安装和配置k8s可视化UI界面
- 一、安装Dashboard
- 1.1、上传镜像并解压
- 1.2、安装dashboard组件
- 1.3、修改service
- 1.4、访问dashboard
- 二、通过Token令牌访问Dashboard
- 2.1、创建clusterrolebinding
- 2.2、获取token
- 2.3、使用token登录
- 三、通过kubeconfig文件访问Dashboard
- 3.1、创建cluster集群
- 3.2、创建credentials
- 3.3、创建context
- 3.4、切换context
- 3.5、导入dashboard-admin.conf文件
- 四、通过kubernetes-dashboard创建容器
一、安装Dashboard
1.1、上传镜像并解压
将课件中的镜像上传到工作节点,我的工作节点是node01和node02。
然后手动解压。
docker load -i dashboard_2_0_0.tar.gz
docker load -i metrics-scrapter-1-0-1.tar.gz
1.2、安装dashboard组件
上传kubernetes-dashboard.yaml文件并执行。
文件内容如下:
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.0-beta8imagePullPolicy: IfNotPresentports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"beta.kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.1imagePullPolicy: IfNotPresentports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"beta.kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
kubectl apply -f kubernetes-dashboard.yaml
kubectl get pods -n kubernetes-dashboard
显示结果如下,代表安装成功:
[root@master dashboard]# kubectl apply -f kubernetes-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@master dashboard]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-778b77d469-np56t 1/1 Running 0 5s
kubernetes-dashboard-86899d4bc7-7tll9 1/1 Running 0 5s
1.3、修改service
# 查看dashboard前端的service
[root@master dashboard]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.1.91.83 <none> 8000/TCP 3m27s
kubernetes-dashboard ClusterIP 10.1.135.105 <none> 443/TCP 3m27s
# 修改service type类型变成NodePort
[root@master dashboard]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
service/kubernetes-dashboard edited
[root@master dashboard]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.1.91.83 <none> 8000/TCP 4m50s
kubernetes-dashboard NodePort 10.1.135.105 <none> 443:32291/TCP 4m50s
1.4、访问dashboard
上面可看到service类型是NodePort,访问任何一个工作节点ip: 32291端口即可访问kubernetes dashboard,在浏览器(使用火狐浏览器)访问如下地址:
https://10.32.1.147:32291/
二、通过Token令牌访问Dashboard
2.1、创建clusterrolebinding
创建管理员token,具有查看任何空间的权限,可以管理所有资源对象
# 创建 ClusterRoleBinding,名称为dashboard-cluster-admin
# 将Kubernetes Dashboard 的 ServiceAccount (kubernetes-dashboard名称空间下的kubernetes-dashboard这个sa)分配给集群角色 cluster-admin
# 目的:赋予 Dashboard 访问和管理整个集群的权限
[root@master dashboard]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
2.2、获取token
找到带有token的kubernetes-dashboard-token-dxqqq
[root@master dashboard]# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
default-token-96j7l kubernetes.io/service-account-token 3 14m
kubernetes-dashboard-certs Opaque 0 14m
kubernetes-dashboard-csrf Opaque 1 14m
kubernetes-dashboard-key-holder Opaque 2 14m
kubernetes-dashboard-token-dxqqq kubernetes.io/service-account-token 3 14m[root@master dashboard]# kubectl describe secret kubernetes-dashboard-token-dxqqq -n kubernetes-dashboard
Name: kubernetes-dashboard-token-dxqqq
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboardkubernetes.io/service-account.uid: 0f371d4a-899d-4f83-9980-cdc1894b0ebcType: kubernetes.io/service-account-tokenData
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjNQeTlIRF96Rk4yV09iSC1FNG4zeGR0X19VQThPSlNlbEpUeTlfcDRpakUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1keHFxcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBmMzcxZDRhLTg5OWQtNGY4My05OTgwLWNkYzE4OTRiMGViYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.jjn9uz-DKUWxS9qfB41rnUoyk0SVtODBW5y8NEskhElU0KSMj487kc3yBbPLqNQPUgrmA27JK_M9PvYwrUJfLZfxkLtr7cquXXmrUcqXrt3Vr-BkNaExAiUFPYYLXPlUAB8J3lGnY4f1J_dxkxLR-OcyEiC--5eOtUKia1WhrENEwQH1Me4iKcWJSOvJeq7fisgLDVGIjHbg3Iz7PaRHWC5TZ5W-05BkuxtScZDwFS7MItfFicfkGM_SFEEQ5Mg_mDoNArJwP_16quG79eei17n7Av73e41CO7fmyk4fMpnyn-oFfa447D9qWBNbI86ou4Z4B-8GP3Lf4ZyyLnJm9w
2.3、使用token登录
记住token后面的值,把下面的token值复制到浏览器token登陆处即可登陆
点击sing in登陆,显示如下,这次就可以看到和操作任何名称空间的资源了
三、通过kubeconfig文件访问Dashboard
3.1、创建cluster集群
[root@master dashboard]# cd /etc/kubernetes/pki
[root@master pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://10。32.1.147:6443" --embed-certs=true --kubeconfig=/root/dashboard-admin.conf
Cluster "kubernetes" set.
