ls recommended.yaml 
recommended.yaml

                        
                      

查看dashboard需要的镜像.

                        
                          [root@k8scloude1 safe]# grep image recommended.yaml 
          image: kubernetesui/dashboard:v2.5.1
          imagePullPolicy: Always
          image: kubernetesui/metrics-scraper:v1.0.7

                        
                      

提前在所有节点下载dashboard镜像和metrics-scraper镜像,外国的镜像下载不下来,我们下载阿里云的镜像.

在k8scloude1节点下载镜像.

                        
                          [root@k8scloude1 safe]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
v1.0.7: Pulling from google_containers/metrics-scraper
18dd5eddb60d: Pull complete 
1930c20668a8: Pull complete 
Digest: sha256:36d5b3f60e1a144cc5ada820910535074bdf5cf73fb70d1ff1681537eef4e172
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7

[root@k8scloude1 safe]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
v2.5.1: Pulling from google_containers/dashboard
d1d01ae59b08: Pull complete 
a25bff2a339f: Pull complete 
Digest: sha256:cc746e7a0b1eec0db01cbabbb6386b23d7af97e79fa9e36bb883a95b7eb96fe2
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1

[root@k8scloude1 safe]# docker images | egrep 'dashboard|metrics-scraper'
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard         v2.5.1      7fff914c4a61   10 days ago     243MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper   v1.0.7      7801cfc6d5c0   9 months ago    34.4MB

                        
                      

kubernetes集群的worker节点也下载相关镜像.

                        
                          [root@k8scloude2 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1

[root@k8scloude2 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7

[root@k8scloude2 ~]# docker images | egrep 'dashboard|metrics-scraper'
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard                v2.5.1                7fff914c4a61   10 days ago     243MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper          v1.0.7                7801cfc6d5c0   9 months ago    34.4MB


[root@k8scloude3 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1

[root@k8scloude3 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7

[root@k8scloude3 ~]# docker images | egrep 'dashboard|metrics-scraper'
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard         v2.5.1      7fff914c4a61   10 days ago     243MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper   v1.0.7      7801cfc6d5c0   9 months ago    34.4MB

                        
                      

修改yaml文件,把镜像换为我们下载好的镜像,镜像下载策略修改为imagePullPolicy: IfNotPresent.

                        
                          [root@k8scloude1 safe]# vim recommended.yaml 

[root@k8scloude1 safe]# grep image recommended.yaml 
          #image: kubernetesui/dashboard:v2.5.1
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
          imagePullPolicy: IfNotPresent
          #image: kubernetesui/metrics-scraper:v1.0.7
          image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
          imagePullPolicy: IfNotPresent

                        
                      

可以发现dashboard是以sa服务账号kubernetes-dashboard运行的,关于服务账号Service Accounts详细内容,请查看博客《 Kubernetes(k8s)服务账号Service Accounts 》.

                        
                          [root@k8scloude1 safe]# grep serviceAccountName recommended.yaml 
      serviceAccountName: kubernetes-dashboard
      serviceAccountName: kubernetes-dashboard

                        
                      

安装dashboard.

                        
                          [root@k8scloude1 safe]# kubectl apply -f recommended.yaml 
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

                        
                      

kubectl get all查看所有资源.

                        
                          [root@k8scloude1 safe]# kubectl get all -n kubernetes-dashboard
NAME                                             READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-7f458d9467-mrb7v   1/1     Running   0          73s
pod/kubernetes-dashboard-7bf6f979bf-c4ckm        1/1     Running   0          73s

NAME                                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/dashboard-metrics-scraper   ClusterIP   10.100.179.87   <none>        8000/TCP   73s
service/kubernetes-dashboard        ClusterIP   10.106.18.67    <none>        443/TCP    73s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           73s
deployment.apps/kubernetes-dashboard        1/1     1            1           73s

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-7f458d9467   1         1         1       73s
replicaset.apps/kubernetes-dashboard-7bf6f979bf        1         1         1       73s

                        
                      

dashboard的pod都运行起来了.

                        
                          [root@k8scloude1 safe]# kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7f458d9467-mrb7v   1/1     Running   0          2m28s
kubernetes-dashboard-7bf6f979bf-c4ckm        1/1     Running   0          2m28s

                        
                      

查看svc,kubernetes-dashboard这个svc的服务发布类型为ClusterIP,外部不能访问,我们需要修改为NodePort,关于svc的详细内容,请查看博客《 Kubernetes(k8s)服务service:service的发现和service的发布 》.

                        
                          [root@k8scloude1 safe]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.100.179.87   <none>        8000/TCP   2m48s
kubernetes-dashboard        ClusterIP   10.106.18.67    <none>        443/TCP    2m48s

                        
                      

修改svc,把type :ClusterIP改为type: NodePort.

                        
                          [root@k8scloude1 safe]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
service/kubernetes-dashboard edited

                        
                      

现在kubernetes-dashboard的svc类型就变为NodePort了.

