目录
一.系统环境
本文主要基于Kubernetes1.21.9和Linux操作系统CentOS7.4。
| 服务器版本 | dashboard版本 | docker软件版本 | Kubernetes(k8s)集群版本 | CPU架构 |
|---|---|---|---|---|
| CentOS Linux release 7.4.1708 (Core) | v2.5.1 | Docker version 20.10.12 | v1.21.9 | x86_64 |
Kubernetes集群架构:k8scloude1作为master节点,k8scloude2,k8scloude3作为worker节点。
| 服务器 | 操作系统版本 | CPU架构 | 进程 | 功能描述 |
|---|---|---|---|---|
| k8scloude1/192.168.110.130 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kube-apiserver,etcd,kube-scheduler,kube-controller-manager,kubelet,kube-proxy,coredns,calico | k8s master节点 |
| k8scloude2/192.168.110.129 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
| k8scloude3/192.168.110.128 | CentOS Linux release 7.4.1708 (Core) | x86_64 | docker,kubelet,kube-proxy,calico | k8s worker节点 |
二.前言
Kubernetes仪表板(Dashboard)是一个基于Web的用户界面,用于可视化监控和管理Kubernetes集群。它提供了对集群资源、应用程序部署和状态等信息的实时查看和操作。
使用Kubernetes仪表板(Dashboard)的前提是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》https://www.cnblogs.com/renshengdezheli/p/16686769.html。
三.仪表板(Dashboard)简介
Kubernetes仪表板是一个功能强大的工具,它允许您以图形化方式管理Kubernetes集群。通过仪表板,您可以:
- 查看集群的总体概况、节点状态和资源使用情况。
- 管理和监控Pod、Deployment、Service等Kubernetes对象。
- 进行应用程序的故障诊断和调试。
- 创建和编辑Deployment、Service、Ingress等资源配置。
了解了仪表板的基本功能后,让我们开始部署和访问Kubernetes仪表板。
四.部署Kubernetes仪表板(Dashboard)
本次部署的是2.5.1版本的dashboard,下载dashboard的安装yaml文件。
[root@k8scloude1 safe]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
[root@k8scloude1 safe]# ls recommended.yaml
recommended.yaml
查看dashboard需要的镜像。
[root@k8scloude1 safe]# grep image recommended.yaml
image: kubernetesui/dashboard:v2.5.1
imagePullPolicy: Always
image: kubernetesui/metrics-scraper:v1.0.7
提前在所有节点下载dashboard镜像和metrics-scraper镜像,外国的镜像下载不下来,我们下载阿里云的镜像。
在k8scloude1节点下载镜像。
[root@k8scloude1 safe]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
v1.0.7: Pulling from google_containers/metrics-scraper
18dd5eddb60d: Pull complete
1930c20668a8: Pull complete
Digest: sha256:36d5b3f60e1a144cc5ada820910535074bdf5cf73fb70d1ff1681537eef4e172
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
[root@k8scloude1 safe]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
v2.5.1: Pulling from google_containers/dashboard
d1d01ae59b08: Pull complete
a25bff2a339f: Pull complete
Digest: sha256:cc746e7a0b1eec0db01cbabbb6386b23d7af97e79fa9e36bb883a95b7eb96fe2
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
[root@k8scloude1 safe]# docker images | egrep 'dashboard|metrics-scraper'
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard v2.5.1 7fff914c4a61 10 days ago 243MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper v1.0.7 7801cfc6d5c0 9 months ago 34.4MB
kubernetes集群的worker节点也下载相关镜像。
[root@k8scloude2 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
[root@k8scloude2 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
[root@k8scloude2 ~]# docker images | egrep 'dashboard|metrics-scraper'
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard v2.5.1 7fff914c4a61 10 days ago 243MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper v1.0.7 7801cfc6d5c0 9 months ago 34.4MB
[root@k8scloude3 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
[root@k8scloude3 ~]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
[root@k8scloude3 ~]# docker images | egrep 'dashboard|metrics-scraper'
registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard v2.5.1 7fff914c4a61 10 days ago 243MB
registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper v1.0.7 7801cfc6d5c0 9 months ago 34.4MB
修改yaml文件,把镜像换为我们下载好的镜像,镜像下载策略修改为imagePullPolicy: IfNotPresent。
[root@k8scloude1 safe]# vim recommended.yaml
[root@k8scloude1 safe]# grep image recommended.yaml
#image: kubernetesui/dashboard:v2.5.1
image: registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.5.1
imagePullPolicy: IfNotPresent
#image: kubernetesui/metrics-scraper:v1.0.7
image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.7
imagePullPolicy: IfNotPresent
可以发现dashboard是以sa服务账号kubernetes-dashboard运行的,关于服务账号Service Accounts详细内容,请查看博客《Kubernetes(k8s)服务账号Service Accounts》。
[root@k8scloude1 safe]# grep serviceAccountName recommended.yaml
serviceAccountName: kubernetes-dashboard
serviceAccountName: kubernetes-dashboard
安装dashboard。
[root@k8scloude1 safe]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