[root@master pki]# cat /root/dashboard-admin.conf
apiVersion: v1
clusters:
- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ETXdOakE1TVRNMU1sb1hEVE16TURNd016QTVNVE0xTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmVnCmNFYUZuTkNVd0hrT3ltOHQ2MlRsUmtxb1VvT1pzdFpIbjdWK3g4dnQxVlR2SldaRkV3YXphNGU1M0FxQUNVaHQKeDVyZksvcGN3T01yR085dk95TU9EMFkza1NYWVR1TDBpUVloRlNZMDVaT0tUdkI3UG5Wb3BueURqRXVBMU80Tgp2TFowZ1RVaWhoMTg2WEtQaGV2T2djMjErU2d5TCtXOHgxQjFoYWtFWFFGc3U2a3ZvWGFnMUU4VVQ2TjZUejJECkJ5MHRqQjNBU3ZuV3hzRHNiSmpLVytIbGhkL2c4dlBURFd5S24rQkdWeWMyb1A1Zkk1T0ZYR0NlVkVTWHUvb0IKNDNsOGQ1SHBvdUY4OTJhRmJjRWc3T0gvTVliS0REOXdYdEdQNXN2a1NNd2x4Z3Y1RUh6MjBKRzNXWlNtQjdFQgpxTHljQzJPeEdiVndQWDIwMGZrQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNW00N2V0aEErRkhmZ3orZVhtM0pZSkJwNmVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdlgxWDEra3RZMHFaeEJQNjgvZjZoVlRFVENSdFBmdHluZnJnY0JOcWtDdzhod2M4UgoyMzAyNmM4NVFFbFU4TkdvR09uSGVCWHlSOERTZE4rNndTL1g5aEw5UU9VQTYwNk1aNG9qaktJUE1LQThCNVdDCndrM1llWkFRakhPcmxPTGNUVzNkL0pRSEQ5ZWFNejB3RnI5QmV5eDdwajhlT0FaU0tPT1dLanU4VlB5aUxvK2YKdzRtbXo0OGtzWHNhcGVRZzNHMWFtNi9CT3VzWmxUNHVyc1JxVUhFU1lzaGRFT29MUTRmanoyTml3eEc1VVFMVApTWXg2VE9mSGRRdTFFSENHNzBud0NNU0VMZVZzN2gyc2FQd1g2Rk9XTzg0UUxheXF4bW1YSVY0eGFUeitIUUhtClJ5SURXMm9zWnVYZEVieXNNZ0NFcWRSeklyR0Fjam9ZdlBmOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==server: https://10.32.1.147:6443name: kubernetes
contexts: null
current-context: ""
kind: Config
preferences: {}
users: null
3.2、创建credentials
创建credentials需要使用上面的kubernetes-dashboard-token-dxqqq对应的token信息
[root@master pki]# DEF_NS_ADMIN_TOKEN=$(kubectl get secret kubernetes-dashboard-token-dxqqq -n kubernetes-dashboard -o jsonpath={.data.token}|base64 -d)[root@master pki]# kubectl config set-credentials dashboard-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=/root/dashboard-admin.conf
User "dashboard-admin" set.
