Kubernetes ---- Dashboard安装、访问(Token、Kubeconfig)
Dashbord
官方地址:
https://github.com/kubernetes/dashboard
安装Dashboard:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml$ kubectl get pods -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE dashboard-metrics-scraper-76679bc5b9-wvq6q 1/1 Running 0 164m kubernetes-dashboard-65bb64d6cb-kjn9g 1/1 Running 2 164m$ kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.99.122.6 <none> 8000/TCP 165m kubernetes-dashboard ClusterIP 10.98.32.114 <none> 443/TCP 165m$ kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard$ kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.99.122.6 <none> 8000/TCP 165m kubernetes-dashboard NodePort 10.98.32.114 <none> 443:32435/TCP 165m
访问Dashboard:
# 集群中任意一台服务器地址+端口号
https://192.168.222.100:32435
登录方式:
- Token认证方式登录
- Kubeconfig认证方式登录
Token认证方式登录:
- 创建ServiceAccount,根据其管理目标,使用rolebinding或clusterrolebinding绑定至合理role或clusterrole;
- 获取到此ServiceAccount的secret,查看secret的详细信息,其中就有token;
- 生成kubeconfig文件
- kubectl config set-cluster --kubeconfig=/PATH/TO/SOMEFILE
- kubectl config set-credentials NAME --token=$KUBE_TOKEN --kubeconfig=/PATH/TO/SOMEFILE
- kubectl config set-context
- kubectl config use-context
$ kubectl create serviceaccount dashboard -n kubernetes-dashboard $ kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin$ kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard$ kubectl describe sa dashboard -n kubernetes-dashboard Name: dashboard Namespace: kubernetes-dashboard Labels: <none> Annotations: <none> Image pull secrets: <none> Mountable secrets: dashboard-token-vtncb Tokens: dashboard-token-vtncb Events: <none>$ kubectl describe secret dashboard-token-vtncb -n kubernetes-dashboard 将查询结果中的"token值"复制到UI上,即可完成登录;
因为我们将创建的serviceaccount绑定在了cluster-admin上面,所有cluster-admin角色拥有的权限,在这里这个Pod(Dashboard)都有;
KubeConfig认证方式登录:
- 创建ServiceAccount,根据其管理目标,使用rolebinding或clusterrolebinding绑定至合理role或clusterrole;
- 获取secret的详细信息,
$ kubectl craete serviceaccount def-ns-admin -n default$ kubectl config set-cluster kubernetes --server="https://192.168.133.128:6443" --certificate-authority=/etc/kubernetes/pki/ca.crt --kubeconfig=./def-ns-admin.conf$ kubectl config view --kubeconfig=./def-ns-admin.conf apiVersion: v1 clusters:- cluster:certificate-authority: /etc/kubernetes/pki/ca.crtserver: https://192.168.133.128:6443name: kubernetes contexts: [] current-context: "" kind: Config preferences: {} users: []# 基于serviceaccount的Token与API Server进行认证; $ kubectl get secret NAME TYPE DATA AGE def-ns-admin-token-qhkfj kubernetes.io/service-account-token 3 31m$ DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-qhkfj -o jsonpath={.data.token} | base64 -d)$ kubectl config set-credentials def-ns-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=./def-ns-admin.conf$ kubectl config view --kubeconfig=./def-ns-admin.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crtserver: https://192.168.133.128:6443name: kubernetes contexts: [] current-context: "" kind: Config preferences: {} users: - name: def-ns-adminuser:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1xaGtmaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyNmNlMWZhNC0yZWUwLTRlZTktYmMzZi1lZDg3MTViOTE4NTQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.l_BMlpcuoSmTHZktsCJHdieXinpNHgD8SBM765dF4e7dnftCKJkhteWlYudO2fbzrphhd2hHLXob6O6ttV_tTUMkbcfK7ZwtVZQUbAm0k00ir9hsifmhAELMNL12TCqa7bnMTkzMw0IKS6fICr_wSyVYFgBgrdX_mn-nk7GN-sDyf1BxXrYZ9iyf6rAJfdRWmv2_C5an0jJwUeQ8xHp-wMJCH_CqmU69i8VcUL8Sy6QngtQ5wuSg6OC2ybUsnQJalTDcoJw4MbctxM6eh-QT-Uwyk4-wjz2vVJtv0DvhvQQC-equ99N9g1Nd3Gg7FMOwBZdM6-DMyNoeCcRKwBaLfw$ kubectl config view --kubeconfig=./def-ns-admin.conf apiVersion: v1 clusters: - cluster:certificate-authority: /etc/kubernetes/pki/ca.crtserver: https://192.168.133.128:6443name: kubernetes contexts: - context:cluster: kubernetesuser: def-ns-adminname: def-ns-admin@kubernetes current-context: "" kind: Config preferences: {} users: - name: def-ns-adminuser:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1xaGtmaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyNmNlMWZhNC0yZWUwLTRlZTktYmMzZi1lZDg3MTViOTE4NTQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.l_BMlpcuoSmTHZktsCJHdieXinpNHgD8SBM765dF4e7dnftCKJkhteWlYudO2fbzrphhd2hHLXob6O6ttV_tTUMkbcfK7ZwtVZQUbAm0k00ir9hsifmhAELMNL12TCqa7bnMTkzMw0IKS6fICr_wSyVYFgBgrdX_mn-nk7GN-sDyf1BxXrYZ9iyf6rAJfdRWmv2_C5an0jJwUeQ8xHp-wMJCH_CqmU69i8VcUL8Sy6QngtQ5wuSg6OC2ybUsnQJalTDcoJw4MbctxM6eh-QT-Uwyk4-wjz2vVJtv0DvhvQQC-equ99N9g1Nd3Gg7FMOwBZdM6-DMyNoeCcRKwBaLfw$ kubectl config use-context def-ns-admin@kubernetes --kubeconfig=./def-ns-admin.conf$ sz ./def-ns-admin.conf
Kubernetes ---- Dashboard安装、访问(Token、Kubeconfig)相关推荐
- Web基础配置篇(十七): Kubernetes dashboard安装配置
Web基础配置篇(十七): Kubernetes dashboard安装配置 一.概述 Kubernetes 简称为K8S,是用于自动部署,扩展和管理容器化应用程序的开源系统.Kubernetes的目 ...
