Shulou(Shulou.com)06/01 Report--

How to deploy kubernates dashboard, I believe that many inexperienced people do not know what to do, so this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Deploy the official default dashboard directly:

Kubectl apply-f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

The official default replica is 1. You can download the official yaml file and deploy it after modification as needed.

Wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

After the deployment is successful, enter the command to view the Pod and you can see that the dashboard has been deployed successfully.

$kubectl-n kube-system get pods

Enter the command to view Service, and you will find that the IP address of dashboard is an automatically assigned Cluster IP address.

$kubectl-n kube-system get svc

Without configuring any network policy, we can start kube-proxy and access it with localhost. You can also modify service to add node port and access it through the IP address of node.

Here I changed type to nodePort and specified port

$kubectl-n kube-system edit svc kubernetes-dashboardapiVersion: v1kind: Servicemetadata: annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion": "v1", "kind": "Service", "metadata": {"annotations": {}, "labels": {"k8s-app": "kubernetes-dashboard"}, "name": "kubernetes-dashboard", "namespace": "kube-system"}, "spec": {"ports": [{"port": 443, "targetPort": 8443}] "selector": {"k8s-app": "kubernetes-dashboard"}} creationTimestamp: "2019-06-25T08:32:58Z" labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system resourceVersion: "131106" selfLink: / api/v1/namespaces/kube-system/services/kubernetes-dashboard uid: d65ea8d9-9723-11e9-beba-08002777dcd3spec: clusterIP: 10.105.212.27 ports:-nodePort: 31195 port: 443protocol: TCP TargetPort: 8443 selector: k8s-app: kubernetes-dashboard sessionAffinity: None type: NodePortstatus: loadBalancer: {}

Save after modification, you can see that the TYPE of service has become NodePort, and the port mapping has been completed.

Use the IP address of the node where the dashboard is located and the port number mapped to the Node to access the Dashboard directly.

Https://192.168.7.87:31195/

Identity authentication

Kubeconfig and token authentication methods are supported when logging in to dashboard, and kubeconfig also depends on the token field, so it is necessary to generate token.

The following two parts explain the two login authentication methods:

Create a kubeconfig file for brand users under the brand namespace

Create a token for the administrator of the cluster (with amdin permissions for all namespaces)

Use kubeconfig

When logging in to dashboard, you can specify the kubeconfig file to authenticate the user's rights. How to generate the kubeconfig file specified when logging in to dashboard, please refer to the kubeconfig file for creating user authentication and authorization.

Notice that there is no token field in our generated kubeconfig file, which needs to be added manually.

For example, we generate a kubeconfig file named brand.kubeconfig for brand users under brand namespace, and append a line of token configuration to this file (how to generate token is described below), as follows:

This allows you to log in to dashboard using the brand.kubeconfig file, and you can only access and manipulate objects under the brand namespace.

Generate token

You need to create an admin user and grant the admin role binding, use the following yaml file to create the admin user and give him administrator privileges, and then you can log in to dashbaord through token, which can be found in dashboard-admin.yaml. In essence, this authentication method is realized by Service Account identity authentication plus Bearer token request API server. Refer to the authentication in Kubernetes.

Kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1beta1metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.iosubjects:- kind: ServiceAccount name: admin namespace: kube-system---apiVersion: v1kind: ServiceAccountmetadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile

Execute a command

$kubectl create-f dashboard-admin.yaml

Execute a command

$kubectl-n kube-system describe secret admin-token-78bfl

Copy token to log in on the login page, and you can enter dashboard as an administrator

You can also extract token directly with the command

$kubectl-n kube-system get secret admin-token-78bfl-o jsonpath= {.data.token} | base64-d after reading the above, do you know how to deploy kubernates dashboard? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.