Quickly deploy the K8s dashboard to help manage it easily!

https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/

Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy container applications to Kubernetes clusters, troubleshoot container applications, and manage cluster resources. You can use the Dashboard to get an overview of the applications running in the cluster, and you can also create or modify Kubernetes resources (such as Deployment, Job, DaemonSet, etc.). For example, you can autoscale a Deployment, initiate a rolling upgrade, restart a Pod, or use a wizard to create a new application.

Dashboard also displays resource status information and all error messages in the Kubernetes cluster.

1 Deploy Dashboard UI

Dashboard is not deployed by default.

1.1 yaml download

Download this yaml first, because we still need to modify it:

[root@icv-k8s-node-1 home]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
--2023-06-30 15:51:42--  https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7621 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’

100%[=========================================================>] 7,621       --.-K/s   in 0.002s  

2023-06-30 15:51:43 (3.88 MB/s) - ‘recommended.yaml’ saved [7621/7621]

[root@icv-k8s-node-1 home]# 

Query 443, default content:

In this way, we cannot directly access it through an external browser. Modify as follows:

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard

1.2 deployment

[root@icv-k8s-node-1 home]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@icv-k8s-node-1 home]# 

View pods:

kubectl get pod -A is a Kubernetes command that lists all running Pods in the cluster, regardless of which namespace they belong to:

• kubectl: A command-line tool for interacting with Kubernetes clusters
• get: Specifies that we want to get information about a resource
• pod: the type of resource we want to get information about
• -A or --all-namespaces: Specifies that the command is executed in all namespaces, not just the current namespace

[root@icv-k8s-node-1 home]# kubectl get pod -A

[root@icv-k8s-node-1 home]# kubectl get svc -A
NAMESPACE              NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default                edge-nginx                  ClusterIP   10.106.187.202   <none>        88/TCP                   101m
default                javaedge-nginx              NodePort    10.109.194.31    <none>        90:31104/TCP             108m
default                kubernetes                  ClusterIP   10.96.0.1        <none>        443/TCP                  23h
default                nginx-deployment            NodePort    10.110.49.229    <none>        89:32158/TCP             41m
kube-system            kube-dns                    ClusterIP   10.96.0.10       <none>        53/UDP,53/TCP,9153/TCP   23h
kubernetes-dashboard   dashboard-metrics-scraper   ClusterIP   10.106.145.20    <none>        8000/TCP                 5m3s
kubernetes-dashboard   kubernetes-dashboard        NodePort    10.99.210.194    <none>        443:31902/TCP            5m4s
[root@icv-k8s-node-1 home]# 

2 Access the Dashboard user interface

In the previous section, we saw that the dashboard pod was mapped to port 31902, so we must access it through it. Note that it must be HTTPS:

If you use HTTP, you can only see the big black border:

To protect cluster data, Dashboard is deployed with minimal RBAC configuration by default. Dashboard only supports login with Bearer tokens.

create token

# 创建 dashboard-admin ⽤户
[root@icv-k8s-node-1 home]# kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard

serviceaccount/dashboard-admin created
# 绑定 clusterrolebinding 授权
[root@icv-k8s-node-1 home]# kubectl create clusterrolebinding dashboard-admin-rb --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin

clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-rb created
# 创建token文件
[root@icv-k8s-node-1 home]# 

Corresponding to yaml:

apiVersion: v1
kind: Secret
metadata:
  name: dashboard-admin-secret
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: dashboard-admin
type: kubernetes.io/service-account-token

# 运行并获得token
[root@icv-k8s-node-1 home]# kubectl apply -f admin-token.yaml
secret/dashboard-admin-secret created
[root@icv-k8s-node-1 home]# kubectl describe secret dashboard-admin-secret -n kubernetes-dashboard
Name:         dashboard-admin-secret
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 4260320b-200b-4189-97ce-c30ac6a3445f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ind4ZzJfQkVWaFdfWUtqSWo5VlRYQVViblBnZkwybXpMVlZqT1M3OGhvd3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tc2VjcmV0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQyNjAzMjBiLTIwMGItNDE4OS05N2NlLWMzMGFjNmEzNDQ1ZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDpkYXNoYm9hcmQtYWRtaW4ifQ.vw9oyPTb_646Dfs-6wR9_3o0rMQEmUZ0Ytx3rOJCMuCscN2Mm2fTHmWyvVo9_mDRqNhspBTj_noONoWcNId8Uj0GmVLpqwHNeKpINFI9UH39LlLV1y4QVaZ7O0i8jDVAC7msfozKA9F0TcQev5oK0MkDmbGC5JqTvDlgXCvbJotbBXfjZesGGwUS8O-RMvkFSf_ZIjjhMkYT3IuU8H9VinRAUH7GMefvNPq_zzPL6AsMIMosO4rrwsTm6OSJaKYsAdatusik8Fv-yFYI5CyEwnFGdiQIyXcSlK6wimqv1U142_nyNg9y_jv4lk02de9FBiQtWmuYg80dqw42lG38sA
[root@icv-k8s-node-1 home]# 

Now enter the token and you will be logged in successfully.

command line agent

You can use kubectlthe command line tool to enable Dashboard access, the command is as follows:

kubectl proxy

kubectl will make Dashboard accessible via http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.

The UI can only be accessed from the machine executing this command. See for more options kubectl proxy --help.

illustrate:

The Kubeconfig authentication method does not support external identity providers or x509 certificate based authentication.

3 Welcome screen

When accessing the Dashboard of an empty cluster, you will see the welcome screen. The page contains a link to this documentation, and a button to deploy the first application. kube-system Additionally, you can see which default system apps run in the namespace by default , such as Dashboard itself.

