云原生 | Kubernetes 原生 Dashboard 已升级至 7.10.x 界面更简便、功能更
https://i-blog.csdnimg.cn/img_convert/7742e181d459a59259dbaaee9e995ebf.gif[ 知识是人生的灯塔,只有不断学习,才能照亮前行的门路 ]
Kubernetes Dashboard 7.10.x
大家好,我是 Weiyigeek,今天我们来聊聊怎样在 Kubernetes 集群上安装和使用 Kubernetes Dashboard (原生可视化管理工具)。如果你正在使用或计划在 Kubernetes 上部署应用,那么这个工具绝对值得你深入了解。
Kubernetes Dashboard 是什么?
它是 Kubernetes (原生) 提供的一个基于网页的用户界面,它可以让用户更方便地管理和监控 Kubernetes 集群,通过这个工具,运维和开辟人员不需要记复杂的命令,直接通过可视化界面操作,轻松完成应用部署、资源管理以及集群状态监控等任务,低落了 Kubernetes 的操作门槛,现在版本为 7.10.x 系列,界面更加简便清爽,功能也更增强大。
功能特点
[*]应用管理:支持通过界面创建、更新和删除 Kubernetes 的各种工作负载(如 Pod、Deployment、DaemonSet、StatefulSet 等)。
[*]可视化监控:实时展示集群中资源的运行状态,包括 CPU、内存等使用情况。
[*]错误诊断:快速查看问题资源的日志、变乱和错误,资助用户排查故障。
[*]访问控制:支持设置权限,确保不同用户只能访问或操作本身负责的部分资源。
[*]简化的多容器支持:对多容器的部署和管理提供了更直观的支持。
[*]Ingress 集成:方便设置和管理网络规则,资助用户更简单地设置外部访问。
[*]界面语言:支持英文、中文等多种语言界面,满意不同用户的需求。
实践情况
操作系统:Kylin Linux Advanced Server V10 (Lance)
内核版本: 4.19.90-52.33.v2207.ky10.x86_64
集群版本:Kubernetes v1.28.1 helm 版本: v3.12.3
温馨提示:现在(2025年2月16日 20:59:30)最新版本为 7.10.4 ,但支持的 kubernetes 集群版本为 v1.29+ 以上,为了最大水平兼容 K8S 集群版本,这里我选择安装 7.10.0 版本安装。
https://i-blog.csdnimg.cn/img_convert/28da113443a22e54c69e0522b48d1e5b.png
weiyigeek.top-Kubernetes Dashboard Github Release图
安装最新版本:
# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
安装指定版本:
[*]1.下载Helm Chart图表模板并解压
VERSION=7.10.0
wget https://github.com/kubernetes/dashboard/releases/download/v${VERSION}/kubernetes-dashboard-${VERSION}.tgz
tar -xvf kubernetes-dashboard-${VERSION}.tgz
[*]2.拉取镜像并推送至私有仓库
tee kubernetesui-images.txt <<'EOF'
docker.io/library/kong:3.6
docker.io/kubernetesui/dashboard-api:1.10.1
docker.io/kubernetesui/dashboard-auth:1.2.2
docker.io/kubernetesui/dashboard-metrics-scraper:1.2.1
docker.io/kubernetesui/dashboard-web:1.6.0
EOF
for image in $(cat kubernetesui-images.txt); do
docker pull $image
grep -c "kubernetesui"$image
if [ $? -eq 0 ]; then
docker tag $image harbor.weiyigeek.top/library/${image#*/}
docker push harbor.weiyigeek.top/library/${image#*/}
else
docker tag $image harbor.weiyigeek.top/${image#*/}
docker push harbor.weiyigeek.top/${image#*/}
fi
done
[*]3.修改 values.yaml 文件, 包括其中的镜像所在,此处开启了metrics-scraper和kong插件,特殊留意 kong 镜像所在,若可以正常拉取到 docker.io/library/kong:3.6 镜像,则可以不用修改
app:
mode: 'dashboard'
image:
pullPolicy: IfNotPresent
pullSecrets: []
scheduling:
nodeSelector: {}
security:
csrfKey: ~
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
capabilities:
drop: ["ALL"]
podDisruptionBudget:
enabled: false
minAvailable: 0
maxUnavailable: 0
networkPolicy:
enabled: false
ingressDenyAll: false
spec: {}
labels: {}
annotations: {}
priorityClassName: null
settings:
global:
pinnedResources: []
ingress:
enabled: false
hosts:
- localhost
ingressClassName: internal-nginx
useDefaultIngressClass: false
useDefaultAnnotations: true
pathType: ImplementationSpecific
path: /
issuer:
name: selfsigned
scope: default
tls:
enabled: true
secretName: ""
labels: {}
annotations: {}
tolerations: []
affinity: {}
auth:
role: auth
image:
repository: harbor.weiyigeek.top/library/kubernetesui/dashboard-auth
tag: 1.2.2
scaling:
replicas: 1