- kubernetes dashboard 安装
环境: CentOS Linux release 7.3.1611 (Core) IP:192.168.0.103 [1]组件安装 yum install device-mapper yum inst ...
- minikube 安装 Kubernetes Dashboard 并集成 Heapster
目录 Kubernetes Dashboard 介绍 环境.软件准备 Kubernetes Dashboard 安装 Heapster 插件安装 简单演示使用 Dashboard 1.Kubernet ...
- K8s+dashboard安装部署
系统安装 使用虚拟机安装两个centos系统,在/etc/hosts里增加两行 192.168.140.128 kuber-master 192.168.140.129 kuber-node1 关闭防 ...
- Kubernetes Dashboard 设置用户密码登陆
Kubernetes Dashboard 设置用户密码登陆 Kubernetes 2019年05月20日 K8s 文档 K8s 1.13源码安装 k8s dashboard token访问 仪表板是基 ...
- k8s dashboard安装
安装 $ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml ...
- Heapster -- Kubernetes Dashboard集成Heapster
原始kubernetes dashboard的界面中仅显示了pod一些配置信息,无法图形化展现集群度量指标信息.原始图如下(此处从网上找了一个图..): 而如果要展示图形化的集群度量指标信息,就需要安 ...
- 有史以来最详细 安装部署Kubernetes Dashboard (补充解决官方出现的一些RBAC CERT等问题)
安装部署Kubernetes Dashboard (补充解决官方出现的一些RBAC CERT等问题) 官方文档:https://github.com/kubernetes/dashboard 参考文章 ...
- Kubernetes Dashboard on Ubuntu 16.04安装记录
2019独角兽企业重金招聘Python工程师标准>>> Kubernetes Dashboard on Ubuntu 16.04安装记录 以下内容在Kubernetes 1.9.3 ...
最新文章
- python爬虫beautifulsoup实例-【Python实例二】BeautifulSoup爬虫简单实践
- Python [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed 解决方法
- opencv进阶学习笔记13:图像形态学操作大全(膨胀,腐蚀,开闭,黑帽,顶帽,梯度)python版
- 深入理解Java类加载器:Java类加载原理解析
- leetcode538 把二叉搜索树转换成累加树
- 数仓如何限制临时数据文件下盘量
- 【MySQL快速入门】牛客网:条件查询(1)基础排序
- HDU 5971 2016ICPC大连 A: Wrestling Match(二分图判断)
- C# 读写txt文件 写txt(IO) TXT追加
- 可以在电脑上刷微信朋友圈啦-微信 mac最新版
- 国税服务器反回文件错误,电子税务局常见问题解答电子税务局异常转办(一).pdf...
- c语言撩妹小程序,撩妹简单的web小程序!分享给大家~~~~~~
- 我的世界服务器物品不丢弃,《我的世界》怎样处理没用的物品,这六个销毁物品方法了解一下!...
- 打破思维断层之KMP分析
- 玛里苟斯[清华集训2014 Day1]
- 关于虚拟机中linux系统时间的问题
- 令牌桶算法和漏桶算法之间的那些事
- Linux自学指南-从应用到内核
- 动态规划 堆沙子问题
- debugbar php漏洞,Laravel-debugbar 开发调试利器
热门文章
- 制造业的CIO会向COO演变吗?
- 根据某个字段来查询筛选数据
- 可爱的 __exit__() 方法(配合 with ... as ... 作用,优雅实现 try: ... except ... 的排错“功能”)
- 极米和坚果投影仪哪个好,极米说坚果投影仪是哪个?
- Cisco思科路由器配置OSPF认证的简单例子
- Tableau-参考线
- Chat GPT-4 + midnshow.fun 自动写PPT
- word中多个公式需要居中,编号右对齐的设置
- AICPA CIMA四季度调查:超一半美国企业高管认为美国经济陷入衰退
- android:获取富文本图片和使用Jsoup抓取腾讯新闻网页数据