大师K8S系列-搭建K8S环境和Dashboard

从GitHub以下地址获取对应版本的k8s镜像脚本

https://github.com/AliyunContainerService/k8s-for-docker-desktop/tree/v1.19.2

查看Docker当前版本号

 

 

从zip包中解压，并执行脚本获取镜像

/load_images.sh

开启 Kubernetes，并等待 Kubernetes 开始运行

 

判断k8s运行情况

验证 Kubernetes 集群状态

kubectl cluster-info

kubectl get nodes

 

获取操作界面

https://github.com/kubernetes/dashboard/releases

注意查看兼容性

 

在相关tag下获取对应路径url

https://github.com/kubernetes/dashboard/blob/v2.0.4/aio/deploy/recommended.yaml

 

下载回来修改文件内容

 

主要增加spec下的type ，增加nodePort端口

 

kubectl apply -f kubernetes-dashboard.yaml

 

查看部署的服务

kubectl get svc -n kubernetes-dashboard

准备登陆

 

创建登陆账号，采用Token方式

创建dashboard-adminuser.yaml

 

apiVersion: v1

kind: ServiceAccount

metadata:

  name: admin-user

  namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: admin-user

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: admin-user

  namespace: kubernetes-dashboard

创建登录用户

kubectl apply -f dashboard-adminuser.yaml

说明：上面创建了一个叫admin-user的服务账号，并放在kubernetes-dashboard 命名空间下，并将cluster-admin角色绑定到admin-user账户，这样admin-user账户就有了管理员的权限。默认情况下，kubeadm创建集群时已经创建了cluster-admin角色，我们直接绑定即可。

 

查看登陆token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

获取到token

eyJhbGciOiJSUzI1NiIsImtpZCI6IlBzaloxRFB0azlhXy1QS3NldjdLWFl1UjJnLU9DWEVNUjB0aVAwVXFqRzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZ4NHNnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1OWZlY2ZlNC0xNTJjLTQ0MjEtYTk1NC1iOGM0M2EyZTg4MjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.go-yzT6REAIjCdEV7UJNY5MCLze174JiQnOq3xWRJVUh47RVaLYT-m_npvlIZPVYlAwQ0Z6RDJIBdo7k5_U4xwIGOLBQrv6qYTNyFcpAhwmqmLLVSxfFtkSmEx643l-S-Ghvu19rVlRH8JQmMW86AWNzTbdcOYFbvIwkLQqXDADbylz2-2-RqVCLeV2AfXLwVGrR2YZg2Uqo5VAnNS-1G3Gv4nKBxmm7EOHxcZ_O0kkNiCCah30ZqTUNCHLAMgL4JdPic8k0ov9TYiSDKGzd5f4DRloCBTds3tB_gTuNOTgzrbBwu6JGxlfkO0krWnyjctvhuQkv2W14Ly_7q253aw

 

采用代理的方式登陆

kubectl proxy

登陆地址

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.

 

 

查看基本运行情况

kubectl get pods -n kube-system -o wide

 

默认dashboard登录超时时间是15min，可以为dashboard容器增加-- token-ttl参数自定义超时时间

dashboard超时时间设置

     

          args:

            - --auto-generate-certificates

            - --namespace=kubernetes-dashboard

            - --token-ttl=43200

重新更新配置

kubectl apply -f dashboard-adminuser.yaml