00000238
Kubernetes Dashboard是Kubernetes官方推出的基础Web UI,用于集群资源的可视化管理,旨在降低K8s使用门槛,适合入门级用户或小型集群的日常运维。
GitHub:https://github.com/kubernetes/dashboard
核心功能
| 功能类别 | 具体描述 |
|---|---|
资源管理 |
查看/编辑Pod、Deployment、Service、ConfigMap、Secret等资源的YAML配置; 执行重启Pod、扩缩容Deployment等操作。 |
命名空间隔离 |
按命名空间过滤资源视图,支持快速切换命名空间。 |
简单监控 |
展示Pod的CPU/内存使用率(基于 |
日志与终端 |
查看Pod实时日志(支持关键词过滤); 进入容器终端(类似 |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh && ./get_helm.sh # 验证安装 helm version
# 添加Helm仓库
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm search repo kubernetes-dashboard
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
# 输出如下
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************
Congratulations! You have just installed Kubernetes Dashboard in your cluster.
To access Dashboard run:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
NOTE: In case port-forward command does not work, make sure that kong service name is correct.
Check the services in Kubernetes Dashboard namespace using:
kubectl -n kubernetes-dashboard get svc
Dashboard will be available at:
https://localhost:8443
# 由于需要下载镜像,需要多等一会10分钟左右
# 如果下载镜像不成功,则下载下面文件 解压,修改values.yaml和./charts/kong/values.yaml中镜像地址即可
https://github.com/kubernetes/dashboard/releases/download/kubernetes-dashboard-7.14.0/kubernetes-dashboard-7.14.0.tgz
# 然后,使用本地目录路径进行部署
helm upgrade --install kubernetes-dashboard ./kubernetes-dashboard \
--create-namespace \
--namespace kubernetes-dashboard
# 清理环境
helm uninstall kubernetes-dashboard -n kubernetes-dashboard
# 删除单个Pod(替换<POD_NAME>为实际名称,如kubernetes-dashboard-kong-64cf57d75d-skfjr)
kubectl delete pod <POD_NAME> -n kubernetes-dashboard --grace-period=0 --force
# dashboard-svc-NodePort.yaml
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard-kong-nodeport # 新Service名称(避免冲突)
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- name: https # 命名(可选,建议用https)
port: 443 # 与原Service的port一致(集群内访问端口)
targetPort: 8443 # 与原Service的targetPort一致(Pod实际端口,示例为8443,需按实际修改)
nodePort: 30443 # 节点暴露端口(30000-32767范围,用户指定30443)
protocol: TCP
selector:
app.kubernetes.io/instance: kubernetes-dashboard # 与原Service的selector完全一致(必须!)
# 应用svc
kubectl apply -f dashboard-svc-NodePort.yaml
# 解决权限不足方案使用token方案登录及dashboard基础使用 # 1. 创建Service Account(SA) [root@k8s-master-01 ~]# kubectl create serviceaccount super-admin -n kube-system # 2. 绑定cluster-admin角色(关键权限赋予) [root@k8s-master-01 ~]# kubectl create clusterrolebinding super-admin-binding \ --clusterrole=cluster-admin \ --serviceaccount=kube-system:super-admin \ --namespace=kube-system # 3. 生成Token(身份验证凭证) [root@k8s-master-01 ~]# kubectl -n kube-system create token super-admin --duration=87600h eyJhbGciOiJSUzI1NiIsImtpZCI6Ilk0bTFMNVVlTUEtc3ZhX1FqcHo3blc4QnluVWlubnlWSVB6bUZtRnJPUzgifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLnd5YXN3LmNvbSJdLCJleHAiOjIwODQ3MTIzODAsImlhdCI6MTc2OTM1MjM4MCwiaXNzIjoiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLnd5YXN3LmNvbSIsImp0aSI6ImFlMzk5MmNmLWQxY2MtNDZhMS04ZGU3LTM5ZTFkYzI2MjJkNCIsImt1YmVybmV0ZXMuaW8iOnsibmFtZXNwYWNlIjoia3ViZS1zeXN0ZW0iLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoic3VwZXItYWRtaW4iLCJ1aWQiOiIxMzUxMzM4Yi00OWEyLTQwMDAtYTI0NC1lNzg3MjFkOGEwM2YifX0sIm5iZiI6MTc2OTM1MjM4MCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOnN1cGVyLWFkbWluIn0.KiXqisgjFGDPKQhJE2voImOEUqp610D5WMF6voKhvBvGH4BtHiMqJn-fW2X8Kl0NtERvIsQwy2QLESdnCJ0Hf6Eg8_vWMZ8WsH8don_N-LhZK0k5SBS8zpC2TPTEh2lI-Z7FhmVSlRjSYcWevuvKCWIMt9aPTzzYpJ9iqchD-pFic8iXQeNn61XQO9fLDaicTQdeUDGjeUWsEsLHc4q1fdyB31SaIc-MJ6eAYgBA6ibcB-Zksfa9JvECnEYhsZOe35giDvcYb2OkqQx3otu9N3E9IdVKLay221DyykFsGzltggZRqmTt3-isciYYGo2A5hyQjmcyg6XJvQyNAYJWHQ
# 访问 https://192.168.1.231:30443 # 输入上面生成的token进行集群添加。