Finology 大数据金融

通过大数据以量化金融

0%

部署Kubernetes Dashboard

发表于 更新于 分类于 阅读次数: 评论数:

在K8S v1.15.6环境下部署Kubernetes Dashboard。

查看官网

先查看Dashboard的版本,进入官网:https://github.com/kubernetes/dashboard

1
2
3
To deploy Dashboard, execute following command:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

我们在Releases页面,v1.10.1版本是不支持K8S v1.15的。就算安装上以后页面也是打不开的。

Compatibility

Kubernetes version 1.11 1.12 1.13 1.14 1.15
Compatibility ? ? ? ?

所以我们选择v2.0.0-beta4

下载yml文件

1
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml

编辑/root/k8s/dashboard/kubernetes-dashboard.yaml文件,在名为kubernetes-dashboard的Service这块,加两行。

增加type: NodePortnodePort: 30001,最终内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      noePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

安装kubernetes dashboard

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
kubectl apply -f kubernetes-dashboard.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

查看pod状态

1
2
3
4
kubectl get po -n kubernetes-dashboard
NAME                                        READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-fb986f88d-n2fkv   1/1     Running   0          115s
kubernetes-dashboard-6bb65fcc49-bm676       1/1     Running   0          115s

验证

这时,使用Firefox浏览器,通过https://<NodeIP>:30001就可以访问到页面了。

如果使用的是IE或Chrome浏览器,还是打不开的。解决方案请参考:解决Google Chrome浏览器无法打开Kubernetes(K8S) Dashboard页面

创建Dashboard管理员

创建一个ServiceAccount

1
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard

查看一下详情

1
2
3
4
5
6
7
8
9
kubectl describe sa dashboard-admin -n kubernetes-dashboard
Name:                dashboard-admin
Namespace:           kubernetes-dashboard
Labels:              <none>
Annotations:         <none>
Image pull secrets:  <none>
Mountable secrets:   dashboard-admin-token-trt79
Tokens:              dashboard-admin-token-trt79
Events:              <none>

dashboard-admin-token-trt79将成为Secret的名字。

创建Clusterrolebinding

我们可以先看看有哪些clusterrole

1
2
3
4
5
6
7
8
9
10
11
12
13
14
kubectl get clusterrole
NAME                                                                   AGE
admin                                                                  18h
cluster-admin                                                          18h
edit                                                                   18h
flannel                                                                17h
kubernetes-dashboard                                                   15h
system:aggregate-to-admin                                              18h
system:aggregate-to-edit                                               18h
system:aggregate-to-view                                               18h
system:auth-delegator                                                  18h
system:basic-user                                                      18h
system:certificates.k8s.io:certificatesigningrequests:nodeclient       18h
...

绑定

1
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin

查看一下绑定关系

1
2
3
4
5
6
7
8
9
10
11
kubectl describe  clusterrolebinding dashboard-admin
Name:         dashboard-admin
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  cluster-admin
Subjects:
  Kind            Name             Namespace
  ----            ----             ---------
  ServiceAccount  dashboard-admin  kubernetes-dashboard

获取登录Token

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
kubectl describe secret -n kubernetes-dashboard $(kubectl get secrets -n kubernetes-dashboard | awk '/dashboard-admin/{print $1}' )
Name:         dashboard-admin-token-trt79
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 084970f9-48cd-44db-8106-887ee76db771

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZ
XJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8
vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdHJ0NzkiLCJrdWJlcm5ldGVzLmlvL
3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ
2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDg0OTcwZjktNDhjZC00NGRiLTgxMDYtODg3ZWU3NmRiNzcxIiwic
3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.m1twrtEAUC
zup9vc0xVJwL3lOKwa4Pizyj4iMNoUctHKBfHD6vKO-NlxJo-jyCwvpDg-Pe8E82haUYQDu5L_HgA_Qa7xyTXSOXAwKVfcifdZ
yhAjkXJSmZCpklqnAfp91rp7iaCPow8LKTNBkvreSVGEtQO6Fta-fWeQtqdn-4FGCoXX2ICbGTp-j3MTCeE2b2PfkhKcZcaEYu
3fho2P6rFvjxH-Xp8pHl6fDDdw01IJHqSGcUmmvE-qkuEMSRkJ9x1P6mAR12w6LbEJH9C5qyq4d-P55zDHYTACsMls0elaHrHY
wAURVT2OJjLmkcW38p73uADAIYBLtuTv67phPQ

把这个token复制后,拷贝到登录Dashboard的token输入框中,就能以cluster-admin的角色成功登录了。如图:

相关文章