實踐環境
CentOS-7-x86_64-DVD-1810
Docker 19.03.9
Kubernetes version: v1.20.5
發布Dashboard
可以通過運行以下命令部署Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
實踐如下
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
訪問Dashboard UI
為了保護你的集群資料,默認情況下,Dashboard 會使用最少的 RBAC 配置進行部署, 當前,Dashboard 僅支持使用 Bearer 令牌登錄,
為演示樣本創建登錄Token
當前目錄下新建 dashboard-adminuser.yaml(檔案名稱可自定義,執行命令時指定正確填寫對應檔案名稱即可,下同不再贅述),內容如下
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
運行以下命令,根據上述組態檔創建名為admin-user,歸屬名稱空間為kubernetes-dashboard的服務帳號
# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
新建 dashboard-cluster-role-binding.yaml,內容如下
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
備注:多數情況下,使用kops、kubeadm、或其它流行工具配置好集群后,ClusterRole cluster-admin自動創建了,如果不存在,需要先手工創建,并授予必要權限,
運行以下命令,根據上述組態檔為服務賬號創建ClusterRoleBinding,
# kubectl apply -f dashboard-cluster-role-binding.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
運行以下命令獲取Bear Token
# kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6ImhmajhXejRnVlFaR1huTnhESGZlQlpVQlZiQ0JqbG5UU19CS05TQktnV3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWNrdjVyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzZmMxMGQ5Yi1mMmE4LTQ0YjMtYmIxNC1iNWM0ODEyMjM2NGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JXtlllOrXidMnUTOJt2Z8jkQctULLn0rlb0FwpTfjwcmZm9VknpYjUiek3C_1ddeptt6XanIwXQV58ZHNZ5qgImutZ1Tt9u5Nn25pFWNvcUsyeh_HSrebfOJUBQzj7c_3gC1VKQMSEiR8_d6b8dJBdtaYoQdhwyNciHqFkWyLkCZ5jD7DjOSQfFAQgqIf5ozLxFQiJXabCjagEnCO7nF2esGvlZLu1WiuE0TgR5cDFi2bLln7CTbSB75J96SEyrBsTG9-fp7ay5dH84do94obKo3zn-L1-GySMoj_2tPHcnCajXTpovdylot4wieHpvU26Ss1DsdkMvl8jVf9kO4pg[root@localhost ~]#
參考連接
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
命令列代理
可以使用kubectl命令列工具訪問Dashboard,如下:
# kubectl proxy
上述命令執行成功后,可通過以下鏈接訪問Dashboard,不過需要特別注意的是,該鏈接僅支持從運行上述命令的機器進行訪問,即不可遠程訪問,
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
實踐時,筆者嘗試增加引數運行上述命令,如下,這樣雖然可以解決不能遠程訪問的問題,但是依舊存在問題:點擊登錄,不跳轉,
# kubectl proxy --address=10.118.80.93 --accept-hosts='^*$'
注意:如果不加 --accept-hosts,訪問上述鏈接時,會提示 Forbidden
最終解決方案如下:
1、在安裝了dashboard的結點機上運行以下命令
# kubectl port-forward --namespace kubernetes-dashboard --address 0.0.0.0 service/kubernetes-dashboard 443
Forwarding from 0.0.0.0:443 -> 8443
Handling connection for 443
Handling connection for 443
2、通過https://node_ip鏈接進行訪問,其中node_ip為上述結點機的ip地址,如下
輸入上述獲取的Token,點擊登錄,完成
注意:Token有效時間為24小時,過期需要重新生成,
清理
運行以下命令,移除用于演示的管理員服務帳號和ClusterRoleBinding
# kubectl -n kubernetes-dashboard delete serviceaccount admin-user
# kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user
參考連接
https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md
https://github.com/kubernetes/dashboard/tree/master/docs
作者:授客
QQ:1033553122
全國軟體測驗QQ交流群:7156436
Git地址:https://gitee.com/ishouke
友情提示:限于時間倉促,文中可能存在錯誤,歡迎指正、評論!
作者五行缺錢,如果覺得文章對您有幫助,請掃描下邊的二維碼打賞作者,金額隨意,您的支持將是我繼續創作的源動力,打賞后如有任何疑問,請聯系我!!!
微信打賞
支付寶打賞 全國軟體測驗交流QQ群
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/308058.html
標籤:Linux