1.5 部署 web 服务 dashboard
GitHub项目地址:
https://github.com/kubernetes/dashboard
dashboard的兼容性不太好,这里选择v2.3.1版本
1.5.1 部署 dashboard v2.3.1
默认官方的yaml文件中没有定义暴露端口,所以直接拿来用是无法使用的,需要暴露一个端口。
# 加nodePort参数暴露端口
[root@k8s-master1 ~]# vim dashboard-v2.3.1.yaml
......
30 ---
31
32 kind: Service
33 apiVersion: v1
34 metadata:
35 labels:
36 k8s-app: kubernetes-dashboard
37 name: kubernetes-dashboard
38 namespace: kubernetes-dashboard
39 spec:
40 type: NodePort # 添加此行
41 ports:
42 - port: 443
43 targetPort: 8443
44 nodePort: 30002 # 添加此行
45 selector:
46 k8s-app: kubernetes-dashboard
......1.5.2 下载镜像并传至 harbor
1.5.2.1 下载镜像
# 查询镜像
[root@k8s-master1 ~]# grep image dashboard-v2.3.1.yaml
image: kubernetesui/dashboard:v2.3.1
imagePullPolicy: Always
image: kubernetesui/metrics-scraper:v1.0.6
[root@k8s-master1 ~]#
# 拉取镜像
[root@k8s-master1 ~]# docker pull kubernetesui/dashboard:v2.3.1
v2.3.1: Pulling from kubernetesui/dashboard
b82bd84ec244: Pull complete
21c9e94e8195: Pull complete
Digest: sha256:ec27f462cf1946220f5a9ace416a84a57c18f98c777876a8054405d1428cc92e
Status: Downloaded newer image for kubernetesui/dashboard:v2.3.1
docker.io/kubernetesui/dashboard:v2.3.1
[root@k8s-master1 ~]#
# 打标签
[root@k8s-master1 ~]# docker tag e1482a24335a harbor.waluna.top/baseimages/dashboard:v2.3.1
[root@k8s-master1 ~]#
# 修改hosts解析
[root@k8s-master1 ~]# vim /etc/hosts
10.0.0.59 harbor.waluna.top
# 上传镜像,默认无法上传
[root@k8s-master1 ~]# docker push harbor.waluna.top/baseimages/dashboard:v2.3.1
The push refers to repository [harbor.waluna.top/baseimages/dashboard]
Get "https://harbor.waluna.top/v2/": dial tcp 10.0.0.59:443: connect: connection refused
[root@k8s-master1 ~]# 1.5.2.2 配置 docker 及 harbor
# 修改docker非安全的镜像仓库列表
[root@k8s-master1 ~]# dockerd --help|grep insecure
--insecure-registry list Enable insecure registry communication
[root@k8s-master1 ~]#
# 修改docker.service文件
[root@k8s-master1 ~]# vim /lib/systemd/system/docker.service
[root@k8s-master1 ~]# grep ExecStart /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harbor.waluna.top # 修改此行,添加后面参数
[root@k8s-master1 ~]#
# 重启docker
[root@k8s-master1 ~]# systemctl daemon-reload
[root@k8s-master1 ~]# systemctl restart docker.service
[root@k8s-master1 ~]#
# 需要在其他master和node节点进行同样操作
[root@k8s-master1 ~]# scp /lib/systemd/system/docker.service 10.0.0.19:/lib/systemd/system/docker.service
[root@k8s-master1 ~]# scp /lib/systemd/system/docker.service 10.0.0.29:/lib/systemd/system/docker.service
[root@k8s-master1 ~]# scp /lib/systemd/system/docker.service 10.0.0.69:/lib/systemd/system/docker.service
[root@k8s-master1 ~]# scp /lib/systemd/system/docker.service 10.0.0.79:/lib/systemd/system/docker.service
[root@k8s-master1 ~]# scp /lib/systemd/system/docker.service 10.0.0.89:/lib/systemd/system/docker.service
