10.3.k8s的附加组件-图形化管理工具dashboard

目录

一、dashboard介绍

二、部署安装dashboard组件

1.下载dashboard本地文件

2.修改nodeport的端口范围

3.创建和查看dashboard

4.电脑浏览器访问测试

5.token登录方式登录dashboard

5.1.查看dashboard的token

5.2.继续查看用户token的secrets资源详细信息

5.3.复制token编码输入到页面

5.4.解决权限不足的问题

6.kubeconfig文件方式登录dashboard

6.1.编辑生成kubeconfig文件的脚本

6.2.执行脚本 

 6.3.下载oslee.conf文件并上传

6.4.登陆

三、使用dashboard

---

一、dashboard介绍

• Dashboard是k8s集群管理的一个WebUI，它是k8s的一个附加组件，所以需要单独来部署；
• 我们可以通过图形化的方法，创建、删除、修改、查询k8s资源；

二、部署安装dashboard组件

Github地址：GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters

参考链接：Release v2.5.1 · kubernetes/dashboard · GitHub

可以通过上述地址，查询对应k8s的版本，来下载对应的dashboard；

1.下载dashboard本地文件

[root@k8s1 k8s]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml

2.修改nodeport的端口范围

以前修改过的，不用修改，或者你可以不修改，而是修改recommended.yaml的文件中的svc资源的端口范围为30000-32767；

本次学习，我们不修改recommended.yaml文件，只修改k8s的svc的nodeport的端口范围；

[root@k8s1 k8s]# vim recommended.yaml
# 修改为NodePort
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 8443selector:k8s-app: kubernetes-dashboard.................................................................[root@k8s1 k8s]# vim /etc/kubernetes/manifests/kube-apiserver.yaml
# 修改NodePort范围
spec:containers:- command:- kube-apiserver#下面这一条加进去，就修改完成了；自动就会更新；稍等一会；先会崩溃；- --service-node-port-range=3000-50000- --advertise-address=192.168.1.11
.................................................................

 

3.创建和查看dashboard

[root@k8s1 k8s]# kubectl apply -f recommended.yaml
[root@k8s1 k8s]# kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-799d786dbf-gjs6w   1/1     Running   0          73s
kubernetes-dashboard-fb8648fd9-2xrkw         1/1     Running   0          73s

4.电脑浏览器访问测试

5.token登录方式登录dashboard

5.1.查看dashboard的token

# 先查看dashboard的sa用户的详细信息
# sa用户有一个token字段；这个token字段本质上也是一个secrets资源;[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe sa kubernetes-dashboard | grep Tokens
Tokens:              kubernetes-dashboard-token-qmtlx

5.2.继续查看用户token的secrets资源详细信息

# 继续查看用户token的secrets资源详细信息，就可以获取到token的详细编码信息了；
[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-qmtlx
Name:         kubernetes-dashboard-token-qmtlx
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboardkubernetes.io/service-account.uid: 50e98f92-058e-4f49-acc1-97ce5b4ae695Type:  kubernetes.io/service-account-tokenData
====
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlA5MVdSa0dFeDZ0TnlpX0E4aFhMN3RKNWw3QWkzVjNfamF3M05sQVE3T0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1xbXRseCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUwZTk4ZjkyLTA1OGUtNGY0OS1hY2MxLTk3Y2U1YjRhZTY5NSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.AT_6b51qN6Z-YjeaWwbgrNr2A_ZzbUQco028Wg5A8WKBxkF2mFd7_RKeU9virezut-dZ6YnWk4o916gc2pTA4BDsdVmDlkcVuFkqQlWtuZc4-ZC28SF9StNkDODvw0g5kzFcFnPTlov_LFqv6171vWNqWftq2YujyLLF3eQoD0mf5zwkGMi7MufQIKurT8ur_0SwOucqOm5wVsrAyD3IfpUV2BFRGeI8Xm4uflE2t9_fDMXKgvjtjL-VgTlb8ZDjSl3LbRQyCRNVSAM2z6SNDzuced0QLD0fLR79F2abevmMewtW3uCIFlDUUQzWPHPmPMGd2jPAVnCk8soEMAX9Ug
ca.crt:     1099 bytes