kubectl get all查看所有资源。
[root@k8scloude1 safe]# kubectl get all -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-7f458d9467-mrb7v 1/1 Running 0 73s
pod/kubernetes-dashboard-7bf6f979bf-c4ckm 1/1 Running 0 73s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.100.179.87 <none> 8000/TCP 73s
service/kubernetes-dashboard ClusterIP 10.106.18.67 <none> 443/TCP 73s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dashboard-metrics-scraper 1/1 1 1 73s
deployment.apps/kubernetes-dashboard 1/1 1 1 73s
NAME DESIRED CURRENT READY AGE
replicaset.apps/dashboard-metrics-scraper-7f458d9467 1 1 1 73s
replicaset.apps/kubernetes-dashboard-7bf6f979bf 1 1 1 73s
dashboard的pod都运行起来了。
[root@k8scloude1 safe]# kubectl get pod -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7f458d9467-mrb7v 1/1 Running 0 2m28s
kubernetes-dashboard-7bf6f979bf-c4ckm 1/1 Running 0 2m28s
查看svc,kubernetes-dashboard这个svc的服务发布类型为ClusterIP,外部不能访问,我们需要修改为NodePort,关于svc的详细内容,请查看博客《Kubernetes(k8s)服务service:service的发现和service的发布》。
[root@k8scloude1 safe]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.100.179.87 <none> 8000/TCP 2m48s
kubernetes-dashboard ClusterIP 10.106.18.67 <none> 443/TCP 2m48s
修改svc,把type :ClusterIP改为type: NodePort。
[root@k8scloude1 safe]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
service/kubernetes-dashboard edited
现在kubernetes-dashboard的svc类型就变为NodePort了。
[root@k8scloude1 safe]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.100.179.87 <none> 8000/TCP 5m40s
kubernetes-dashboard NodePort 10.106.18.67 <none> 443:31997/TCP 5m40s
五.访问Kubernetes仪表板(Dashboard)
5.1 使用token登录Dashboard
浏览器访问ip:31997即可访问dashboard界面(注意http访问不了),访问https://192.168.110.130:31997/,选择使用token登录。
登录Dashboard的这个token,去对应的sa账号kubernetes-dashboard的secret里找。
每创建一个sa,都会有一个对应的secret(secret命名格式为:sa名-tokenXXXX)。
[root@k8scloude1 safe]# kubectl get secrets -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-dxmmt kubernetes.io/service-account-token 3 11m
kubernetes-dashboard-certs Opaque 0 11m
kubernetes-dashboard-csrf Opaque 1 11m
kubernetes-dashboard-key-holder Opaque 2 11m
kubernetes-dashboard-token-26pf9 kubernetes.io/service-account-token 3 11m
因为dashboard是以sa账号kubernetes-dashboard运行的,所需的token就在对应的secret里。
[root@k8scloude1 safe]# kubectl get sa -n kubernetes-dashboard
NAME SECRETS AGE
default 1 14m
kubernetes-dashboard 1 14m
查看kubernetes-dashboard-token-26pf9的描述信息,如下token就是dashboard登录所需的token。
[root@k8scloude1 safe]# kubectl describe secrets kubernetes-dashboard-token-26pf9 -n kubernetes-dashboard
Name: kubernetes-dashboard-token-26pf9
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: ab3eeadd-eea3-4ab5-9ef5-d3d592a1d272
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InJJaUNYYXpKanA2Qkg4SW4yemE1MVM4MTJxeXpVbV9sQkk5RF9CaVpLZlEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi0yNnBmOSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImFiM2VlYWRkLWVlYTMtNGFiNS05ZWY1LWQzZDU5MmExZDI3MiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.j11A6AmYaY1YKKxHXTF8zlzf21UYkBYW_QTSVtGr_G0ERZDlYyXbrxMWBGdByTNboptgjFRx-rfqKDE3S_zQKSYPbJvuch3sn4Tg8kD4j1aMWK6Kd5un5MUGYLTPs-HyzPgcfAEqRszlkDTSfEkss721lcqAyWpFcVl6RZLA22fOn1m27Qlsa3Sr8aS8GsvMxGVvEjeEtXhJujvF_U73G7QSy26Iz9uWtcZ6EfaMsyXasiUXkcOfVqiMGrbC29H3PvaGA5J5vrwdaPaxc6DQbhJG67jICve22tWH8Iu_Li9UsqFZnQUxLL6rOO2Pwa8vgakSqqT5hA6CWqAYNe1ttA
输入token之后成功登录dashboard。
5.2 对sa账号kubernetes-dashboard授权
此时发现什么资源都没有
查看报错信息,发现是没有权限。
对sa账号kubernetes-dashboard绑定cluster-admin权限,授予管理员权限,关于授权的详细信息,请查看博客《Kubernetes(k8s)访问控制:权限管理之RBAC鉴权》。
对sa账号kubernetes-dashboard绑定cluster-admin权限,--serviceaccount的语法为:--serviceaccount=namespace名:sa账号。
[root@k8scloude1 safe]# kubectl create clusterrolebinding dashboardcrbinding --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashboardcrbinding created
授权之后,刷新浏览器,报错消失。
5.3 访问Dashboard
点击关于,查看dashboard版本。
此时,首页能看到相关信息了,点击命名空间,可以看到所有的命名空间了。
可以选择命名空间查看相关pod。
点击+可以创建资源,把yaml文件粘贴进去,然后点击上传,就可以创建资源了。
六.总结
本篇博客介绍了如何部署和访问Kubernetes仪表板。通过安装仪表板,您可以方便地管理和监控Kubernetes集群,并进行诊断和调试操作。
Kubernetes仪表板提供了直观的用户界面,使您能够更轻松地执行集群管理任务和应用程序配置。
七.附加信息
- Kubernetes仪表板对于展示和管理集群中的资源非常有用,但在生产环境中要小心谨慎地使用,并且合理限制访问权限。
- 建议在部署仪表板之前了解和熟悉Kubernetes的基本概念和操作,以便更好地利用仪表板进行管理和监控。
- 请确保您的Kubernetes版本与本文档中提到的版本匹配,以避免可能的不兼容性问题。