Introduction to kubernetes-dashboard
There are usually four ways to manage resources in the cluster in kubernetes: command line, YAML, API, and graphical interface. The four different ways are suitable for different groups of people and scenarios. The comparison is as follows:
- Command line kubectl, kubectl provides command line management kubernetes resources
Advantages: easy to use, convenient, and fast management of cluster resources
Disadvantages: relatively limited functions, some operations cannot be supported, and there are certain thresholds
- YAML resource definition, final conversion form in kubernetes, recommended usage
Advantages: complete functions, able to define all objects and resources of kubernetes
Disadvantages: high threshold, requires professional technical ability, difficult to use and troubleshoot
- API management access, providing various programming language SDK interfaces to facilitate the access of various programming language applications
Advantages: Compatible with various programming languages, such as Java, Go, Python, C, etc., convenient for developing kubernetes
Disadvantages: High threshold, suitable for developers
- Graphical kubernetes-dashboard, providing a graphical management interface, can use metric-server to monitor nodes and pods
Advantages: easy to use, convenient, suitable for the public.
Disadvantages: The function is relatively simple, the function is native, and it is suitable for demo
kubernetes-dashboard installation
1. Download the kubernetes-dashboard installation file and apply the YAML resource definition【https://github.com/kubernetes/dashboard】*If it fails, try a few more times
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
The dashboard-related resources are defined in the installation file. You can refer to the YAML file. The resources include:
- kubernetes-dashboard namespace
- ServiceAccount access user
- Service service access application, the default is ClusterIP
- Secrets, which store kubernetes-dashboard-certs, kubernetes-dashboard-csrf, and kubernetes-dashboard-key-holder certificates
- ConfigMap configuration file
- RBAC authentication authorization, including Role, ClusterRole, RoleBinding, ClusterRoleBinding
- Deployments application, kubernetes-dashboard core image, and a dashboard-metrics-scraper integrated with monitoring
2. Verify the installation of resources. The resources of kubernetes-dashbaord are all installed in the kubernetes-dashboard namespace, including Deployments, Services, Secrets, ConfigMap, etc.
kubectl get deployments -n kubernetes-dashboard
kubectl get services -n kubernetes-dashboard
kubectl get secrets -n kubernetes-dashboard
kubectl get configMap -n kubernetes-dashboard
3. After kubernetes-dashbaord is installed, the default service type of kubernetes-dashboard is ClusterIP. In order to access the control panel from the outside, open it as NodePort type
kubectl get services -n kubernetes-dashboard
# ClusterIP-->NodePord
kubectl edit services -n kubernetes-dashboard kubernetes-dashboard
Access address: https://192.168.44.129:30953/
4. In order to protect data security, the cluster has enabled RBAC authentication and authorization by default, and users who need to grant permissions can access the kubernetes cluster, so authorized users need to access the cluster. The role of cluster-admin and related Role, ClusterRole and ClusterRoleBinding roles have been determined, and ServiceAccount can be defined to associate them, as follows:
# vim dashboard-rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
5. Apply RBAC rules, create a happycloudlab user, and associate it with the role of cluster-admin
kubectl apply -f account.yaml
# 查看
kubectl get serviceaccounts -n kubernetes-dashboard
#获取toekn
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1JR1QwNFh1UXM4ZG5MSWh1Q0cxcjZCblhCNVdDSGlmTzgzbjgzZDRFbFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXJrY2J6Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYjkxNWZjMS1hYzkyLTRiNDctODU4OC1lMzIwNGUxOGZlMzQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.R1PRLwxxA2PTbM7-ItTG71EySwT7M_ENEsDLAJ4c7GuWNTC5fYLc6ua5F5yopVa_ZfzoKQrnav8r832iGvvVR_wTF4ZphYUIQDu6x0dYImV1s8ukFR6QjAwnkiu6czLLA2NSm2eigOyU-VxcGIQu f4dj3kM1BLMBhpJFnofLOI0NitgigejgJlHSHA5qVx-Nh8MvhNfcXuI8L1doe1CNwY5MrnAeudVcvpEY2rvExuJ_rgZsUCBeQqvcAjJTWg3oIBmjnn7_d0J6yi5eG39ACyo38Pg93_ZoAWU 2Cph9jIh77TVwJvlVnr8834zfP38PjKdbfChTRgTfBGHPz1rGqA
6. At this time, the kubernetes-dashboard-csrf service will automatically create a Secrets associated with the user name, and log in through the token field. The token is encrypted by base64. After decryption, you can log in and modify the default token authentication expiration
time
The kubernetes-dashboard defaults to 900s/15 minutes after the authentication token reply fails, and you need to log in again for authentication (too troublesome), you can modify the following (24H)
method 1:
kubectl edit deployment kubernetes-dashboard -n kubernetes-dashboard
Method 2
Modify and add --token-ttl=43200
to explore kubernetes-dashboard
kubernetes-dashboard provides native k8s management tools and a convenient visual interface to manage k8s resources using the console. The functions provided by dashboard are relatively native. Enterprises can carry out secondary development through API according to the company's needs to meet the needs. For k8s administrators, the command line or yaml file is generally used.