revisionHistoryLimit: 10
containers:
ports:
- name: auth
containerPort: 8000
protocol: TCP
args: []
env: []
volumeMounts:
- mountPath: /tmp
name: tmp-volume
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 250m
memory: 400Mi
automountServiceAccountToken: true
volumes:
- name: tmp-volume
emptyDir: {}
nodeSelector: {}
labels: {}
annotations: {}
serviceLabels: {}
serviceAnnotations: {}
api:
role: api
image:
repository: harbor.weiyigeek.top/library/kubernetesui/dashboard-api
tag: 1.10.1
scaling:
replicas: 1
revisionHistoryLimit: 10
containers:
ports:
- name: api
containerPort: 8000
protocol: TCP
args: []
env: []
volumeMounts:
- mountPath: /tmp
name: tmp-volume
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 250m
memory: 400Mi
automountServiceAccountToken: true
volumes:
- name: tmp-volume
emptyDir: {}
nodeSelector: {}
labels: {}
annotations: {}
serviceLabels: {}
serviceAnnotations: {}
web:
role: web
image:
repository: harbor.weiyigeek.top/library/kubernetesui/dashboard-web
tag: 1.6.0
scaling:
replicas: 1
revisionHistoryLimit: 10
containers:
ports:
- name: web
containerPort: 8000
protocol: TCP
args: []
env: []
volumeMounts:
- mountPath: /tmp
name: tmp-volume
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 250m
memory: 400Mi
automountServiceAccountToken: true
volumes:
- name: tmp-volume
emptyDir: {}
nodeSelector: {}
labels: {}
annotations: {}
serviceLabels: {}
serviceAnnotations: {}
metricsScraper:
enabled: true
role: metrics-scraper
image:
repository: harbor.weiyigeek.top/library/kubernetesui/dashboard-metrics-scraper
tag: 1.2.1
scaling:
replicas: 1
revisionHistoryLimit: 10
containers:
ports:
- containerPort: 8000
protocol: TCP
args: []
env: []
volumeMounts:
- mountPath: /tmp
name: tmp-volume
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 250m
memory: 400Mi
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
automountServiceAccountToken: true
volumes:
- name: tmp-volume
emptyDir: {}
nodeSelector: {}
labels: {}
annotations: {}
serviceLabels: {}
serviceAnnotations: {}
metrics-server:
enabled: false
args:
- --kubelet-preferred-address-types=InternalIP
- --kubelet-insecure-tls
kong:
enabled: true
env:
dns_order: LAST,A,CNAME,AAAA,SRV
plugins: 'off'
nginx_worker_processes: 1
ingressController:
enabled: false
manager:
enabled: false
dblessConfig:
configMap: kong-dbless-config
proxy:
type: ClusterIP
http:
enabled: true
[*]4.部署Kubernetes Dashboard,指定上述更改后的values.yaml文件,这里作者安装到 kube-system 定名空间中,你可根据需要安装到指定名称空间下。
helm upgrade k8s-dashboard --namespace kube-system ./kubernetes-dashboard/ -f values.yaml --debug --create-namespace
[*]5.创建Kubernetes Dashboard的访问用户,这里创建一个名为admin-user的用户,作为管理集群的管理用户。
访问权限创建参考文档所在:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
# 1.创建ServiceAccount和ClusterRoleBinding,赋予admin权限
cat <<'EOF' | kubectl apply -f -
# Creating a Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
cat <<'EOF' | kubectl apply -f -
# Creating a ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
# 2.创建token,用于登录Kubernetes Dashboard (注意有效期 24H)
kubectl -n kube-system create token admin-user