4 Deploy containerized applications

Through a simple deployment wizard, you can use Dashboard to create and deploy containerized applications as a Deployment and optionally a Service. You can manually specify the detailed configuration of the application, or upload a YAML or JSON_MANIFEST_file containing the application configuration.

Click the CREATE button in the upper right corner of any page to get started.

Specify the detailed configuration of the application

The deployment wizard requires you to provide the following information:

• Application name (required): The name of the application. A tag应用名称 with content will be added to any Deployments and Services that will be deployed.

  Application names must be unique within the selected Kubernetes namespace . Must start with a lowercase letter, end with a number or a lowercase letter, and contain only lowercase letters, numbers, and a dash (-). Less than or equal to 24 characters. Leading and trailing spaces are ignored.

• Container image (required): The URL of a Docker container image on a public registry or a private registry (usually Google Container Registry or Docker Hub). Container image parameter descriptions must end with a colon.

• Number of Pods (required): The number of Pods you want the application to deploy to. Value must be a positive integer.

  The system will create a Deployment to ensure the expected number of Pods running in the cluster.

• Service (optional): For some applications (such as the front end), you may want to expose a Service to the outside world . This Service may use a public IP address outside the cluster (external Service).

  illustrate:

  For external services, you may need to open one or more ports.

  Other services that can only be seen inside the cluster are called internal services.

  Regardless of the Service type, if you choose to create a Service, and the container opens listening (incoming) on ​​a port, then you need to define two ports. The created Service will map the (incoming) port to the target port visible to the container. The Service will route traffic to your deployed Pods. Support TCP protocol and UDP protocol. The internal DNS resolution name of this Service is the value of the application name you defined earlier.

If needed, you can open the Advanced Options section, here you can define more settings:

• Description : The text you enter here will be added to the Deployment as a comment and displayed in the application details.

• Label : The default label used by the application is the application name and version. You can define additional labels for Deployment, Service (if any), such as release (version), environment (environment), tier (level), partition (partition) and release track (version tracking).

  example:

  release=1.0
  tier=frontend
  environment=pod
  track=stable
  

• Namespace : Kubernetes supports multiple virtual clusters attached to the same physical cluster. These virtual clusters are called namespaces and allow you to divide resources into logically named groups.

  The Dashboard provides a drop-down menu of all available namespaces and allows you to create new ones. Namespace names can contain up to 63 letters or numbers and dashes (-), but cannot contain uppercase letters.

  Namespace names cannot contain only numbers. If the name is set to a number, such as 10, the pod will

  If the namespace is created successfully, the newly created namespace will be used by default. If creation fails, the first namespace will be selected.

• Image pulling Secret : If you want to use a private Docker container image, you need to pull the Secret certificate.

  The Dashboard provides a drop-down menu of all available Secrets and allows you to create new ones. Secret names must follow DNS domain name syntax, eg new.image-pull.secret. The content of Secret must be base64 encoded and .dockercfgdeclared in a file. The Secret name can contain up to 253 characters.

  When the image pull Secret is successfully created, the newly created Secret will be used by default. If creation fails, no Secret will be used.

• CPU requirements (number of cores) and memory requirements (MiB) : You can define minimum resource limits for containers . By default, Pods have no CPU and memory constraints.

• Run command and run command arguments : By default, your container will run the default entry command of the Docker image . You can override the default with command options.

• Run in privileged mode : This setting determines whether processes running in privileged containers behave like processes running as root on the host. Privileged containers can use functions such as manipulating the network stack and accessing devices.

• Environment variables : Kubernetes exposes Services through environment variables . You can construct environment variables, or pass the value of an environment variable as an argument to your command. They can be used by applications to find Services. Values ​​can $(VAR_NAME)be associated with other variables via the syntax.

Upload YAML or JSON file

Kubernetes supports declarative configuration. All configurations are stored in manifest files (YAML or JSON configuration files). These manifests use the resource schema defined by the Kubernetes API .

As an alternative to specifying application details in the deployment wizard, you can define your application in one or more manifest files and upload the files using the Dashboard.

5 Using the Dashboard

Kubernetes Dashboard UI views; including what they provide, and how to use them.

navigation

As Kubernetes objects are defined in the cluster, the Dashboard displays them in the initial view. By default only objects in the default namespace are shown, this can be changed by changing the namespace filter in the navigation bar menu.

The Dashboard displays most of the Kubernetes objects and groups them in several menu categories.

Management overview

Views for cluster and namespace management, the Dashboard lists nodes, namespaces and persistent volumes, and has a detailed view of them. The node list view contains metrics for CPU and memory usage aggregated from all nodes. The details view shows a node's metrics, its metrics, status, allocated resources, events and pods running on this node.

load

Displays all running applications in the selected namespace. Views list applications by workload type (for example: Deployment, ReplicaSet, StatefulSet), and each workload can be viewed individually. Lists summarize executable information about the workload, such as the number of ready pods in a ReplicaSet, or the current memory usage of a pod.

The detail view of the workload shows the status, details and interrelationships of the objects. For example, Pods controlled by a ReplicaSet, or new ReplicaSets and HorizontalPodAutoscalers associated with a Deployment.

Serve

Demonstrate Kubernetes resources that allow exposure to external services and discovery within the cluster. Thus, the Service and Ingress views show their associated Pods, internal endpoints for cluster connections and external endpoints for external users.

storage

The Storage view shows Persistent Volume Claim (PVC) resources, which are used by applications to store data.

ConfigMaps and Secrets

All Kubernetes resources shown are live configurations of applications running in the cluster. Through this view, configuration objects can be edited and managed, and secrets that are hidden by default can be displayed.

log viewer

Pod list and detail pages can link to Dashboard's built-in log viewer. The viewer can drill down into the logs of different containers belonging to the same Pod.