K8S|mac下k8s管理之dashboard的配置及使用(一)

之前介绍了mac下k8s环境的快速搭建,这时已经有一个真实可用的k8s环境了,可以进行各种测试,学习k8s功能强大且常用的kubectl的使用.
但是在现代社会,图形化,Web化才是真正提升能力的价值所在.今天我们就安装一下k8s的黄金搭档:Kubernetes Dashboard.
官方地址:
https://github.com/kubernetes/dashboard

开工

dashboard版本我们用当前最新的2.0.0
直接通过在线yml安装(kubectl用法之一)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
The connection to the server raw.githubusercontent.com was refused - did you specify the right host or port?

what? 连不上github? 哦,对,这个地址,不让访问.我下载了,放公众号后台了,有需要,直接后台回复:dashboard获取吧

kubectl apply -f dashboard.yml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
error: error validating "dashboard.yml": error validating data: [ValidationError(Namespace.spec): unknown field "replicas" in io.k8s.api.core.v1.NamespaceSpec, ValidationError(Namespace.spec): unknown field "revisionHistoryLimit" in io.k8s.api.core.v1.NamespaceSpec, ValidationError(Namespace.spec): unknown field "selector" in io.k8s.api.core.v1.NamespaceSpec, ValidationError(Namespace.spec): unknown field "template" in io.k8s.api.core.v1.NamespaceSpec]; if you choose to ignore these errors, turn validation off with --validate=false

临时访问

正常跑在k8s集群的服务在集群外都是不能直接访问的.借助kubectl proxy是临时取巧的办法,毕竟先吃上猪肉再聊哪块儿猪肉好吃

kubectl proxy
Starting to serve on 127.0.0.1:8001

访问dashboard打开地址
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

获取token

从上图可以得知登陆k8s dashboard的两种方法:Token,Kubeconfig.Token传递就比较麻烦,通过文件登陆更是想都不要想,所以,我们还是以Token登陆,后面我们会提到,怎样Token都不用输入,怎样通过用户名和密码认证.

kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}'

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLWYyZjRqIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYWQ2OGNkMi1lZjcwLTQ0MzQtYTkzMS03YjBmNjkxNDkzNzIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGVmYXVsdCJ9.yKGC3G6WlZMb_tkaekHvOOAptDzIH5N1QxgNB9rKCa4tHw6SmqdYw_sWBRW60pM0PTAxFVXj6qyyGEn8jB_hEdqCZNM9VDj4FjB0zg2y3YamDm6Twjsqn3U3ZLgV062D8Ik9BtKNRyNfYuT6GdTVWH5FpvP_dkxgoAvJj-1CqCsO1RLOHpSNgYoKlalj1xXcaAIwKr6AzyepD8LTpbMxAPKoA8D2kkwOjRbQS45vXf-Eq2XTDVJWEdn-U3mpX4pr9ddcp5oTxflb3k7YqQnNjq_mbVPHFv6GRe2ButnfmASYK4tvdgfDzOJXAZ0hdntplySvQtgJNkvIMdmTJT1PSg

将上面获取的一大串字符,复制到输入框就可以了,我上图已经输入完了,点登陆

终见庐山


至此,就可以在dashboard里,愉快的玩耍了
下一篇:怎样可以不用记录那么一大长串Token

注意:当前权限比较大,遇到删除相关的操作,不清楚不要执行


相关博文

About rainbird

IOS攻城狮
This entry was posted in K8S and tagged , , , , , , , , . Bookmark the permalink.

发表评论