5.3.复制token编码输入到页面

5.4.解决权限不足的问题

显示没有权限

创建用户绑定角色

[root@k8s231 dashboard]# cat sa-dash.yaml 
#创建sa用户叫oslee
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboard# 创建一个名为"oslee"的账户name: osleenamespace: kubernetes-dashboard---
#绑定k8s集群中的最大权限的角色与oslee用户
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-oldboyedunamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.io# 既然绑定的是集群角色，那么类型也应该为"ClusterRole",而不是"Role"哟~kind: ClusterRole# 关于集群角色可以使用"kubectl get clusterrole | grep admin"进行过滤哟~name: cluster-admin
subjects:- kind: ServiceAccount# 此处要注意哈，绑定的要和我们上面的服务账户一致哟~name: osleenamespace: kubernetes-dashboard[root@k8s1 k8s]# kubectl apply -f sa-dash.yaml 
serviceaccount/oslee created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-oldboyedu created

使用新用户的token登录dashboard

[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe sa oslee | grep Tokens 
Tokens:              oslee-token-2b5bf
[root@k8s1 k8s]# kubectl -n kubernetes-dashboard describe secrets oslee-token-2b5bf
Name:         oslee-token-2b5bf
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: osleekubernetes.io/service-account.uid: e49ad3d4-08de-453a-98e9-1cde253111f5Type:  kubernetes.io/service-account-tokenData
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlA5MVdSa0dFeDZ0TnlpX0E4aFhMN3RKNWw3QWkzVjNfamF3M05sQVE3T0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJvc2xlZS10b2tlbi0yYjViZiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJvc2xlZSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImU0OWFkM2Q0LTA4ZGUtNDUzYS05OGU5LTFjZGUyNTMxMTFmNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpvc2xlZSJ9.qwVQf4hScOCT4UtOwvbiCbZt-dRvmij-XGmouaQRWXWcLzA6uuGtOmpX0KTymcYf9UdFEsBREnYwaSo1kLMgMQFDaQthlU3JEnwXd0xtuDooKbzbRKdydkJseo4bHTqLLWrnBkLSei97O-roAb4dL03Dtxo27ppHVwGd5ydj-LorjPDMcnynvlOBvCNV0rMbeQf1N1owwlRFHLGOH0kxuqN9lFVkg9Xu9HrC5bP2PMCQS17YdSQMfPxPY76sG2pBRK_Yu494Y0Aiop91SOllKiVJNT3qNpMuCbBS4IsZCh2MzIsG6V2Z3323fRV4MaHOegEdwIK6YZe2hhu-Z-9UZA

6.kubeconfig文件方式登录dashboard

6.1.编辑生成kubeconfig文件的脚本

[root@k8s1 k8s]# vi kc.sh
#!/bin/bash#用户token的变量
oslee_TOKEN="eyJhbGciOiJSUzI1NiIsImtpZCI6IlA5MVdSa0dFeDZ0TnlpX0E4aFhMN3RKNWw3QWkzVjNfamF3M05sQVE3T0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJvc2xlZS10b2tlbi0yYjViZiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJvc2xlZSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImU0OWFkM2Q0LTA4ZGUtNDUzYS05OGU5LTFjZGUyNTMxMTFmNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpvc2xlZSJ9.qwVQf4hScOCT4UtOwvbiCbZt-dRvmij-XGmouaQRWXWcLzA6uuGtOmpX0KTymcYf9UdFEsBREnYwaSo1kLMgMQFDaQthlU3JEnwXd0xtuDooKbzbRKdydkJseo4bHTqLLWrnBkLSei97O-roAb4dL03Dtxo27ppHVwGd5ydj-LorjPDMcnynvlOBvCNV0rMbeQf1N1owwlRFHLGOH0kxuqN9lFVkg9Xu9HrC5bP2PMCQS17YdSQMfPxPY76sG2pBRK_Yu494Y0Aiop91SOllKiVJNT3qNpMuCbBS4IsZCh2MzIsG6V2Z3323fRV4MaHOegEdwIK6YZe2hhu-Z-9UZA"#设置集群
kubectl config set-cluster     oslee-cluster --server=https://192.168.1.11:6443 --kubeconfig=oslee.conf#设置客户端
kubectl config set-credentials oslee-client  --token=${oslee_TOKEN} --kubeconfig=oslee.conf#集群结合客户端
kubectl config set-context     oslee-user    --cluster=oslee-cluster --user=oslee-client --kubeconfig=oslee.conf#声明使用上下文生成kubeconfig文件
kubectl config use-context oslee-user --kubeconfig=oslee.conf

6.2.执行脚本 

# 执行脚本
[root@k8s1 k8s]# sh kc.sh 
Cluster "oslee-cluster" set.
User "oslee-client" set.
Context "oslee-user" created.
Switched to context "oslee-user".

 6.3.下载oslee.conf文件并上传

6.4.登陆

三、使用dashboard

===============================至此，已成艺术==============================