Kubernetes學習筆記-2: 配置Kubernetes Dashboard
如果喜歡有個UI界面的話可以把KUbernetes Dasoboard 配置起來看看。以下是我在我之前配置的虛擬機cluster上配置Kubernetes Dashboard的過程。
前提條件
- 擁有一個已經初始化完畢且包含worker node的cluster。 我自己是在MacBookPro上起了3個VirtualBox虛擬機搭建了簡易Cluster。
- 在master node 上跑 "kubectl get nodes", 可以看到三個node都是Ready狀態:
[root@kub-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION kub-master Ready master 1d v1.11.3 kub-node01 Ready <none> 1d v1.11.3 kub-node02 Ready <none> 1d v1.11.3 [root@kub-master ~]#
配置從Mac主機直接操作Cluster
如果嫌每次運行Kubectl都得SSH進master node太麻煩,也可以從其他機器直接操作cluster。對我來說,就是在macBookPro筆記本電腦上進行配置即可。
首先安裝kubectl,直接跑“brew install kubectl” 即可。安裝完畢後在到當前用戶根目錄下創建個“.kube”目錄。
將master node上的配置文件scp 下來:
scp root@<master node ip address>:/etc/kubernetes/admin.conf ~/.kube/config
此時在本機運行 "kubectl get nodes" 就和在master node裏運行完全一樣了。
安裝Kubernetes Dashbaord
經過上一步的配置,直接在本地跑一句話即可:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
此時可以看到Kubernetes Dasoboard的Pod已經跑起來了:
[root@kub-master ~]# kubectl get pods -n kube-system -o wide | grep dashboard kubernetes-dashboard-767dc7d4d-6rfkb 1/1 Running 0 6h 10.36.0.1 kub-node02 <none> [root@kub-master ~]#
創建Authentication Token
Kubernetes Dashbaord 他和訪問權限可以通過Kubeconfig或Token兩種方式來實現,我是按照github上的說明配置了token
創建一個service account,比如命名為admin-user. 在本機編輯一個yaml 文件,比如叫admin-user.yaml,包含以下內容:
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
創建該用戶:
kubectl apply -f ./admin-user.yaml
再創建一個角色綁定文件,比如叫"role-binding.yaml",包含如下內容:
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
綁定權限:
kubectl apply -f ./role-binding.yaml
跑以下語句獲取token:
[root@kub-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk ‘{print $1}‘) Name: admin-user-token-dt8fb Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name=admin-user kubernetes.io/service-account.uid=0eb54c95-c178-11e8-87b2-08002763696f Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWR0OGZiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwZWI1NGM5NS1jMTc4LTExZTgtODdiMi0wODAwMjc2MzY5NmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.eEOjIFDAnqfu--cA4X1AADsVQ2RLulkP0HIDq84G0capZBRKPs1fjjOGM67wmuQBbhMpi18nfi_moKknpJ_xBPMNY29_GezrC5-BHAY_CjMLn4CJyq--DFvh7Es_xoymndS9vBQHeBPgpqhjzKs9gc2AaLvVDz7Ls1GbvbS93SptV8JC4hmSOVPWhkGqwjx-Ijk-X0Lq52S9ZeFpSYmy0vUJMkcIpUtUiuBsTJBxYBbTuX5maIy1q_9fmmyMJnr0ztuz3gRyj8pLVUR7PCEueoj6ZhgQgmKIHT46xRSkyzkcNOTZLo4qENouKmLOKKTEISI-kx2I9-oMH2z8wXUfwg
登錄Kubernetes Dashboard
在本機跑一下“kubectl proxy”, 再在本地瀏覽器裏訪問如下URL:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
此時應該可以看到登錄頁面,選擇Token方式,再把之前保存的Token粘貼進來,點擊“Sign In”按鈕。
此時Dashboard首頁就應該出現了:
參考文獻
- https://github.com/kubernetes/dashboard
- https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
Kubernetes學習筆記-2: 配置Kubernetes Dashboard