[root@master pki]# cat /root/dashboard-admin.conf
apiVersion: v1
clusters:
- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ETXdOakE1TVRNMU1sb1hEVE16TURNd016QTVNVE0xTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmVnCmNFYUZuTkNVd0hrT3ltOHQ2MlRsUmtxb1VvT1pzdFpIbjdWK3g4dnQxVlR2SldaRkV3YXphNGU1M0FxQUNVaHQKeDVyZksvcGN3T01yR085dk95TU9EMFkza1NYWVR1TDBpUVloRlNZMDVaT0tUdkI3UG5Wb3BueURqRXVBMU80Tgp2TFowZ1RVaWhoMTg2WEtQaGV2T2djMjErU2d5TCtXOHgxQjFoYWtFWFFGc3U2a3ZvWGFnMUU4VVQ2TjZUejJECkJ5MHRqQjNBU3ZuV3hzRHNiSmpLVytIbGhkL2c4dlBURFd5S24rQkdWeWMyb1A1Zkk1T0ZYR0NlVkVTWHUvb0IKNDNsOGQ1SHBvdUY4OTJhRmJjRWc3T0gvTVliS0REOXdYdEdQNXN2a1NNd2x4Z3Y1RUh6MjBKRzNXWlNtQjdFQgpxTHljQzJPeEdiVndQWDIwMGZrQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNW00N2V0aEErRkhmZ3orZVhtM0pZSkJwNmVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdlgxWDEra3RZMHFaeEJQNjgvZjZoVlRFVENSdFBmdHluZnJnY0JOcWtDdzhod2M4UgoyMzAyNmM4NVFFbFU4TkdvR09uSGVCWHlSOERTZE4rNndTL1g5aEw5UU9VQTYwNk1aNG9qaktJUE1LQThCNVdDCndrM1llWkFRakhPcmxPTGNUVzNkL0pRSEQ5ZWFNejB3RnI5QmV5eDdwajhlT0FaU0tPT1dLanU4VlB5aUxvK2YKdzRtbXo0OGtzWHNhcGVRZzNHMWFtNi9CT3VzWmxUNHVyc1JxVUhFU1lzaGRFT29MUTRmanoyTml3eEc1VVFMVApTWXg2VE9mSGRRdTFFSENHNzBud0NNU0VMZVZzN2gyc2FQd1g2Rk9XTzg0UUxheXF4bW1YSVY0eGFUeitIUUhtClJ5SURXMm9zWnVYZEVieXNNZ0NFcWRSeklyR0Fjam9ZdlBmOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==server: https://10.32.1.147:6443name: kubernetes
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: dashboard-adminuser:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjNQeTlIRF96Rk4yV09iSC1FNG4zeGR0X19VQThPSlNlbEpUeTlfcDRpakUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1keHFxcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBmMzcxZDRhLTg5OWQtNGY4My05OTgwLWNkYzE4OTRiMGViYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.jjn9uz-DKUWxS9qfB41rnUoyk0SVtODBW5y8NEskhElU0KSMj487kc3yBbPLqNQPUgrmA27JK_M9PvYwrUJfLZfxkLtr7cquXXmrUcqXrt3Vr-BkNaExAiUFPYYLXPlUAB8J3lGnY4f1J_dxkxLR-OcyEiC--5eOtUKia1WhrENEwQH1Me4iKcWJSOvJeq7fisgLDVGIjHbg3Iz7PaRHWC5TZ5W-05BkuxtScZDwFS7MItfFicfkGM_SFEEQ5Mg_mDoNArJwP_16quG79eei17n7Av73e41CO7fmyk4fMpnyn-oFfa447D9qWBNbI86ou4Z4B-8GP3Lf4ZyyLnJm9w
3.3、创建context
[root@master pki]# kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/dashboard-admin.conf
Context "dashboard-admin@kubernetes" created.
