[云原生专题-28]:K8S - Kubernetes(K8S)Master集群构建与安装过程详细解读 - Dashboard的安装与访问
Posted 文火冰糖的硅基工坊
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[云原生专题-28]:K8S - Kubernetes(K8S)Master集群构建与安装过程详细解读 - Dashboard的安装与访问相关的知识,希望对你有一定的参考价值。
作者主页(文火冰糖的硅基工坊):文火冰糖(王文兵)的博客_文火冰糖的硅基工坊_CSDN博客
本文网址: https://blog.csdn.net/HiWangWenBing/article/details/122788745
目录
第1章 Dashboard概述
K8S Dashboard是官方的一个基于WEB的用户界面,专门用来管理K8S集群,并可展示集群的状态。
K8S集群安装好后默认没有包含Dashboard,我们需要额外创建它。
Dashboard与kubeadm与kubectl一并完成对K8S集群的操作、维护、管理(OAM)
第2章 安装前置条件
K8S Dashboard只适合安装在manager节点。
第3章 Dashboard的安装
(1)官方一步安装命令
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
问题:无法远程访问远程的配置文件。
因此需要手工下载配置文件到云服务器上。
(2) 用IE打开配置文件
https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
(3)在本地创建配置文件
$ cd ~
$ touch recommended.yaml
vi recommended.yaml
cat recommended.yaml
(4)手工下载dashboard镜像
$ docker pull kubernetes-dashboard-amd64
(5)Dashboard的安装
[root@k8s-master1 ~]# kubectl apply -f ./recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
(6)dashboard是以pod服务的形式存在的,参看pod的运行情况
[root@k8s-master1 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-6d8c4cb4d-6cts2 0/1 ContainerCreating 0 107m
kube-system coredns-6d8c4cb4d-w6x5k 0/1 ContainerCreating 0 107m
kube-system etcd-k8s-master1 1/1 Running 0 108m
kube-system kube-apiserver-k8s-master1 1/1 Running 29 108m
kube-system kube-controller-manager-k8s-master1 1/1 Running 0 108m
kube-system kube-proxy-5wrkx 1/1 Running 0 107m
kube-system kube-scheduler-k8s-master1 1/1 Running 0 108m
kubernetes-dashboard dashboard-metrics-scraper-799d786dbf-88c2w 0/1 ContainerCreating 0 10m
kubernetes-dashboard kubernetes-dashboard-546cbc58cd-292dr 0/1 ContainerCreating 0 10m
服务所在的容器正在创建过程中...........等待,直处于running状态.
[root@k8s-master1 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-566dc76669-stvkr 1/1 Running 0 104s
kube-system calico-node-fz7s6 1/1 Running 0 104s
kube-system coredns-6d8c4cb4d-6cts2 1/1 Running 0 118m
kube-system coredns-6d8c4cb4d-w6x5k 1/1 Running 0 118m
kube-system etcd-k8s-master1 1/1 Running 1 (9m19s ago) 118m
kube-system kube-apiserver-k8s-master1 1/1 Running 30 (9m9s ago) 118m
kube-system kube-controller-manager-k8s-master1 1/1 Running 1 (9m19s ago) 118m
kube-system kube-proxy-5wrkx 1/1 Running 1 (9m19s ago) 118m
kube-system kube-scheduler-k8s-master1 1/1 Running 1 (9m19s ago) 118m
kubernetes-dashboard dashboard-metrics-scraper-799d786dbf-88c2w 1/1 Running 0 20m
kubernetes-dashboard kubernetes-dashboard-546cbc58cd-292dr 1/1 Running 0 20m
kubernetes-dashboard安装成功!!!!
