3.5.4. dashboard服务安装¶
配置kubernetes-dashboard [1]¶
安装kubernetes-dashboard,并使得能够远程访问,yaml文件dashboard.yaml详见 [2] 执行:
$ kubectl apply -f dashboard.yaml
文件执行完成后,可以通过https://IP:30000 来访问(注意: 是https不是http)
在kubernetes 1.7之后建议使用token去登录
token获取方法:
1 // 查询secret列表
2 $ kubectl -n kube-system get secret
3 attachdetach-controller-token-pqtcp kubernetes.io/service-account-token 3 3h18m
4 bootstrap-signer-token-qnx4s kubernetes.io/service-account-token 3 3h18m
5 bootstrap-token-y89hw4 bootstrap.kubernetes.io/token 7 3h18m
6 certificate-controller-token-r6wl6 kubernetes.io/service-account-token 3 3h18m
7 clusterrole-aggregation-controller-token-6mrrv kubernetes.io/service-account-token 3 3h18m
8 coredns-token-f4nfd kubernetes.io/service-account-token 3 3h18m
9 ...
10
11 // 指定某个secret
12 $ kubectl -n kube-system get secret | grep aggregation-controller-token
13 clusterrole-aggregation-controller-token-6mrrv kubernetes.io/service-account-token 3 3h18m
1 // 查看clusterrole-aggregation-controller-token详情
2 $ kubectl -n kube-system describe secret clusterrole-aggregation-controller-token-6mrrv
3 #######
4 Name: clusterrole-aggregation-controller-token-6fzrv
5 Namespace: kube-system
6 Labels: <none>
7 Annotations: kubernetes.io/service-account.name: clusterrole-aggregation-controller
8 kubernetes.io/service-account.uid: e132b88c-efe2-11e8-b652-005056a0b094
9
10 Type: kubernetes.io/service-account-token
11 Data
12 ====
13 ca.crt: 1025 bytes
14 namespace: 11 bytes
15 token: eyJhbGciO...(太长了省略下)
16 #######
附录¶
1apiVersion: v1
2kind: List
3items:
4- apiVersion: v1
5 kind: Secret
6 metadata:
7 labels:
8 k8s-app: kubernetes-dashboard
9 name: kubernetes-dashboard-certs
10 namespace: kube-system
11 type: Opaque
12- apiVersion: v1
13 kind: ServiceAccount
14 metadata:
15 labels:
16 k8s-app: kubernetes-dashboard
17 name: kubernetes-dashboard
18 namespace: kube-system
19- kind: ClusterRole
20 apiVersion: rbac.authorization.k8s.io/v1
21 metadata:
22 name: kubernetes-dashboard-minimal
23 namespace: kube-system
24 rules:
25 # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
26 - apiGroups: [""]
27 resources: ["secrets"]
28 verbs: ["create"]
29 # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
30 - apiGroups: [""]
31 resources: ["configmaps"]
32 verbs: ["create"]
33 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
34 - apiGroups: [""]
35 resources: ["secrets"]
36 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
37 verbs: ["get", "update", "delete"]
38 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
39 - apiGroups: [""]
40 resources: ["configmaps"]
41 resourceNames: ["kubernetes-dashboard-settings"]
42 verbs: ["get", "update"]
43 # Allow Dashboard to get metrics from heapster.
44 - apiGroups: [""]
45 resources: ["services"]
46 resourceNames: ["heapster"]
47 verbs: ["proxy"]
48 - apiGroups: [""]
49 resources: ["services/proxy"]
50 resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
51 verbs: ["get"]
52- apiVersion: rbac.authorization.k8s.io/v1
53 kind: ClusterRoleBinding
54 metadata:
55 name: kubernetes-dashboard-minimal
56 namespace: kube-system
57 roleRef:
58 apiGroup: rbac.authorization.k8s.io
59 kind: ClusterRole
60 name: kubernetes-dashboard-minimal
61 subjects:
62 - kind: ServiceAccount
63 name: kubernetes-dashboard
64 namespace: kube-system
65- kind: Deployment
66 apiVersion: apps/v1beta2
67 metadata:
68 labels:
69 k8s-app: kubernetes-dashboard
70 name: kubernetes-dashboard
71 namespace: kube-system
72 spec:
73 replicas: 1
74 revisionHistoryLimit: 10
75 selector:
76 matchLabels:
77 k8s-app: kubernetes-dashboard
78 template:
79 metadata:
80 labels:
81 k8s-app: kubernetes-dashboard
82 spec:
83 containers:
84 - name: kubernetes-dashboard
85 image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
86 ports:
87 - containerPort: 8443
88 protocol: TCP
89 args:
90 - --auto-generate-certificates
91 # Uncomment the following line to manually specify Kubernetes API server Host
92 # If not specified, Dashboard will attempt to auto discover the API server and connect
93 # to it. Uncomment only if the default does not work.
94 # - --apiserver-host=http://my-address:port
95 volumeMounts:
96 - name: kubernetes-dashboard-certs
97 mountPath: /certs
98 # Create on-disk volume to store exec logs
99 - mountPath: /tmp
100 name: tmp-volume
101 livenessProbe:
102 httpGet:
103 scheme: HTTPS
104 path: /
105 port: 8443
106 initialDelaySeconds: 30
107 timeoutSeconds: 30
108 volumes:
109 - name: kubernetes-dashboard-certs
110 secret:
111 secretName: kubernetes-dashboard-certs
112 - name: tmp-volume
113 emptyDir: {}
114 serviceAccountName: kubernetes-dashboard
115 # Comment the following tolerations if Dashboard must not be deployed on master
116 tolerations:
117 - key: node-role.kubernetes.io/master
118 effect: NoSchedule
119- kind: Service
120 apiVersion: v1
121 metadata:
122 labels:
123 k8s-app: kubernetes-dashboard
124 name: kubernetes-dashboard
125 namespace: kube-system
126 spec:
127 type: NodePort
128 ports:
129 - port: 443
130 targetPort: 8443
131 nodePort: 30000
132 selector:
133 k8s-app: kubernetes-dashboard