series of articles
Chapter 1: Getting Started with ✨k8s: Bare Metal Deployment of k8s Clusters Chapter 2 :
Getting Started with ✨K8s : Deploying Applications to K8s Clusters :✨Getting started with k8s: Storage (storage) Chapter 6: ✨K8S configuration storageclass Use nfs to dynamically claim local disk space Chapter 7: ✨K8s getting started: Configuring ConfigMap & Secret Chapter 8: ✨K8s getting started: K8s getting started: Helm construction MySQL Chapter 9: Getting Started with k8s: kubernetes-dashboard Installation Chapter 10: Getting Started with k8s: kube-prometheus-stack Family Bucket Construction (Grafana + Prometheus)
Article directory
Reference: https://blog.csdn.net/u013068377/article/details/106673434/
k8s official website: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
1. Introduction
Dashboard is a web-based user interface for Kubernetes. You can use Dashboard to deploy containerized applications to Kubernetes clusters, troubleshoot containerized applications, and manage cluster resources. You can use the Dashboard to get an overview of the applications running on the cluster, and to create or modify individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc.). For example, you can use the deployment wizard to scale out a deployment, initiate a rolling update, restart a pod, or deploy a new application.
The dashboard also provides information about the status of the Kubernetes resources in the cluster and any errors that may have occurred.
2. Install kubernetes-dashboard
Use the deploy/recommended.yaml list provided by the official website to install kubernetes-dashboard, or use Helm to install, refer to the Artifact Hub address: https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard
1. Download the configuration file
You can use the following command to download recommended.yaml to modify the default configuration
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
The default configuration installs kubernetes-dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
2. Modify the default configuration
Modify the service of kubernetes-dashboard, and specify the nodePort port as 18443
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 18443
selector:
k8s-app: kubernetes-dashboard
3. Install kubernetes-dashboard
[root@master dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
4. Access the web
Access the specified port 18443, the IP of the master node is 192.168.25.100, then the access address: https://192.168.25.100:18443/
5. Get the token
K8S has two types of users: User and Service Account. User is used by people, and Service Account is used by processes, so that processes have relevant permissions. Dashboard is a process, so we can create a Service Account for it
kubectl get serviceaccount -n kubernetes-dashboard
kubectl describe serviceaccount/kubernetes-dashboard -n kubernetes-dashboard
kubectl get secret -n kubernetes-dashboard
kubectl describe secret/kubernetes-dashboard-token-28jqz -n kubernetes-dashboard
As follows, the above command can be simplified to one command ( kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard | awk '{print $1}')
)
6. Test login
Use the queried token to log in to the kubernetes dashboard, and the login is successful.
The reason for the above problem is that the kubernetes-dashboard account has insufficient role permissions.
7. Create a new user
To create dashboard-adminuser.yaml, please refer to: https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
cat > dashboard-adminuser.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
Create login user
[root@master dashboard]# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
Description: A service account called admin-user is created above, placed in the kubernetes-dashboard namespace, and the cluster-admin role is bound to the admin-user account, so that the admin-user account has administrator privileges . By default, the cluster-admin role has been created when kubeadm creates a cluster, and we can bind it directly.
View the token of the admin-user account
[root@master dashboard]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-6wkxr
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: a90464fd-83bb-4435-90ee-c59493b81889
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InhGU29vbVM3TG90R1NzTzZfT2VlTUVWZTIySXlGbHZxUW5laVZ5T29lRTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZ3a3hyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhOTA0NjRmZC04M2JiLTQ0MzUtOTBlZS1jNTk0OTNiODE4ODkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.gaqvh1E1yH0SmKT-cDhzGOl_-g5aZmiH7SuRLXuAnIdBRAhC1dYFFqmkUenspepRb4zkMX0vojYjq0twGKAP3IAI4h0H24QVXhOBMiMWH1IyZdprZ32K3j2egdCuRkb3BEwm1M0zR8XZlLZRI-__Hl5QCntNwO6Lh21nmRx-f9rG1T-omGSWiZnRn4ZW0kS0N0sunAYFfsRWNKh6Pnd3WzfNqa3rBNaULOeDStlL1DfcO_fhqWbeuWWwnA66Q7fX7Xa3oP5qymt-C_lvM_hod8N3TVzVKY2ToiqMPmGAflQoHf4P-iYdH2sG38_hYM0LJvpmy8zdVvZSo9LNBHsEeQ
Log out and log in again using the token of the admin-user service account
8. Set the token expiration time
Use token to log in to kubernetes-dashboard. The default token authentication time is 900s/15 minutes. It is very troublesome to log in again if it fails. Add the following ( - --token-ttl=604800
unit s) parameter to modify the token expiration time to 7 days. The kubernetes-dashboard platform can use the following methods, you can also choose to modify the recommended.yaml file and apply it again
step:
- Select
kubernetes-dashboard
Namespace - edit
deployment/kubernetes-dashboard
configuration file - Add
- --token-ttl=604800
(unit s) at the corresponding position - Click to update to take effect