系统环境:
Kubernetes 版本:1.19.2kubernetes-dashboard 版本:v2.0.3创建 Dashboard RBAC 部署文件
k8s-dashboard-rbac.yaml
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system rules: - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard rules: - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system部署 Dashboard RBAC
$ kubectl apply -f k8s-dashboard-rbac.yaml创建 Dashboard Config & Secret 部署文件
k8s-dashboard-configmap-secret.yaml
apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kube-system type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kube-system type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kube-system部署 Dashboard Config & Secret
$ kubectl apply -f k8s-dashboard-configmap-secret.yaml创建 Dashboard Deploy 部署文件
k8s-dashboard-deploy.yaml
## Dashboard Service kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 nodePort: 30001 targetPort: 8443 selector: k8s-app: kubernetes-dashboard --- ## Dashboard Deployment kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: serviceAccountName: kubernetes-dashboard containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.3 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kube-system #设置为当前部署的Namespace resources: limits: cpu: 1000m memory: 512Mi requests: cpu: 1000m memory: 512Mi livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs - name: tmp-volume mountPath: /tmp - name: localtime readOnly: true mountPath: /etc/localtime volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} - name: localtime hostPath: type: File path: /etc/localtime tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule部署 Dashboard Deploy
$ kubectl apply -f k8s-dashboard-deploy.yaml创建 Dashboard Metrics 部署文件
k8s-dashboard-metrics.yaml
## Dashboard Metrics Service kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kube-system spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- ## Dashboard Metrics Deployment kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: serviceAccountName: kubernetes-dashboard containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.4 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 ports: - containerPort: 8000 protocol: TCP resources: limits: cpu: 1000m memory: 512Mi requests: cpu: 1000m memory: 512Mi livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume - name: localtime readOnly: true mountPath: /etc/localtime volumes: - name: tmp-volume emptyDir: {} - name: localtime hostPath: type: File path: /etc/localtime nodeSelector: "beta.kubernetes.io/os": linux tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule部署 Dashboard Metrics
$ kubectl apply -f k8s-dashboard-metrics.yaml创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板。
创建 Dashboard ServiceAccount 部署文件
k8s-dashboard-token.yaml
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile部署访问的 ServiceAccount
$ kubectl apply -f k8s-dashboard-token.yaml获取 Token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin | awk '{print $1}')token:
本人的 Kubernetes 集群地址为”192.168.1.111”并且在 Service 中设置了 NodePort 端口为 30001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址:https://192.168.1.111:30001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard。
查看Dashboard安装地址:
kubectl -n kube-system get service kubernetes-dashboard kubectl get pods --all-namespaces -o wide kubectl get deployment --all-namespaces -o wide 删除pod kubectl delete pod kubernetes-dashboard-75bf8468f8-47bct -n kube-system 删除deployment kubectl delete deployment kubernetes-dashboard -n kube-system 删除kubernetes-dashboard kubectl get secret,sa,role,rolebinding,services,deployments --namespace=kube-system | grep dashboard kubectl delete deployment kubernetes-dashboard --namespace=kube-system kubectl delete service kubernetes-dashboard --namespace=kube-system kubectl delete role kubernetes-dashboard-minimal --namespace=kube-system kubectl delete rolebinding kubernetes-dashboard-minimal --namespace=kube-system kubectl delete sa kubernetes-dashboard --namespace=kube-system kubectl delete secret kubernetes-dashboard-certs --namespace=kube-system kubectl delete secret kubernetes-dashboard-key-holder --namespace=kube-systemyaml文件打包:https://download.csdn.net/download/xiaoxionglove/12914424
运行效果:
文献参考:
http://www.mydlq.club/article/28/