第4章 Dashboard的访问
根据官方文档,目前访问Dashboard有四种方式:
- NodePort:通过任意以节点的IP地址和端口号访问。
- API Server:
- kubectl proxy
- Ingress
4.1 NodePort访问
(1)设置NodePort访问方式
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
ClusterIP -> NodePort
ClusterIP与NodePort的区别是:
ClusterIP是对外提供一个统一的IP地址,使用统一的集群IP地址访问。
NodePort把每个Node的IP地址都暴露出去,使用Node自身的公网地址访问。
(2)获得NodePort的端口号
[root@k8s-master1 ~]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.1.0.1 <none> 443/TCP 3h14m
kube-system kube-dns ClusterIP 10.1.0.10 <none> 53/UDP,53/TCP,9153/TCP 3h14m
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.1.253.40 <none> 8000/TCP 96m
kubernetes-dashboard kubernetes-dashboard NodePort 10.1.176.109 <none> 443:30586/TCP 96m
NodePort 10.1.176.109 <none> 443:30586/TCP 96m
10.1.176.109: 集群内部服务的IP地址
443:集群内部服务的端口号
30586: 对外暴露的端口号
IP: 每个节点的IP地址。
(3)在云服务器上的安全组中开放30586端口号。
(4)为远程Web访问创建账号
cat > /root/dashboard-usr.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
EOF
[root@k8s-master1 ~]# kubectl apply -f dashboard-usr.yaml
serviceaccount/kubernetes-dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-admin created
(5)获得远程访问的令牌Token
kubectl get secret -n kube-system |grep dashboard
kubernetes-dashboard-admin-token-8lmm7 kubernetes.io/service-account-token 3 5m19s
[root@k8s-master1 ~]# kubectl -n kube-system describe secrets kubernetes-dashboard-admin-token-8lmm7
Name: kubernetes-dashboard-admin-token-8lmm7
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard-admin
kubernetes.io/service-account.uid: 8ad90e41-949d-4085-9c8c-31ae6e3c8756
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdhcHBrRU1TUTJlb0NvM0YtYThIQWRZT01mVTR4X3RfZHhzQnQxODQ0UmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi04bG1tNyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhhZDkwZTQxLTk0OWQtNDA4NS05YzhjLTMxYWU2ZTNjODc1NiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.IyigMqSGjlmAaJyBxnylTWtsxXRPzJ2URrKSsJ9_RroY_0VY6fcMmxL253Tv9uAq_0E4-lZFKgdnMPktfiMaSBQ_g9JfIrjBQUKzCq-Yo5vaycVfFn9K0xPvl4iWjy4O3KNSMGibLXFLHHSoHiHNEht2YlqXw0UNNXrrVaunUWTGxlEWkNFiUB06I-EoGB5MIAzbraYq7Akr_MfRJU4RSP7tieGL-lgk17HfciuSV7bvDjL9ZfnWj5oSTjv35wis5nCxAGPrP1sUbRhvwhDyOFqmHr1sxLFnnsYb4YM0P9dYbUrrU5qywp8iGAuv87e-I7Zwap4iXY9b-nUvt2S8qA
(6)通过集群中的任意端口的公网IP+端口号+令牌访问Dashboard
https://47.99.96.250:30586/
忽略警告,继续访问:
为了安全起见,dashboard采用HTTPS访问,需要提供一个TokenID访问。
选中全部命名空间:
第5章 Dashboard的使用
至此,我们已经创建了K8的集群,并且创建了图形化的管理界面集群进行管理。
后续就可以进行实际微服务的创建和业务的运营和管理了。
作者主页(文火冰糖的硅基工坊):文火冰糖(王文兵)的博客_文火冰糖的硅基工坊_CSDN博客
本文网址:https://blog.csdn.net/HiWangWenBing/article/details/122788745
以上是关于[云原生专题-28]:K8S - Kubernetes(K8S)Master集群构建与安装过程详细解读 - Dashboard的安装与访问的主要内容,如果未能解决你的问题,请参考以下文章
[云原生专题-29]:K8S - 核心概念 - 名字空间/命名空间概念详解与主要操作案例
[云原生专题-23]:K8S - Kubernetes(K8S)整体概述与组件架构通俗讲解
[云原生专题-46]:Kubesphere云治理-安装-在K8S的基础之上快速安装
[云原生专题-22]:K8S - 集群编排工具K8S与SWARM比较与技术选择