kubernetes 安装 kubernetes-dashboard 7.x
介绍
Kubernetes仪表板是Kubernetes集群的通用、基于Web的UI。它允许用户管理集群中运行的应用程序并对其进行故障排除,以及管理集群本身。
从7.x版开始,不再支持基于Manifest的安装。现在只支持基于Helm的安装。由于多容器设置和对Kong网关API代理的严重依赖 要轻松支持基于清单安装是不可行的。
安装
# 添加源信息
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# 默认参数安装
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kube-system
# 我的集群使用默认参数安装 kubernetes-dashboard-kong 出现异常 8444 端口占用
# 使用下面的命令进行安装,在安装时关闭kong.tls功能
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --namespace kube-system --set kong.admin.tls.enabled=false
查看是否完成启动
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default hello-server-569d7866bd-5lspc 1/1 Running 1 (29m ago) 23d
default hello-server-569d7866bd-ll26x 1/1 Running 1 (29m ago) 23d
default nginx-demo-554db85f85-tlcgw 1/1 Running 1 (29m ago) 23d
default nginx-demo-554db85f85-zz2db 1/1 Running 1 (29m ago) 23d
ingress-nginx ingress-nginx-admission-create-hjb5q 0/1 Completed 0 23d
ingress-nginx ingress-nginx-admission-patch-ddx2q 0/1 Completed 0 23d
ingress-nginx ingress-nginx-controller-85c7865b7d-jzq7k 1/1 Running 1 (29m ago) 23d
kube-system calico-kube-controllers-57758d645c-5hnlg 1/1 Running 1 (29m ago) 23d
kube-system calico-node-4ljzp 1/1 Running 3 (29m ago) 23d
kube-system calico-node-84nb7 1/1 Running 3 (29m ago) 23d
kube-system calico-node-hxjgg 1/1 Running 3 (29m ago) 23d
kube-system calico-node-mx9xj 1/1 Running 3 (29m ago) 23d
kube-system calico-node-xxgtn 1/1 Running 3 (29m ago) 23d
kube-system calico-typha-7f974b9776-wp8q9 1/1 Running 1 (29m ago) 23d
kube-system coredns-84748f969f-75czs 1/1 Running 1 (29m ago) 23d
kube-system default-http-backend-7b44966d95-tslfl 1/1 Running 1 (29m ago) 23d
kube-system kubernetes-dashboard-api-fd4b86496-4ckwm 1/1 Running 0 7m56s
kube-system kubernetes-dashboard-api-fd4b86496-lklpz 1/1 Running 0 60s
kube-system kubernetes-dashboard-api-fd4b86496-p9mj2 1/1 Running 0 8m28s
kube-system kubernetes-dashboard-auth-6dc79b858d-c4ks5 1/1 Running 0 8m28s
kube-system kubernetes-dashboard-kong-6d54b7dd5f-lhf88 1/1 Running 0 8m28s
kube-system kubernetes-dashboard-metrics-scraper-956d55d9-x6fl9 1/1 Running 0 22m
kube-system kubernetes-dashboard-web-6bb84db944-vjrdl 1/1 Running 0 22m
kube-system metrics-server-57d65996cf-5x9df 1/1 Running 2 (20m ago) 23d
[root@k8s-master01 ~]#
修改NodePort端口
[root@k8s-master01 ~]# kubectl edit svc -n kube-system kubernetes-dashboard-kong-proxy
service/kubernetes-dashboard-kong-proxy edited
[root@k8s-master01 ~]#
查看svc端口
[root@k8s-master01 ~]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default hello-server ClusterIP 10.98.9.152 <none> 8000/TCP 23d
default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23d
default nginx-demo ClusterIP 10.105.145.188 <none> 8000/TCP 23d
ingress-nginx ingress-nginx-controller NodePort 10.103.206.178 <none> 80:30247/TCP,443:30992/TCP 23d
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.96.95.250 <none> 443/TCP 23d
kube-system calico-typha ClusterIP 10.110.60.211 <none> 5473/TCP 23d
kube-system coredns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 23d
kube-system default-http-backend ClusterIP 10.106.57.176 <none> 80/TCP 23d
kube-system kubernetes-dashboard-api ClusterIP 10.110.23.150 <none> 8000/TCP 22m
kube-system kubernetes-dashboard-auth ClusterIP 10.102.247.207 <none> 8000/TCP 22m
kube-system kubernetes-dashboard-kong-manager NodePort 10.110.160.154 <none> 8002:31983/TCP,8445:32634/TCP 22m
kube-system kubernetes-dashboard-kong-proxy NodePort 10.111.53.143 <none> 443:30556/TCP 22m
kube-system kubernetes-dashboard-metrics-scraper ClusterIP 10.106.47.83 <none> 8000/TCP 22m
kube-system kubernetes-dashboard-web ClusterIP 10.110.135.67 <none> 8000:32503/TCP 22m
kube-system metrics-server ClusterIP 10.106.68.27 <none> 443/TCP 23d
[root@k8s-master01 ~]#
创建临时token
cat > dashboard-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
kubectl apply -f dashboard-user.yaml
# 创建token
kubectl -n kube-system create token admin-user
eyJhbGciOiJSUzI1NiIsImtpZCI6Im5vZExpNi1tTERLb09ONVM2cEE0SWNCUnA4eTZieE81RnVGb1IwSk5QVFEifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzA4MjQ4NjM4LCJpYXQiOjE3MDgyNDUwMzgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiMTQ1YTdmZTktMTQ0YS00NDZmLWI1M2QtNDk4OGM3YjIyZjgyIn19LCJuYmYiOjE3MDgyNDUwMzgsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbi11c2VyIn0.H2Oxxrb5BVLH1iDOA-Uo1I7aiAUZX1wK-xBiV9NJXQ32EDyQvss95yQbCNHtPMhQZ8jFE3NRhyjkgZMZmX7kR9J-89QXLqKhE8Qnihd1mq5HOEVQ8tjZ6ix8ymxs5QkfSvd_OUzILKBtfYAMb4Fer67Dyf14oBHWVKU9LQkCdtFaLxerK--N7gLWeGXzavqzOlEPZR5UZWUPwP5dJmAQtvSToPVMaKiA49LjaGJid0F5Pxnutr80oZRsLfKr0MpoEG6jrow1QeJ2PgVksDTcqMTpye-M6jmIbuxabsRSskTT_zEDT0J86BiLYIHnh79D-P7IUUq6GOp8DgG-wXhICQ
创建长期token
cat > dashboard-user-token.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kube-system
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
EOF
kubectl apply -f dashboard-user-token.yaml
# 查看密码
kubectl get secret admin-user -n kube-system -o jsonpath={".data.token"} | base64 -d
访问
http://192.168.1.31:30556/