Kubernetes入门(二)——Dashboard 安装

Kubernetes集群搭建完成后，可以通过命令行方式可以了解集群资源的使用情况，但是这种方式比较笨拙且不直观，因此考虑给集群安装Dashboard，这样能更直观了解集群状态。本文Dashboard的整体安装流程参考的官网安装文档，但是在图形化界面展示部分，官网介绍的比较零散，参考了知乎的一篇文章后才一气呵成地完成啦~~~

1. 下载yaml文件并安装 ^[1]

• 官网给出的yarml文件很难下载，可先使用笔记本（vpn代理）下载，在把文件上传到服务器。

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml

• 下载Dashboard依赖镜像,从recommended.yaml可查到

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0
docker pull kubernetesui/metrics-scraper:v1.0.4  

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0 kubernetesui/dashboard:v2.0.0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/dashboard:v2.0.0

• 查看服务是否正常运行

# kubectl get pods -n kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE   IP            NODE        NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-6b4884c9d5-k5j7c   1/1     Running   0          22h   10.20.71.67   10.13.1.2   <none>           <none>
kubernetes-dashboard-7b544877d5-z46tp        1/1     Running   0          45m   10.20.71.69   10.13.1.2   <none>           <none>

2. 本地测试访问Dashboard

• 启动代理

kubectl proxy

• 由于在linux服务器安装，没有图形界面，可使用curl查看Dashboard网页

curl http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

3. 访问Dashboard图形化界面 ^[4]

配置NodePort方式

• 查看kubernetes-dashboard

# kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   10.96.191.195   <none>        443/TCP   21h

• 编辑kubernetes-dashboard

kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard
将里面的type: ClusterIP改为type: NodePort即可。

• 保存后重新查看，TYPE已变成NodePort

# kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.96.191.195   <none>        443:30454/TCP   21h

生成证书

• Dashboard安装完成，改为NodePort形式之后，通过https://10.13.1.3:30454/访问，会有提示安全的信息。

#新建目录：
mkdir key && cd key

#生成证书
openssl genrsa -out dashboard.key 2048 

#我这里写的自己的node1节点，因为我是通过nodeport访问的；如果通过apiserver访问，可以写成自己的master节点ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=10.13.1.3'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 

#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard

#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

#查看pod
kubectl get pod -n kubernetes-dashboard

#重启pod
kubectl delete pod kubernetes-dashboard-7b544877d5-2xqcr  -n kubernetes-dashboard

• 重新访问 https://10.13.1.3:30454/ 点开高级后，在点继续前往的链接。

创建用户令牌

Dashboard链接打开后，会提示选择Kubeconfig或Token, 这里选择Token的登录方式，下面是创建Token的方法。

• 创建用户 ^[3]

vim admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

# 执行命令
kubectl create -f admin-user.yaml

• 绑定用户关系

vim admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

# 执行命令
kubectl create -f admin-user-role-binding.yam

• 若执行过程中提示存在或者需要删除，只需要kubectl delete -f 相应的yaml文件即可

• 获取令牌

# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-r49rb
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: c9ddd17d-1ca3-4b10-9d83-f958f4235118

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImtsTDY2OENGOGRFaU9PQU8yZURxZDVWZVNxYndIS0NZOWZBTXowT053eWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXI0OXJiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjOWRkZDE3ZC0xY2EzLTRiMTAtOWQ4My1mOTU4ZjQyMzUxMTgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.zlPqNpVgBMdODyL9K7EInK7cME8rG-jXPt-Wd77ghyNGPNmqob_N8k-vj_RkqiDjUOO3hgj0N87mJTe98b2q3Jbb6hEe3wz1GdjRQahohli3K_DsUCQyV7QrOHVV0S0gyaIgiDVTygGXndiw8eKQtiRMuVCeq1_JR0kFbYrC85eTwCx_t1YHJLRf5s4DrkXiS4adFHy2F13riulloK2oG80QtPNpwAcjPZnLsnwUuzDQh5qE7xoDVNNP7X2CNozX7zEv0lQOAdgnnRM1qgxp_giBQ9I0z91wl4BuMs4MmPsaUOV_sR2fXkpOVTMpD-NvUxxHMBBZbiuPk-hH8pAxxQ

输入令牌打开页面

选择Token选项，输入令牌，点击登录，就会发现进入了首页。

4. 参考资料

1. https://kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/     官网文档——网页界面 (Dashboard)
2. https://github.com/kubernetes/dashboard
3. https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
4. https://zhuanlan.zhihu.com/p/91731765    Web基础配置篇（十七）: Kubernetes dashboard安装配置