eyJhbGciOiJSUzI1........*****......qaONP9w
# 3.为ServiceAccount创建不失效的令牌
cat <<'EOF' | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kube-system
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
EOF
kubectl get secret admin-user -n kube-system -o jsonpath="{.data.token}" | base64 -d使用上述天生的token,登录Kubernetes Dashboard,登录界面如下所示:
https://i-blog.csdnimg.cn/img_convert/d5f017581e1460ed0b24d306514e9519.png
weiyigeek.top-Kubernetes仪表板图
[*]6.创建只读用户,用于查看集群资源信息,主要针对某些情况下,固然你可以细化分指定名称空间下的资源,此处作者是全局可浏览(只读)。
# 创建ServiceAccount、ClusterRole和ClusterRoleBinding,赋予只读权限
cat <<'EOF' | kubectl apply -f -
# Creating a Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: view-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: global-view
rules:
- apiGroups: ["*"] # 匹配所有 API 组
resources: ["*"] # 匹配所有资源
verbs: ["get", "list", "watch"] # 只允许读取操作
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: view-user-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: global-view
subjects:
- kind: ServiceAccount
name: view-user
namespace: kube-system
EOF
# 创建临时访问 token,用于登录Kubernetes Dashboard (注意有效期 24H)
kubectl -n kube-system create token view-user
eyJhbGciOiJSUzI1Ni****M8NEGKuKtWUPz9yjiAWKohWaV3M5tgZQJAQFpLfr0G8F-1dz5-0ZRy0-jy_gbLTDwUgsldlw
[*]7.查看Kubernetes Dashboard服务,以及使用ingress-nginx暴露访问所在,创建 TLS secret 想必大家都会吧此处不再累述,如下所示:
# 查看服务信息
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
k8s-dashboard-kong-proxy ClusterIP 10.96.27.85 <none> 80/TCP,443/TCP 4d7h
k8s-dashboard-kubernetes-dashboard-api ClusterIP 10.96.92.63 <none> 8000/TCP 4d8h
k8s-dashboard-kubernetes-dashboard-auth ClusterIP 10.96.112.178 <none> 8000/TCP 4d8h
k8s-dashboard-kubernetes-dashboard-metrics-scraper ClusterIP 10.96.51.74 <none> 8000/TCP 4d8h
k8s-dashboard-kubernetes-dashboard-web ClusterIP 10.96.17.199 <none> 8000/TCP 4d8h
# 创建ingress规则,暴露访问地址
vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
nginx.ingress.kubernetes.io/client-body-buffer-size: 50m
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-buffer-size: 50m
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s
nginx.ingress.kubernetes.io/proxy-read-timeout: 120s
nginx.ingress.kubernetes.io/proxy-send-timeout: 120s
nginx.ingress.kubernetes.io/rewrite-target: /$2
labels:
app: manager
ref: manager
url: manager.weiyigeek.top
name: manager-sec
namespace: kube-system
spec:
ingressClassName: nginx
rules:
- host: manager.weiyigeek.top
http:
paths:
- backend:
service:
name: k8s-dashboard-kong-proxy
port:
number: 80
path: /dashboard(/|$)(.*)
pathType: ImplementationSpecific
tls:
- hosts:
- manager.weiyigeek.top
secretName: ssl-weiyigeek-top浏览器访问 https://manager.weiyigeek.top/dashboard ,输入 Token 凭据即可访问 Kubernetes Dashboard 7.10.x 管理界面,如下所示:
https://i-blog.csdnimg.cn/img_convert/e6e50cedf4af8196bbb0baadb6a9bcf5.png
weiyigeek.top-K8s Dashboard 7.10.x 管理界面图 管理创建的 Deployment、StatefulSet、DaemonSet 以及 Pods 等资源,如下所示:
https://i-blog.csdnimg.cn/img_convert/f94ab9fc5458d592d8bf57109de51e36.png
weiyigeek.top-资源管理图 至此,实践完毕,盼望此文对大家有所资助。
若文章写得不错,不要吝惜手中转发,点赞、在看,如有疑问的小同伴,可在评论区留言你想法哟
页:
[1]