需求
基於網頁查看Kubernetes 用戶管理界面node
安裝步驟
在控制面板節點部署dashboradgit
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
放開外網端口映射
若是須要外網訪問,須要使用NodePort的方式對外暴露端口,不能使用
kubectl proxy的方式,由於該方式只能經過http訪問,非本地環境沒法正常登陸,在這裏折騰了好幾個小時,主要仍是沒有一字一句看官方文檔。github
更改原文件type: ClusterIP 爲type: NodePort 後保存web
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
...
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "343478"
selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
uid: 8e48f478-993d-11e7-87e0-901b0e532516
spec:
clusterIP: 10.100.124.90
externalTrafficPolicy: Cluster
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
下一步獲取nodeport對外開放的https端口,注意這裏爲32443端口
kubectl -n kubernetes-dashboard get service kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes-dashboard NodePort 10.98.33.83 <none> 443:32443/TCP 77m
同時啓動監控指標收集服務,否則會dashborad沒法展現數據圖表
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
而後就能夠訪問下面的地址api
https://<master-ip>:<nodePort> bash
訪問上面的地址會出現登陸的界面,以下圖:session
這裏選擇使用token登陸app
建立dashboard對應的admin帳戶測試
touch dashboard-admin.yml vi dashboard-admin.yml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
kubectl apply -f dashboard-admin.yml
而後經過以下命令獲取登陸的tokenui
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-5j9gg
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 8b1c0aa8-9ee1-4c06-a983-6cc8ebecf8b2
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Im5BZWtISUdnVnloMDJiRjdLZ0pJdTMxNXZ2YTdtY2U2Z0p3QURlblFnSEEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTVqOWdnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbbWluLXVzZXIiLCJrddWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4YjFjMGFhOC05ZWUxLTRjMDYtYTk4My02Y2M4ZWJlY2Y4YjIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.C4Ma3tp6GdMCusjPEaQNqm_92-PEEm02-68OvsMq1eExPvMZxYYrvmwSWwOnJIps5mL2BEu1XqchsWlNFYpawe5HIk_zrimfff-NpwVRqxu0qPt0MxN0KzVgMm5hOaOYKYJW0zz1mpFZI8-uvqdDzwJGFan7vLH1KTCUt5gTHlv-KJyYa6zmE2QKl0-IATcesCF0sU51K2F5NeSU9dvE9hJ92mcETuGwXsuPo5aPSu-1yi1WFnaWDQrcJseXxOWREaYv0o-9swCZOYYBdNy7G4h6xB6cWxUD7C5Un4lB-5VaBqD0D_hS5Cwh3S5ETKYikag6-tB_sOdG7w-KuONicQ
取上圖的token字段粘貼進登陸界面便可。
注意,有的文章會寫此方式獲取到的token還須要進行base64解密,多是由於版本緣由,本人測試是能夠直接複製後進行登陸的
登陸成功後界面如圖
終於裝好了,踩了很多坑,主要仍是不熟悉。後面切記認真仔細閱讀官方文檔。
參考文檔
https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/dashboard
https://github.com/kubernetes-sigs/metrics-server
https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/1.7.x-and-above.md