Kubernetes

version: 1.0.0

Built with Teadocs

8-2.使用 Helm 部署 dashboard

# 使用Helm部署dashboard

  • 查看helm仓库

    helm repo list
  • 添加国内源

    helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
  • 更新仓库

    helm repo update
  • 拉取kubernetes-dashboard

    helm fetch stable/kubernetes-dashboard
    [root@k8s-master01 helm-dashboard]# ls
    kubernetes-dashboard-0.6.0.tgz
    tar -zxvf kubernetes-dashboard-0.6.0.tgz
  • 安装kubernetes-dashboard

    helm install stable/kubernetes-dashboard -n kubernetes-dashboard --namespace kube-system 
    [root@k8s-master01 kubernetes-dashboard]# helm install stable/kubernetes-dashboard -n kubernetes-dashboard --namespace kube-system 
    NAME:   kubernetes-dashboard
    LAST DEPLOYED: Sat May 30 14:27:53 2020
    NAMESPACE: kube-system
    STATUS: DEPLOYED
    
    RESOURCES:
    ==> v1/Pod(related)
    NAME                                  READY  STATUS             RESTARTS  AGE
    kubernetes-dashboard-6f5b7fcbb-4ztpx  0/1    ContainerCreating  0         0s
    
    ==> v1/Secret
    NAME                  TYPE    DATA  AGE
    kubernetes-dashboard  Opaque  0     0s
    
    ==> v1/Service
    NAME                  TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)  AGE
    kubernetes-dashboard  ClusterIP  10.101.59.171  <none>       443/TCP  0s
    
    ==> v1/ServiceAccount
    NAME                  SECRETS  AGE
    kubernetes-dashboard  1        0s
    
    ==> v1beta1/Deployment
    NAME                  READY  UP-TO-DATE  AVAILABLE  AGE
    kubernetes-dashboard  0/1    1           0          0s
    
    ==> v1beta1/Role
    NAME                  AGE
    kubernetes-dashboard  0s
    
    ==> v1beta1/RoleBinding
    NAME                  AGE
    kubernetes-dashboard  0s
    
    

NOTES:


* PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install *


Get the Kubernetes Dashboard URL by running:
export POD_NAME=$(kubectl get pods -n kube-system -l "app=kubernetes-dashboard,release=kubernetes-dashboard" -o jsonpath="{.items[0].metadata.name}")
echo https://127.0.0.1:9090/
kubectl -n kube-system port-forward $POD_NAME 9090:9090

kubectl get pod -n kube-system
kubectl get svc -n kube-system


- 手动编辑修改svc,暴露给外部访问

  ```shell
  kubectl edit svc kubernetes-dashboard -n kube-system
  spec:
    clusterIP: 10.101.59.171
    ports:
    - name: https # 这里新增
      port: 443
      protocol: TCP
      targetPort: 8443 # 这里修改
    selector:
      app: kubernetes-dashboard
      release: kubernetes-dashboard
    sessionAffinity: None
    type: NodePort # 这里修改
  • 查看修改完为NodePort

    kubectl get svc -n kube-system
    [root@k8s-master01 kubernetes-dashboard]# kubectl get svc -n kube-system
    NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
    kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP   13d
    kubernetes-dashboard   NodePort    10.101.59.171   <none>        443:31717/TCP            8m41s
    tiller-deploy          ClusterIP   10.96.253.154   <none>        44134/TCP                134m
    [root@k8s-master01 kubernetes-dashboard]# 
  • 访问:例如: https://192.168.33.10:31717

    image-20200530143919890
  • 这里使用令牌登录

    • 查看token的secret

      kubectl -n kube-system get secret | grep kubernetes-dashboard-token
      [root@k8s-master01 kubernetes-dashboard]# kubectl -n kube-system get secret | grep kubernetes-dashboard-token
      kubernetes-dashboard-token-w822r                 kubernetes.io/service-account-token   3      12m
      [root@k8s-master01 kubernetes-dashboard]# 
    • 查看对应的token值

      kubectl describe -n kube-system secret/kubernetes-dashboard-token-w822r
      [root@k8s-master01 kubernetes-dashboard]#  kubectl describe -n kube-system secret/kubernetes-dashboard-token-w822r
      Name:         kubernetes-dashboard-token-w822r
      Namespace:    kube-system
      Labels:       <none>
      Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
                    kubernetes.io/service-account.uid: 42ea6ea0-d788-442a-9502-f151bd9d71c5
      
      Type:  kubernetes.io/service-account-token
      
      Data
      ====
      ca.crt:     1025 bytes
      namespace:  11 bytes
      token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi13ODIyciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQyZWE2ZWEwLWQ3ODgtNDQyYS05NTAyLWYxNTFiZDlkNzFjNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.Dkz6b8Xb0SrSVGDqpWUi4UoypLE4jh1bar-r-pBem-o_pGpugMNj-t9hE_k09Xp8iNwjNoIQyfpIBohu1ZCKqzQNplX3mCYsdo8ASYIuHtojPeYPuDt-h2TbB90r_gKuRMddSpnhdYAXWZinTVwYXowU_vlj6ilZce-0PFLPuuGb7Mz98IzclQd6Nu0bDHsfZ4zCKAov1sTXL-FkjrdYJ9uF5s4vL_gNwzPpzyxLEgZ-HfCKjsrg9d6m7Sr95kLMje-WePvWW6wbAM961WbrvEV7M3VZEQyhWy4X_3t6tInPmRZlOH-P8RtaR8S7-J6hY2pfY6uyeJ5jyNYs_PPZlQ
      [root@k8s-master01 kubernetes-dashboard]# 

# kubernetes搭建dashboard报错

  • 1.添加serviceaccount账户,设置并使其可登陆

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: aks-dashboard-admin
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: aks-dashboard-admin
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: aks-dashboard-admin
      namespace: kube-system
  • 2.创建完全管理权限

    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: kubernetes-dashboard
      labels:
        k8s-app: kubernetes-dashboard
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: kubernetes-dashboard
      namespace: kube-system
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: kubernetes-dashboard-head
      labels:
        k8s-app: kubernetes-dashboard-head
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: kubernetes-dashboard-head
      namespace: kube-system

# 查看RBAC

# k8s-RBAC授权-十六
  • kubectl get rolebinding | grep "tiller"
  • kubectl get clusterrole | grep "tiller"
  • kubectl get clusterrolebinding | grep "tiller"