K8S/K3S 安装 Dashboard(Web UI)

Dashboard 是一个基于 Web 的 Kubernetes 用户界面。
k8sk3s 安装 Dashboard 方法完全一样,本示例使用的是 k3s 的 v1.23,当前 Dashboard 最新版本是 v2.5.1,兼容 k8s/k3s v1.23版本,具体去这里查看对应的版本 GitHUB 上 kubernetes/dashboard 项目版本
注意:本示例中的k3s kubectl命令设置了别名:kubectl='k3s kubectl',对于没有设置别名的k3s环境,请在下文中的所有kubectl命令前加上k3s;对于k8s环境,直接粘贴下文命令即可。

1. 部署 Kubernetes Dashboard

  1. 下载yaml文件

    # wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml

  2. 编辑yaml文件:默认的yaml文件中 Dashboard 服务类型是ClusterIP,ClusterIP只能在集群内部访问,不能使用外部浏览器访问,我们可以选择将"ClusterIP"改为"NodePort"或"LoadBalancer",也可以使用ingress做代理,本示例选择使用LoadBalancer

    # vim recommended.yaml
    ....
    kind: Service
    apiVersion: v1
    metadata:
     labels:
       k8s-app: kubernetes-dashboard
     name: kubernetes-dashboard
     namespace: kubernetes-dashboard
    spec:
     type: LoadBalancer                   # 新增,缺省情况下type默认是ClusterIP,我们这里指定type位LoadBalancer
     loadBalancerIP: 192.168.1.207        # 设置外部ip,此ip需要能够在宿主机使用
     ports:
       - port: 443
         targetPort: 8443
     selector:
       k8s-app: kubernetes-dashboard
  3. 部署,建议使用 apply 参数创建,而非 create 参数创建

    # kubectl apply -f recommended.yaml
    namespace/kubernetes-dashboard created
    serviceaccount/kubernetes-dashboard created
    service/kubernetes-dashboard created
    secret/kubernetes-dashboard-certs created
    secret/kubernetes-dashboard-csrf created
    secret/kubernetes-dashboard-key-holder created
    configmap/kubernetes-dashboard-settings created
    role.rbac.authorization.k8s.io/kubernetes-dashboard created
    clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
    rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
    clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
    deployment.apps/kubernetes-dashboard created
    service/dashboard-metrics-scraper created
    deployment.apps/dashboard-metrics-scraper created
  4. 查看namespace名为kubernetes-dashboard下的服务,外部浏览器可以使用"https://EXTERNAL-IP:PORT(S)"访问,本示例为"https://192.168.1.207",但想要访问 dashboard 服务,还需要有访问权限,即需要创建kubernetes-dashboard管理员角色

    # kubectl get -n kubernetes-dashboard svc
    NAME                        TYPE           CLUSTER-IP       EXTERNAL-IP       PORT(S)         AGE
    dashboard-metrics-scraper   ClusterIP      172.17.219.162               8000/TCP        3m21s
    kubernetes-dashboard        LoadBalancer   172.17.125.238   192.168.1.207     443:22757/TCP   3m21s

2. 仪表盘 RBAC 配置

本示例中创建的 admin-user 将在 dashboard 中拥有管理权限。

  1. 创建资源清单的yaml文件

    # vim dashboard.admin-user.yaml
    # 创建 ServiceAccount
    apiVersion: v1
    kind: ServiceAccount
    metadata:
     name: admin-user
     namespace: kubernetes-dashboard
    ---
    # 创建 ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
     name: admin-user
    roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
    subjects:
     - kind: ServiceAccount
       name: admin-user
       namespace: kubernetes-dashboard
  2. 部署上述资源

    # kubectl apply -f dashboard.admin-user.yaml
    serviceaccount/admin-user created
    clusterrolebinding.rbac.authorization.k8s.io/admin-user created
  3. 获得 Bearer Token

    # kubectl -n kubernetes-dashboard describe secret admin-user-token | grep '^token'
    token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlIyZm1VTmxTNTlHMjEwQTBtY2NOOFU3NjE2WFRCZ3Y0OUY3MUlaNm1FRnMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2Vyd5ljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTdma3pyIiwia3ViZXJuZXRlcy5pby9zZXF2aWNlYWNjb3Vu3C9zZXJ2aWNlLWFjY291bnQubmF3ZSI6ImFkbWluLXVzZXIiLCJrdWJlcg5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyOTBj4jE1NS0yYjcxLTQ5OTItYTc0ZS05NT6zZDczZmJhMTEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.gpOZIP41VXmVFj_d5We6HiN3dWvLWARg4giW4km7iUqTi8YsvgmzK32ygkn2Qhv6f2GijITZ6N-ZvLzOndQcaoTldPyI5YNRPu6unTh2sp1oA1p1hABFuxYfI7zRJi31HuktceoRYKjBPUv35Twy3j-SK0Bic3mXhKdRUg30Z2I795GqiRFHQFMXAChnLprVqOr9Ei5nPOuOqVFgNVW4vALgC-mNVwokEHLUri8J3c7DixjjDHgooGPMCjExyGRHXn3lkkPLw29otqa1QBky9cFSCxIL8gVH96-vWCNa-SKn_AsU0jkIws68nlCiBZ7Fm47HLTJkNOUAhV0XQK4cbw

3. 访问及配置 Dashboard

  1. 浏览器访问"https://192.168.1.207",把上面的 token 粘贴到下图的输入框
    k8s-dashboard_01

  2. 登录后的界面

    k8s-dashboard_02

  3. 设置中文:默认是根据浏览器环境自动适配语言的,如未能自动切换中文,可以在"设置" — "本地设置" 选择语言。

    k8s-dashboard_03

微信扫一扫,分享到朋友圈

K8S/K3S 安装 Dashboard(Web UI)
0
别把想做的事情,留给遥不可及的未来!

发表评论

您的电子邮件地址不会被公开。 必填项已用 * 标注

提示:点击验证后方可评论!

插入图片
返回顶部