部署和访问 Kubernetes Dashboard

上张贴chenjie发表回复
内容 隐藏
1 部署
2 NodePort
3 Token
3.1 创建Service Account
3.2 创建ClusterRoleBinding
3.3 获取Bearer Token
4 参考链接

部署

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

检查pod运行状态

kubectl get pod -n kubernetes-dashboard 

NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7c857855d9-66qrz   1/1     Running   0          30s
kubernetes-dashboard-658b66597c-7qlv5        1/1     Running   0          30s

NodePort

在开发测试环境可使用NodePort方式简化访问,修改kubernetes-dashboard 服务的类型。

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

type: ClusterIP 修改为 type: NodePort 并保存。

获取服务端口号,此处为32568,后续可以使用https://nodeip:32568 访问dashboard。

kubectl get svc -n kubernetes-dashboard 

NAME                        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.233.59.89   <none>        8000/TCP        7m16s
kubernetes-dashboard        NodePort    10.233.62.18   <none>        443:32568/TCP   7m16s

Token

访问dashboard 需要token 或者kubeconfig ,这里以token为例,实际上token 的获取需要有对应的service account 和对应的授权绑定。

创建Service Account

#sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

执行

kubectl apply -f sa.yaml

创建ClusterRoleBinding

如果是使用kops、kubeadm等主流工具部署的kubernetes集群,默认已经创建 ClusterRole cluster-admin ,这里只需要创建一个 ClusterRoleBinding 来对权限和sa 进行绑定即可。

#binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

执行

kubectl apply -f binding.yaml

获取Bearer Token

kubectl get secret -n kubernetes-dashboard 

NAME                               TYPE                                  DATA   AGE
admin-user-token-xc48r             kubernetes.io/service-account-token   3      5m29s
kubectl get secret admin-user-token-xc48r -n kubernetes-dashboard -o jsonpath={".data.token"}|base64 -d

eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1GejJEa1hNM3kxNUFWN2lGamhKUFo1amhFdFFnbEtBakI5TFFoSVFaXzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXhjNDhyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0ZjlmNDMyZC1jOWZiLTQ0NjktYmY1Zi0zMjA0NTMzNGQ3ZjQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.ll_ttKoaazmbbGD3DOqAvMrpEMck00JCWdbF1i5vEcfrcCFMBrP2vU3BbKumlFDkl70CH-GYepcl5gUeaFu5V4kOJx5U4kYKqbc-rRcxKCz51JJ9WsESSCuRktinUEOkZVx0qlqntLvzV2wSpc5BZXtvPd5NWaFSmNdOlHUZ7yJFGjYR9dEI4T6JlOZmqQ9B6Z05VU0f9lRJRzpwg0rOSlN_a9XOecOGuQOiqM5ojQbp8vIjl-JiTnyyBDbip9ZM3afEog7KL2FEwLCWU4G7RZkzNHn6BgIgWQf3jyCgL0ddEdSGHASpRvkKlA6-1dZEhcIaobTTdVxqJJEBj5TlpA

把上面这一串编码输入dashboard 的登录框即可

参考链接

  1. https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/
  2. https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
  3. https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据