[root@master pki]# cat /root/dashboard-admin.conf
apiVersion: v1
clusters:
- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ETXdOakE1TVRNMU1sb1hEVE16TURNd016QTVNVE0xTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmVnCmNFYUZuTkNVd0hrT3ltOHQ2MlRsUmtxb1VvT1pzdFpIbjdWK3g4dnQxVlR2SldaRkV3YXphNGU1M0FxQUNVaHQKeDVyZksvcGN3T01yR085dk95TU9EMFkza1NYWVR1TDBpUVloRlNZMDVaT0tUdkI3UG5Wb3BueURqRXVBMU80Tgp2TFowZ1RVaWhoMTg2WEtQaGV2T2djMjErU2d5TCtXOHgxQjFoYWtFWFFGc3U2a3ZvWGFnMUU4VVQ2TjZUejJECkJ5MHRqQjNBU3ZuV3hzRHNiSmpLVytIbGhkL2c4dlBURFd5S24rQkdWeWMyb1A1Zkk1T0ZYR0NlVkVTWHUvb0IKNDNsOGQ1SHBvdUY4OTJhRmJjRWc3T0gvTVliS0REOXdYdEdQNXN2a1NNd2x4Z3Y1RUh6MjBKRzNXWlNtQjdFQgpxTHljQzJPeEdiVndQWDIwMGZrQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNW00N2V0aEErRkhmZ3orZVhtM0pZSkJwNmVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdlgxWDEra3RZMHFaeEJQNjgvZjZoVlRFVENSdFBmdHluZnJnY0JOcWtDdzhod2M4UgoyMzAyNmM4NVFFbFU4TkdvR09uSGVCWHlSOERTZE4rNndTL1g5aEw5UU9VQTYwNk1aNG9qaktJUE1LQThCNVdDCndrM1llWkFRakhPcmxPTGNUVzNkL0pRSEQ5ZWFNejB3RnI5QmV5eDdwajhlT0FaU0tPT1dLanU4VlB5aUxvK2YKdzRtbXo0OGtzWHNhcGVRZzNHMWFtNi9CT3VzWmxUNHVyc1JxVUhFU1lzaGRFT29MUTRmanoyTml3eEc1VVFMVApTWXg2VE9mSGRRdTFFSENHNzBud0NNU0VMZVZzN2gyc2FQd1g2Rk9XTzg0UUxheXF4bW1YSVY0eGFUeitIUUhtClJ5SURXMm9zWnVYZEVieXNNZ0NFcWRSeklyR0Fjam9ZdlBmOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==server: https://10.32.1.147:6443name: kubernetes
contexts: null
current-context: ""
kind: Config
preferences: {}
users:
- name: dashboard-adminuser:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjNQeTlIRF96Rk4yV09iSC1FNG4zeGR0X19VQThPSlNlbEpUeTlfcDRpakUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1keHFxcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBmMzcxZDRhLTg5OWQtNGY4My05OTgwLWNkYzE4OTRiMGViYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.jjn9uz-DKUWxS9qfB41rnUoyk0SVtODBW5y8NEskhElU0KSMj487kc3yBbPLqNQPUgrmA27JK_M9PvYwrUJfLZfxkLtr7cquXXmrUcqXrt3Vr-BkNaExAiUFPYYLXPlUAB8J3lGnY4f1J_dxkxLR-OcyEiC--5eOtUKia1WhrENEwQH1Me4iKcWJSOvJeq7fisgLDVGIjHbg3Iz7PaRHWC5TZ5W-05BkuxtScZDwFS7MItfFicfkGM_SFEEQ5Mg_mDoNArJwP_16quG79eei17n7Av73e41CO7fmyk4fMpnyn-oFfa447D9qWBNbI86ou4Z4B-8GP3Lf4ZyyLnJm9w
[root@master pki]# kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/dashboard-admin.conf
Context "dashboard-admin@kubernetes" created.
