部署Kubernetes仪表盘，并尝试登录

1 年 ago

韵, 科

2 minutes

首先

在学习K8s时，因为对于DashBord的登录方法稍微有些困惑，所以我记录下来备忘。

环境

本次，我们使用Docker Desktop（mac）的Kubernetes集成在本地部署了Kubernetes。版本如下所示。

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T21:16:14Z", GoVersion:"go1.16.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

将KubeDashBord部署

执行以下操作：
执行后，将创建一个新的命名空间，并部署所需的资源到仪表盘上。

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
#上記の実行結果
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created

暂时使用get功能确认一下。看起来运行正常。

$ kubectl get pod,deploy,svc,secret,cm,role -n kubernetes-dashboard 
#結果
NAME                                             READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-7b59f7d4df-6tg9d   1/1     Running   0          5m14s
pod/kubernetes-dashboard-74d688b6bc-7b5jp        1/1     Running   0          5m14s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           5m14s
deployment.apps/kubernetes-dashboard        1/1     1            1           5m14s

NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/dashboard-metrics-scraper   ClusterIP   10.109.49.245    <none>        8000/TCP   5m14s
service/kubernetes-dashboard        ClusterIP   10.101.211.202   <none>        443/TCP    5m14s

NAME                                      TYPE                                  DATA   AGE
secret/default-token-w2lr4                kubernetes.io/service-account-token   3      5m14s
secret/kubernetes-dashboard-certs         Opaque                                0      5m14s
secret/kubernetes-dashboard-csrf          Opaque                                1      5m14s
secret/kubernetes-dashboard-key-holder    Opaque                                2      5m14s
secret/kubernetes-dashboard-token-k2scs   kubernetes.io/service-account-token   3      5m14s

NAME                                      DATA   AGE
configmap/kubernetes-dashboard-settings   0      5m14s

NAME                                                  CREATED AT
role.rbac.authorization.k8s.io/kubernetes-dashboard   2021-05-08T15:07:39Z

尝试登录Kubernetes仪表盘。

我将尝试访问仪表板。
通过以下命令启动代理服务器并从浏览器访问仪表板。

$ kubectl proxy

顺便说一下，好像有一个名为kubernetes-dashboard-token-k2scs的秘密存在。(我正在使用上述的kubect get …进行确认。) 我会尝试确认一下内容。

kubectl describe secret kubernetes-dashboard-token-k2scs -n kubernetes-dashboard 
#結果
Name:         kubernetes-dashboard-token-k2scs
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 5c9c0022-f970-430b-8cf8-d9b4cb59ea1a

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      /*ここにトークンが表示されます*/

我发现了一种类似令牌的东西。
顺便提一下，你可以使用kubectl get secret kubernetes-dashboard-token-k2scs -n kubernetes-dashboard -o yaml命令获取令牌，但是你需要使用echo /*获取的令牌*/ | base64 -D来解码。

最后一个

暫時已經成功登入，但似乎需要創建一個權限限制較嚴格的角色。