# 修改hosts
[root@k8s-master2 ~]# echo "10.0.0.59 harbor.waluna.top" >> /etc/hosts
[root@k8s-master3 ~]# echo "10.0.0.59 harbor.waluna.top" >> /etc/hosts
[root@node1 ~]# echo "10.0.0.59 harbor.waluna.top" >> /etc/hosts
[root@node2 ~]# echo "10.0.0.59 harbor.waluna.top" >> /etc/hosts
[root@node3 ~]# echo "10.0.0.59 harbor.waluna.top" >> /etc/hosts
# 重启docker
[root@k8s-master2 ~]# systemctl daemon-reload && systemctl restart docker.service
[root@k8s-master3 ~]# systemctl daemon-reload && systemctl restart docker.service
[root@node1 ~]# systemctl daemon-reload && systemctl restart docker.service
[root@node2 ~]# systemctl daemon-reload && systemctl restart docker.service
[root@node3 ~]# systemctl daemon-reload && systemctl restart docker.service
# 登录harbor
[root@k8s-master1 ~]# docker login harbor.waluna.top
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@k8s-master1 ~]#
# 上传镜像
[root@k8s-master1 ~]# docker push harbor.waluna.top/baseimages/dashboard:v2.3.1
The push refers to repository [harbor.waluna.top/baseimages/dashboard]
c94f86b1c637: Pushed
8ca79a390046: Pushed
v2.3.1: digest: sha256:e5848489963be532ec39d454ce509f2300ed8d3470bdfb8419be5d3a982bb09a size: 736
[root@k8s-master1 ~]# 查看 harbor 中的镜像
复制镜像地址
docker pull harbor.waluna.top/baseimages/dashboard:v2.3.1去 node 节点进行测试
[root@node1 ~]# docker pull harbor.waluna.top/baseimages/dashboard:v2.3.1
v2.3.1: Pulling from baseimages/dashboard
b82bd84ec244: Pull complete
21c9e94e8195: Pull complete
Digest: sha256:e5848489963be532ec39d454ce509f2300ed8d3470bdfb8419be5d3a982bb09a
Status: Downloaded newer image for harbor.waluna.top/baseimages/dashboard:v2.3.1
harbor.waluna.top/baseimages/dashboard:v2.3.1
[root@node1 ~]# 1.5.2.3 部署 dashboard
# 将另外一个镜像也上传至harbor
[root@k8s-master1 ~]# grep image dashboard-v2.3.1.yaml
image: kubernetesui/dashboard:v2.3.1
imagePullPolicy: Always
image: kubernetesui/metrics-scraper:v1.0.6
[root@k8s-master1 ~]# docker pull kubernetesui/metrics-scraper:v1.0.6
v1.0.6: Pulling from kubernetesui/metrics-scraper
47a33a630fb7: Pull complete
62498b3018cb: Pull complete
Digest: sha256:1f977343873ed0e2efd4916a6b2f3075f310ff6fe42ee098f54fc58aa7a28ab7
Status: Downloaded newer image for kubernetesui/metrics-scraper:v1.0.6
docker.io/kubernetesui/metrics-scraper:v1.0.6
[root@k8s-master1 ~]# docker tag docker.io/kubernetesui/metrics-scraper:v1.0.6 harbor.waluna.top/baseimages/metrics-scraper:v1.0.6
[root@k8s-master1 ~]# docker push harbor.waluna.top/baseimages/metrics-scraper:v1.0.6
The push refers to repository [harbor.waluna.top/baseimages/metrics-scraper]
a652c34ae13a: Pushed
6de384dd3099: Pushed
v1.0.6: digest: sha256:c09adb7f46e1a9b5b0bde058713c5cb47e9e7f647d38a37027cd94ef558f0612 size: 736
[root@k8s-master1 ~]#
