k8s 默認沒有 web 管理頁面,可以通過安裝呢 Dashboard 來增加一個管理界面
下載 Dashboard yaml 文件
$ wget http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml
--2019-05-06 09:32:11-- http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml
正在解析主機 pencil-file.oss-cn-hangzhou.aliyuncs.com (pencil-file.oss-cn-hangzhou.aliyuncs.com)... 47.110.177.83
正在連接 pencil-file.oss-cn-hangzhou.aliyuncs.com (pencil-file.oss-cn-hangzhou.aliyuncs.com)|47.110.177.83|:80... 已連接。
已發出 HTTP 請求,正在等待迴應... 200 OK
長度:4577 (4.5K) [application/octet-stream]
正在保存至: “kubernetes-dashboard.yaml”
100%[=================================================================================================================================================================>] 4,577 --.-K/s 用時 0.001s
2019-05-06 09:32:11 (7.07 MB/s) - 已保存 “kubernetes-dashboard.yaml” [4577/4577])
✨打開下載的文件添加一項:type: NodePort
,暴露出去 Dashboard 端口,方便外部訪問。
......
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort # 新增
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
......
部署
$ kubectl create -f kubernetes-dashboard.yaml
$ kubectl get pods --all-namespaces -o wide | grep dashboard
kube-system kubernetes-dashboard-5f7b999d65-h96kl 1/1 Running 1 23h 10.244.0.7 k8s-master <none> <none>
✨這裏部署可能存在一個問題,在 yaml 文件 kubernetes-dashboard.yaml
中拉取了一個鏡像 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
,沒有配置 docker 代理網絡的可能拉取不下來,這裏提供下載,使用 docker load
一下即可。
還需要修改文件裏面的鏡像拉取方式如下:
......
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
imagePullPolicy: IfNotPresent
......
創建簡單用戶
創建服務賬號和集羣角色綁定配置文件
創建 dashboard-adminuser.yaml
文件,加入以下內容:
$ vim dashboard-adminuser.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
創建用戶和角色綁定
$ kubectl apply -f dashboard-adminuser.yaml
查看 Token
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-admin-token | awk '{print $1}')
Name: kubernetes-dashboard-admin-token-kprvh
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard-admin
kubernetes.io/service-account.uid: a3f1c6f1-6a29-11e9-b485-001c42296049
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi1rcHJ2aCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImEzZjFjNmYxLTZhMjktMTFlOS1iNDg1LTAwMWM0MjI5NjA0OSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.k_cdBaDqjKRjPyP5Z8L5UDlvkLztVe8TiudfcmdRJyB4K8PBprx1io1UvJdjb3gFRaV4D3g-OPRzudtc_bJhqBoUeOAZs_kmrytrmix-pvTI8ObF9bVcN8dokEiKgSuBinWN37SPicHeL4CRzdmUYMuB3Q8uewZq5SaFCegIf9l_C_441EV7pZHY5m5AHnFZhdK0wKWLMkq-nGxJ-gTKCl5IsrQwuliP23UXlGi0HGQqLwWiFMLClK-bDYoBU54v5Iwo4HXNnQwNXJeuxSKYCi3KrsAlDgWw_I6dR69mk0OALllNglhfkiuMTdQUdHW2PgqjESLKkbqtpVNi7toyCw
✨保留 token
內容。
登錄 Dashboard
- 查看 Dashboard 端口號
$ kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 8d
kubernetes-dashboard NodePort 10.98.135.11 <none> 443:31135/TCP 7d10h
- 訪問 Dashboard
選擇令牌,並輸入上文中保留的 token 即可登錄