[root@master pki]# cat /root/dashboard-admin.conf
apiVersion: v1
clusters:
- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ETXdOakE1TVRNMU1sb1hEVE16TURNd016QTVNVE0xTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmVnCmNFYUZuTkNVd0hrT3ltOHQ2MlRsUmtxb1VvT1pzdFpIbjdWK3g4dnQxVlR2SldaRkV3YXphNGU1M0FxQUNVaHQKeDVyZksvcGN3T01yR085dk95TU9EMFkza1NYWVR1TDBpUVloRlNZMDVaT0tUdkI3UG5Wb3BueURqRXVBMU80Tgp2TFowZ1RVaWhoMTg2WEtQaGV2T2djMjErU2d5TCtXOHgxQjFoYWtFWFFGc3U2a3ZvWGFnMUU4VVQ2TjZUejJECkJ5MHRqQjNBU3ZuV3hzRHNiSmpLVytIbGhkL2c4dlBURFd5S24rQkdWeWMyb1A1Zkk1T0ZYR0NlVkVTWHUvb0IKNDNsOGQ1SHBvdUY4OTJhRmJjRWc3T0gvTVliS0REOXdYdEdQNXN2a1NNd2x4Z3Y1RUh6MjBKRzNXWlNtQjdFQgpxTHljQzJPeEdiVndQWDIwMGZrQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNW00N2V0aEErRkhmZ3orZVhtM0pZSkJwNmVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdlgxWDEra3RZMHFaeEJQNjgvZjZoVlRFVENSdFBmdHluZnJnY0JOcWtDdzhod2M4UgoyMzAyNmM4NVFFbFU4TkdvR09uSGVCWHlSOERTZE4rNndTL1g5aEw5UU9VQTYwNk1aNG9qaktJUE1LQThCNVdDCndrM1llWkFRakhPcmxPTGNUVzNkL0pRSEQ5ZWFNejB3RnI5QmV5eDdwajhlT0FaU0tPT1dLanU4VlB5aUxvK2YKdzRtbXo0OGtzWHNhcGVRZzNHMWFtNi9CT3VzWmxUNHVyc1JxVUhFU1lzaGRFT29MUTRmanoyTml3eEc1VVFMVApTWXg2VE9mSGRRdTFFSENHNzBud0NNU0VMZVZzN2gyc2FQd1g2Rk9XTzg0UUxheXF4bW1YSVY0eGFUeitIUUhtClJ5SURXMm9zWnVYZEVieXNNZ0NFcWRSeklyR0Fjam9ZdlBmOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==server: https://10.32.1.147:6443name: kubernetes
contexts:
- context:cluster: kubernetesuser: dashboard-adminname: dashboard-admin@kubernetes
current-context: ""
kind: Config
preferences: {}
users:
- name: dashboard-adminuser:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjNQeTlIRF96Rk4yV09iSC1FNG4zeGR0X19VQThPSlNlbEpUeTlfcDRpakUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1keHFxcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBmMzcxZDRhLTg5OWQtNGY4My05OTgwLWNkYzE4OTRiMGViYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.jjn9uz-DKUWxS9qfB41rnUoyk0SVtODBW5y8NEskhElU0KSMj487kc3yBbPLqNQPUgrmA27JK_M9PvYwrUJfLZfxkLtr7cquXXmrUcqXrt3Vr-BkNaExAiUFPYYLXPlUAB8J3lGnY4f1J_dxkxLR-OcyEiC--5eOtUKia1WhrENEwQH1Me4iKcWJSOvJeq7fisgLDVGIjHbg3Iz7PaRHWC5TZ5W-05BkuxtScZDwFS7MItfFicfkGM_SFEEQ5Mg_mDoNArJwP_16quG79eei17n7Av73e41CO7fmyk4fMpnyn-oFfa447D9qWBNbI86ou4Z4B-8GP3Lf4ZyyLnJm9w3.4、切换context
切换context的current-context是dashboard-admin@kubernetes
[root@master pki]# kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/dashboard-admin.conf
Switched to context "dashboard-admin@kubernetes".