# 修改yaml文件
[root@k8s-master1 ~]# vim dashboard-v2.3.1.yaml
[root@k8s-master1 ~]# grep image dashboard-v2.3.1.yaml
image: harbor.waluna.top/baseimages/dashboard:v2.3.1
imagePullPolicy: Always
image: harbor.waluna.top/baseimages/metrics-scraper:v1.0.6
[root@k8s-master1 ~]#
# 权限控制文件,默认没有,个人编写
[root@k8s-master1 ~]# cat admin-user.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
[root@k8s-master1 ~]#
# 创建dashboard
[root@k8s-master1 ~]# kubectl apply -f dashboard-v2.3.1.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@k8s-master1 ~]# kubectl apply -f admin-user.yml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
[root@k8s-master1 ~]# 1.5.2.4 验证 dashboard 状态
# 查看pod状态
[root@k8s-master1 ~]# kubectl get pod -A|grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-5b8df6cd57-6n9cg 1/1 Running 0 2m29s
kubernetes-dashboard kubernetes-dashboard-695b8fd8ff-zm4mq 1/1 Running 0 2m29s
[root@k8s-master1 ~]#
# 查看service
[root@k8s-master1 ~]# kubectl get service -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.20.0.1 <none> 443/TCP 3h2m
kube-system kube-dns ClusterIP 10.20.0.10 <none> 53/UDP,53/TCP,9153/TCP 3h1m
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.20.138.149 <none> 8000/TCP 22m
kubernetes-dashboard kubernetes-dashboard NodePort 10.20.56.249 <none> 443:30002/TCP 10m
[root@k8s-master1 ~]#
# 查看端口
[root@k8s-master1 ~]# ss -nrl |grep 30002
tcp LISTEN 0 128 0.0.0.0:30002 0.0.0.0:*
[root@k8s-master1 ~]#
# 会在每个node节点都会监听30002端口
[root@node1 ~]# ss -ntl|grep 30002
LISTEN 0 128 0.0.0.0:30002 0.0.0.0:*
[root@node1 ~]# 1.5.2.5 访问 dashboard
因为每个node节点都会监听30002端口,所以可以访问任意一个node节点
直接访问会提示使用https
需要一个token登录
在有权限的节点上获取token
[root@k8s-master1 ~]# kubectl get secret -A|grep admin
kubernetes-dashboard admin-user-token-4pmmf kubernetes.io/service-account-token 3 28m
[root@k8s-master1 ~]#
# 查看详细信息
[root@k8s-master1 ~]# kubectl describe secret admin-user-token-4pmmf -n kubernetes-dashboard
Name: admin-user-token-4pmmf
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 978398fa-49df-43eb-bdd2-fd9b789f0892
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1LZnRuc0ZjM0ZXQV9NT1hidlNWOXhEbVVvSzQ1S1JzTVFKWkpaa3BReHMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTRwbW1mIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI5NzgzOThmYS00OWRmLTQzZWItYmRkMi1mZDliNzg5ZjA4OTIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.F4lOn-CwbOS-Su_qgky7k0MA0k8HamswZa9XO44DTrj9JZUzoKTWittvMl2maN0uhY1Wyn7KidRcYlteMu92-P5WxU2kY3UnearOc8TkvdcRPeKHSp0NQuMOymwQxJmYHifTOG0imc01CnJ0sZSDuBqzRYlWDSyUUu1AphU-VSgZr1zXUB8hmspQgqP_6cyKWNqeXoH5km4d_OToXDlSym5rCKY_eaNWZXp7GH0n6DQ9nLzmaNrnro9eOUch95DyBCqzZnYr1_FvnWr_BS5bQP5xezOKyRXgFvm4tLAivMtNsNa-xXdhiyQJt-dZBv1Z-nFOLz_VcfXHagrcKChDuQ
[root@k8s-master1 ~]# 复制到浏览器点击登录
成功登录
Comments | NOTHING