前言

    Kubernetes dashboard控制台是一个网页版的控制台,虽然好用,但实际上,我更加推荐使用Lens,这也是我目前正在使用的工具,Lens目前是市场上相对来说最强大的 Kubernetes IDE,它是一个独立的应用程序,可在 macOS、Windows 和 Linux 上使用。特别是有多个集群的时候,它的优点会更加明显,管理起来非常的方便。

Lens 地址:https://docs.k8slens.dev/main/getting-started/

回到正题,本文同样基于AliyunContainerService提供的k8s-for-docker-desktop项目,使用的版本为v1.22.4。

部署Kubernetes dashboard

1,克隆代码,并切换分支到v1.22.4,最好用kubernetes对应版本的分支中kubernetes-dashboard.yaml文件,否则可能存在一些兼容问题

1
2
3
git clone https://github.com/AliyunContainerService/k8s-for-docker-desktop.git
cd k8s-for-docker-desktop
git checkout v1.22.4

2,部署 Kubernetes dashboard

1
kubectl apply -f kubernetes-dashboard.yaml

输出:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

3,检查 kubernetes-dashboard 应用状态

1
kubectl get pod -n kubernetes-dashboard

输出:

1
2
3
NAME                                        READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-c45b7869d-fd49v   1/1     Running   0          3m25s
kubernetes-dashboard-576cb95f94-qbqtz       1/1     Running   0          3m25s

4,以上应用都启动正常后,开启 API Server 访问代理

1
kubectl proxy

代理开启后,通过如下 URL 访问 Kubernetes dashboard:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Kubernetes dashboard 登录页

配置控制台访问令牌

1,权限相关配置与版本没多少关系,是公共的,所以相关文件都在master分支:

1
2
git checkout master
kubectl apply -f kube-system-default.yaml

输出:

1
2
clusterrolebinding.rbac.authorization.k8s.io/kube-system-default created
secret/default created

2,获取令牌

1
2
3
TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
kubectl config set-credentials docker-desktop --token="${TOKEN}"
echo $TOKEN

copy,使用token登录即可。

附件:

  • kube-system-default.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kube-system-default
  labels:
    k8s-app: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: kube-system

---

apiVersion: v1
kind: Secret
metadata:
  name: default
  namespace: kube-system
  labels:
    k8s-app: kube-system
  annotations:
    kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token