                        
                          [root@k8scloude1 safe]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.100.179.87   <none>        8000/TCP        5m40s
kubernetes-dashboard        NodePort    10.106.18.67    <none>        443:31997/TCP   5m40s

                        
                      

五.访问Kubernetes仪表板(Dashboard)

5.1 使用token登录Dashboard

浏览器访问ip:31997即可访问dashboard界面(注意http访问不了),访问https://192.168.110.130:31997/,选择使用token登录.

image-20230626112838607

登录Dashboard的这个token,去对应的sa账号kubernetes-dashboard的secret里找.

每创建一个sa,都会有一个对应的secret(secret命名格式为:sa名-tokenXXXX).

                        
                          [root@k8scloude1 safe]# kubectl get secrets -n kubernetes-dashboard
NAME                               TYPE                                  DATA   AGE
default-token-dxmmt                kubernetes.io/service-account-token   3      11m
kubernetes-dashboard-certs         Opaque                                0      11m
kubernetes-dashboard-csrf          Opaque                                1      11m
kubernetes-dashboard-key-holder    Opaque                                2      11m
kubernetes-dashboard-token-26pf9   kubernetes.io/service-account-token   3      11m

                        
                      

因为dashboard是以sa账号kubernetes-dashboard运行的,所需的token就在对应的secret里.

                        
                          [root@k8scloude1 safe]# kubectl get sa -n kubernetes-dashboard
NAME                   SECRETS   AGE
default                1         14m
kubernetes-dashboard   1         14m

                        
                      

查看kubernetes-dashboard-token-26pf9的描述信息,如下token就是dashboard登录所需的token.

                        
                          [root@k8scloude1 safe]# kubectl describe secrets kubernetes-dashboard-token-26pf9 -n kubernetes-dashboard
Name:         kubernetes-dashboard-token-26pf9
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: ab3eeadd-eea3-4ab5-9ef5-d3d592a1d272

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InJJaUNYYXpKanA2Qkg4SW4yemE1MVM4MTJxeXpVbV9sQkk5RF9CaVpLZlEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi0yNnBmOSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImFiM2VlYWRkLWVlYTMtNGFiNS05ZWY1LWQzZDU5MmExZDI3MiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.j11A6AmYaY1YKKxHXTF8zlzf21UYkBYW_QTSVtGr_G0ERZDlYyXbrxMWBGdByTNboptgjFRx-rfqKDE3S_zQKSYPbJvuch3sn4Tg8kD4j1aMWK6Kd5un5MUGYLTPs-HyzPgcfAEqRszlkDTSfEkss721lcqAyWpFcVl6RZLA22fOn1m27Qlsa3Sr8aS8GsvMxGVvEjeEtXhJujvF_U73G7QSy26Iz9uWtcZ6EfaMsyXasiUXkcOfVqiMGrbC29H3PvaGA5J5vrwdaPaxc6DQbhJG67jICve22tWH8Iu_Li9UsqFZnQUxLL6rOO2Pwa8vgakSqqT5hA6CWqAYNe1ttA

                        
                      

输入token之后成功登录dashboard.

image-20230626113031479

5.2 对sa账号kubernetes-dashboard授权

此时发现什么资源都没有 。

image-20230626113125083

查看报错信息,发现是没有权限.

image-20230626113157957

对sa账号kubernetes-dashboard绑定cluster-admin权限,授予管理员权限,关于授权的详细信息,请查看博客《 Kubernetes(k8s)访问控制:权限管理之RBAC鉴权 》.

对sa账号kubernetes-dashboard绑定cluster-admin权限,--serviceaccount的语法为:--serviceaccount=namespace名:sa账号.

                        
                          [root@k8scloude1 safe]# kubectl create clusterrolebinding dashboardcrbinding --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashboardcrbinding created

                        
                      

授权之后,刷新浏览器,报错消失.

image-20230626113341136

5.3 访问Dashboard

点击关于,查看dashboard版本.

image-20230626113425146

此时,首页能看到相关信息了,点击命名空间,可以看到所有的命名空间了.

image-20230626113505290

可以选择命名空间查看相关pod.

image-20230626113908555

点击+可以创建资源,把yaml文件粘贴进去,然后点击上传,就可以创建资源了.

image-20230626113952056

六.总结

本篇博客介绍了如何部署和访问Kubernetes仪表板。通过安装仪表板,您可以方便地管理和监控Kubernetes集群,并进行诊断和调试操作.

Kubernetes仪表板提供了直观的用户界面,使您能够更轻松地执行集群管理任务和应用程序配置.

七.附加信息

  • Kubernetes仪表板对于展示和管理集群中的资源非常有用,但在生产环境中要小心谨慎地使用,并且合理限制访问权限。
  • 建议在部署仪表板之前了解和熟悉Kubernetes的基本概念和操作,以便更好地利用仪表板进行管理和监控。
  • 请确保您的Kubernetes版本与本文档中提到的版本匹配,以避免可能的不兼容性问题。

最后此篇关于Kubernetes(k8s)Web-UI界面(一):部署和访问仪表板(Dashboard)的文章就讲到这里了,如果你想了解更多关于Kubernetes(k8s)Web-UI界面(一):部署和访问仪表板(Dashboard)的内容请搜索CFSDN的文章或继续浏览相关文章,希望大家以后支持我的博客! 。

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com