将/root/dashboard-admin.conf文件下载下来
[root@master pki]# cat /root/dashboard-admin.conf
apiVersion: v1
clusters:
- cluster:certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ETXdOakE1TVRNMU1sb1hEVE16TURNd016QTVNVE0xTWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTmVnCmNFYUZuTkNVd0hrT3ltOHQ2MlRsUmtxb1VvT1pzdFpIbjdWK3g4dnQxVlR2SldaRkV3YXphNGU1M0FxQUNVaHQKeDVyZksvcGN3T01yR085dk95TU9EMFkza1NYWVR1TDBpUVloRlNZMDVaT0tUdkI3UG5Wb3BueURqRXVBMU80Tgp2TFowZ1RVaWhoMTg2WEtQaGV2T2djMjErU2d5TCtXOHgxQjFoYWtFWFFGc3U2a3ZvWGFnMUU4VVQ2TjZUejJECkJ5MHRqQjNBU3ZuV3hzRHNiSmpLVytIbGhkL2c4dlBURFd5S24rQkdWeWMyb1A1Zkk1T0ZYR0NlVkVTWHUvb0IKNDNsOGQ1SHBvdUY4OTJhRmJjRWc3T0gvTVliS0REOXdYdEdQNXN2a1NNd2x4Z3Y1RUh6MjBKRzNXWlNtQjdFQgpxTHljQzJPeEdiVndQWDIwMGZrQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCNW00N2V0aEErRkhmZ3orZVhtM0pZSkJwNmVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCdlgxWDEra3RZMHFaeEJQNjgvZjZoVlRFVENSdFBmdHluZnJnY0JOcWtDdzhod2M4UgoyMzAyNmM4NVFFbFU4TkdvR09uSGVCWHlSOERTZE4rNndTL1g5aEw5UU9VQTYwNk1aNG9qaktJUE1LQThCNVdDCndrM1llWkFRakhPcmxPTGNUVzNkL0pRSEQ5ZWFNejB3RnI5QmV5eDdwajhlT0FaU0tPT1dLanU4VlB5aUxvK2YKdzRtbXo0OGtzWHNhcGVRZzNHMWFtNi9CT3VzWmxUNHVyc1JxVUhFU1lzaGRFT29MUTRmanoyTml3eEc1VVFMVApTWXg2VE9mSGRRdTFFSENHNzBud0NNU0VMZVZzN2gyc2FQd1g2Rk9XTzg0UUxheXF4bW1YSVY0eGFUeitIUUhtClJ5SURXMm9zWnVYZEVieXNNZ0NFcWRSeklyR0Fjam9ZdlBmOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==server: https://10.32.1.147:6443name: kubernetes
contexts:
- context:cluster: kubernetesuser: dashboard-adminname: dashboard-admin@kubernetes
current-context: dashboard-admin@kubernetes
kind: Config
preferences: {}
users:
- name: dashboard-adminuser:token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjNQeTlIRF96Rk4yV09iSC1FNG4zeGR0X19VQThPSlNlbEpUeTlfcDRpakUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1keHFxcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjBmMzcxZDRhLTg5OWQtNGY4My05OTgwLWNkYzE4OTRiMGViYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.jjn9uz-DKUWxS9qfB41rnUoyk0SVtODBW5y8NEskhElU0KSMj487kc3yBbPLqNQPUgrmA27JK_M9PvYwrUJfLZfxkLtr7cquXXmrUcqXrt3Vr-BkNaExAiUFPYYLXPlUAB8J3lGnY4f1J_dxkxLR-OcyEiC--5eOtUKia1WhrENEwQH1Me4iKcWJSOvJeq7fisgLDVGIjHbg3Iz7PaRHWC5TZ5W-05BkuxtScZDwFS7MItfFicfkGM_SFEEQ5Mg_mDoNArJwP_16quG79eei17n7Av73e41CO7fmyk4fMpnyn-oFfa447D9qWBNbI86ou4Z4B-8GP3Lf4ZyyLnJm9w
3.5、导入dashboard-admin.conf文件
四、通过kubernetes-dashboard创建容器
点开右上角红色箭头标注的 “+”,如下图所示:
选择Create from form
注:表单中创建pod时没有创建nodeport的选项,会自动创建在30000+以上的端口。
上面箭头标注的地方填写之后点击Deploy即可完成Pod的创建,如下:
访问:http://10.32.1.147:32282/
关于port、targetport、nodeport的说明:
- nodeport是集群外流量访问集群内服务的端口,比如客户访问nginx,apache,
- port是集群内的pod互相通信用的端口类型,比如nginx访问mysql,而mysql是不需要让客户访问到的,port是service的的端口
- targetport目标端口,也就是最终端口,也就是pod的端口。
