Dashboard 是一个基于 Web 的 Kubernetes 用户界面。
k8s 和 k3s 安装 Dashboard 方法完全一样,本示例使用的是 k3s 的 v1.23,当前 Dashboard 最新版本是 v2.5.1,兼容 k8s/k3s v1.23版本,具体去这里查看对应的版本 GitHUB 上 kubernetes/dashboard 项目版本
注意:本示例中的k3s kubectl
命令设置了别名:kubectl='k3s kubectl'
,对于没有设置别名的k3s环境,请在下文中的所有kubectl命令前加上k3s;对于k8s环境,直接粘贴下文命令即可。
1. 部署 Kubernetes Dashboard
-
下载yaml文件
# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
-
编辑yaml文件:默认的yaml文件中 Dashboard 服务类型是ClusterIP,ClusterIP只能在集群内部访问,不能使用外部浏览器访问,我们可以选择将"ClusterIP"改为"NodePort"或"LoadBalancer",也可以使用ingress做代理,本示例选择使用LoadBalancer
# vim recommended.yaml .... kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: LoadBalancer # 新增,缺省情况下type默认是ClusterIP,我们这里指定type位LoadBalancer loadBalancerIP: 192.168.1.207 # 设置外部ip,此ip需要能够在宿主机使用 ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
-
部署,建议使用 apply 参数创建,而非 create 参数创建
# kubectl apply -f recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
-
查看namespace名为kubernetes-dashboard下的服务,外部浏览器可以使用"https://EXTERNAL-IP:PORT(S)"访问,本示例为"https://192.168.1.207",但想要访问 dashboard 服务,还需要有访问权限,即需要创建kubernetes-dashboard管理员角色
# kubectl get -n kubernetes-dashboard svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 172.17.219.162
8000/TCP 3m21s kubernetes-dashboard LoadBalancer 172.17.125.238 192.168.1.207 443:22757/TCP 3m21s
2. 仪表盘 RBAC 配置
本示例中创建的
admin-user
将在 dashboard 中拥有管理权限。
-
创建资源清单的yaml文件
# vim dashboard.admin-user.yaml # 创建 ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- # 创建 ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
-
部署上述资源
# kubectl apply -f dashboard.admin-user.yaml serviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created
-
获得 Bearer Token
# kubectl -n kubernetes-dashboard describe secret admin-user-token | grep '^token' token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlIyZm1VTmxTNTlHMjEwQTBtY2NOOFU3NjE2WFRCZ3Y0OUY3MUlaNm1FRnMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2Vyd5ljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTdma3pyIiwia3ViZXJuZXRlcy5pby9zZXF2aWNlYWNjb3Vu3C9zZXJ2aWNlLWFjY291bnQubmF3ZSI6ImFkbWluLXVzZXIiLCJrdWJlcg5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyOTBj4jE1NS0yYjcxLTQ5OTItYTc0ZS05NT6zZDczZmJhMTEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.gpOZIP41VXmVFj_d5We6HiN3dWvLWARg4giW4km7iUqTi8YsvgmzK32ygkn2Qhv6f2GijITZ6N-ZvLzOndQcaoTldPyI5YNRPu6unTh2sp1oA1p1hABFuxYfI7zRJi31HuktceoRYKjBPUv35Twy3j-SK0Bic3mXhKdRUg30Z2I795GqiRFHQFMXAChnLprVqOr9Ei5nPOuOqVFgNVW4vALgC-mNVwokEHLUri8J3c7DixjjDHgooGPMCjExyGRHXn3lkkPLw29otqa1QBky9cFSCxIL8gVH96-vWCNa-SKn_AsU0jkIws68nlCiBZ7Fm47HLTJkNOUAhV0XQK4cbw
3. 访问及配置 Dashboard
-
浏览器访问"https://192.168.1.207",把上面的 token 粘贴到下图的输入框
-
登录后的界面
-
设置中文:默认是根据浏览器环境自动适配语言的,如未能自动切换中文,可以在"设置" — "本地设置" 选择语言。