wxin/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
kubernetes/kubernetes-DashBoard.md
wxin 4f36ddb77b 上传文件至 /
2025-05-17 14:25:24 +08:00

130 lines
5.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<h2><center>kubernetes DashBoard</center></h2>
------
## 一DashBoard
之前在kubernetes中完成的所有操作都是通过命令行工具kubectl完成的。其实为了提供更丰富的用户体验kubernetes还开发了一个基于web的用户界面Dashboard。用户可以使用Dashboard部署容器化的应用还可以监控应用的状态执行故障排查以及管理kubernetes中各种资源。
### 1. 部署Dashboard
**下载yaml并运行Dashboard**
```bash
# 下载yaml
[root@master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
# 修改kubernetes-dashboard的Service类型
[root@master ~]# vim recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
# 部署
[root@master ~]# kubectl create -f recommended.yaml
# 查看namespace下的kubernetes-dashboard下的资源
[root@master ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-799d786dbf-rqftt 1/1 Running 0 7m46s
pod/kubernetes-dashboard-fb8648fd9-wmqwv 1/1 Running 0 7m46s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.108.205.40 <none> 8000/TCP 7m46s
service/kubernetes-dashboard NodePort 10.102.51.227 <none> 443:30001/TCP 7m46s
```
**创建访问账户获取token**
```bash
# 创建账号
[root@master ~]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
serviceaccount/dashboard-admin created
# 授权
[root@master ~]# kubectl create clusterrolebinding dashboard-admin-rb --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-rb created
# 获取账号token
[root@master ~]# kubectl get secrets -n kubernetes-dashboard | grep dashboard-admin
dashboard-admin-token-w49cf kubernetes.io/service-account-token 3 13s
[root@master ~]# kubectl describe secrets dashboard-admin-token-w49cf -n kubernetes-dashboard
Name: dashboard-admin-token-w49cf
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 97f46627-fdc0-4379-8588-cf18f697e623
Type: kubernetes.io/service-account-token
Data
====
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InNQU3pOVFpLVmlwVHM3em5vZUV3S2xTbGZmc3g4M3BhTlZiTGExdlRkZTgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdzQ5Y2YiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTdmNDY2MjctZmRjMC00Mzc5LTg1ODgtY2YxOGY2OTdlNjIzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.bL6DuuI9j0Hn2WUaMgrzqxrPVHJuhNXBMAD-enK-SN_--hFh7zXVQLbU63caR6wCtPh5xjpWMm6jiKPu5oAeUZcumJbgpnTk6aYiRGu3h8i_IN_mrUdCsgu4ux_AeZuoj3gu83aMoHoG9GRZi--0TOJYeRm6lGToNMad_vXPBvCnZmgV9QDRdmjBtLt4cfz816PIWdLC0-36R4QnVWNVGqyEkeTnqYYWQIlL13hmbUfGaz7ZnkxYLnFO6uvKd9DSrb7jU9hzLY_MoOST11G-BUzcGaiGutgrbGobMGBKzB2vFLuKswxwyXQcshPxkWw3ieg8x7_WLGt-V7E2G2x0tw
ca.crt: 1099 bytes
```
⚠️ **浏览器安全警告处理**
- 如果是自签名证书,浏览器会阻止访问。
- **临时解决方案**:在页面任意位置输入 `thisisunsafe`Chrome/Edge 有效)。
- **长期方案**:将集群的 CA 证书导入系统信任库。
**通过浏览器访问Dashboard的UI**
在登录页面上输入上面的token
![](accents\images-202505130040.png)
出现下面的页面代表成功
![](accents\images-202505130041.png)
### 2. 使用Dashboard
本章节以Deployment为例演示DashBoard的使用
**查看**
选择指定的命名空间dev然后点击Deployments查看dev空间下的所有deployment
![](accents\images-202505150047.png)
**扩缩容**
在Deployment上点击缩放然后指定目标副本数量点击确定
![](accents\images-202505150048.png)
![](accents\images-202505150049.png)
**编辑**
在Deployment上点击编辑然后修改yaml文件点击确定
![](accents\images-202505150050.png)
![](accents\images-202505150051.png)
**查看Pod**
点击Pods, 查看pods列表
![](accents\images-202505150052.png)
**操作Pod**
选中某个Pod可以对其执行日志logs、进入执行exec、编辑、删除操作
Reference in New Issue View Git Blame Copy Permalink