k8s的dashboard 无法正确获取内容 (大佬看看弟弟) #237
Comments
|
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
|
安装Docker并启用K8S
配置K8S Dashboard UI
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort (1)
ports:
- port: 443
targetPort: 8443
nodePort: 30001 (2)
selector:
k8s-app: kubernetes-dashboard
kubectl apply -f kubernetes-dashboard.yaml
# 执行后的第一行会给出命名空间
kubectl get pods -n kubernetes-dashboard生成Token# 建立sa:service account,dashboard-admin是用户名
kubectl create sa dashboard-admin -n kube-system
# 建立角色绑定关系
kubectl create clusterrolebinding dashboard-admin \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:dashboard-admin
# 生成token,有效期1小时,此处指定一年
kubectl create token dashboard-admin -n kube-system
# kubectl create token --help
# --duration=0s,--duration=31536000s:
eyJhbGciOiJSUzI1NiIsImtpZCI6InYwYm9LZVpSYTZHRHRNUlktZEp5aTBDU3BIQmQ0WldnX0pScWJ6d0U4OTgifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzIzNDY3MTc2LCJpYXQiOjE2OTE5MzExNzYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkYXNoYm9hcmQtYWRtaW4iLCJ1aWQiOiJjOWYxZWE1OS03OTExLTQ1NTAtYWE3Yy0zNmM5Y2JmZTI1NWQifX0sIm5iZiI6MTY5MTkzMTE3Niwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.RqO0IR2pNuSARh0C1cRzLYWmSaj37COgyuPtTTK_2mRIxnLh56bV7MtN_Lbwkf8zoJXCV7EWYgfygL5FBQeIxwEq4T5JFvoU4m9EwZsCJYbpyXY71nIbaXQ3b81S9fotGntSrfUFa-q9HfS8_B2c_KKemYp8BErIYSHmytJFLL6C3O78JjJKqcn5aNQeAjK3VQG_IUTdeWXqkWE-CspaUYEZdPfxOavj4Hn2yPFaTlPN46f3aDnwaqejSrWyVU2D2HHbVolFe7AB3V-uALI3O3Z2UIyB4CC_OGo-OxGYB-bDa0HJ4kMgQS_pWv4EpKcgN9sS18P_kLyOkpsWvmR96A
# 先解除用户绑定,然后删除用户
# kubectl delete clusterrolebinding dashboard-admin -n kube-system && kubectl delete sa dashboard-admin -n kube-system
# 查询用户
kubectl get sa -n kube-system
# 用户详情
kubectl describe sa dashboard-admin -n kube-system访问Web UI
|
脚本执行过程E:\>kubectl apply -f KubernetesDashboardUIV270.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
E:\>kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-657c5d698d-hjdq5 1/1 Running 0 34s
kubernetes-dashboard-589ddd4668-s6rrf 1/1 Running 0 34s
E:\>kubectl create sa dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
E:\>kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
E:\>kubectl create token dashboard-admin -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6Im1nZlcwNEh0clM5VXR3aUctZGZXQ1JFemVHNk1VN0xSbnplajF6OHJ2WGMifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzM0OTk5ODEzLCJpYXQiOjE3MzQ5OTYyMTMsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiYzA4MmY2M2YtNmY1ZC00NGEyLTg3MDktYmNiYWU4NTQ1MjA2Iiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkYXNoYm9hcmQtYWRtaW4iLCJ1aWQiOiI1ZTcxZWQ4Yi05ODA0LTRmMjktYmU2MS0zZWQ1MjI1YzNlNDYifX0sIm5iZiI6MTczNDk5NjIxMywic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.OItQtBSiPPWNk_CMiGDiFFk-jijvvUp3WIYE5KhjSpyA8eTDuETgmVaXNE95DXqbAwwPbRApn3CSPEgDtrkSvEjyrmnim9f_jfqCl0nBqWF4ay00nObML4a6BxR0AtY8mLrDYBb7MQ-h_HIPrb6j6JXY4SkeeNV3HGGW2ZbsosOYhbZ3LO6sraQk07m83WzauZfZsB7496-h5cuPPa4H95CngD7O_j6xZGEdNoVu74QTrbIfDwxgzfhfKkBixt8ulHV5wGUhGCbglMDDAMst3_mU0LlqxW5sQ2_wyAoR8k0Id3XoC1wu6W2N3Twz4-Rnr3R3AeWGtaIQpaPSs6IvYg
E:\>kubectl delete clusterrolebinding dashboard-admin -n kube-system && kubectl delete sa dashboard-admin -n kube-system
Warning: deleting cluster-scoped resources, not scoped to the provided namespace
clusterrolebinding.rbac.authorization.k8s.io "dashboard-admin" deleted
serviceaccount "dashboard-admin" deleted
E:\>kubectl get sa -n kube-system
NAME SECRETS AGE
attachdetach-controller 0 11h
bootstrap-signer 0 11h
certificate-controller 0 11h
clusterrole-aggregation-controller 0 11h
coredns 0 11h
cronjob-controller 0 11h
daemon-set-controller 0 11h
default 0 11h
deployment-controller 0 11h
disruption-controller 0 11h
endpoint-controller 0 11h
endpointslice-controller 0 11h
endpointslicemirroring-controller 0 11h
ephemeral-volume-controller 0 11h
expand-controller 0 11h
generic-garbage-collector 0 11h
horizontal-pod-autoscaler 0 11h
job-controller 0 11h
kube-proxy 0 11h
legacy-service-account-token-cleaner 0 11h
namespace-controller 0 11h
node-controller 0 11h
persistent-volume-binder 0 11h
pod-garbage-collector 0 11h
pv-protection-controller 0 11h
pvc-protection-controller 0 11h
replicaset-controller 0 11h
replication-controller 0 11h
resourcequota-controller 0 11h
root-ca-cert-publisher 0 11h
service-account-controller 0 11h
service-controller 0 11h
statefulset-controller 0 11h
storage-provisioner 0 11h
token-cleaner 0 11h
ttl-after-finished-controller 0 11h
ttl-controller 0 11h
validatingadmissionpolicy-status-controller 0 11h
vpnkit-controller 0 11h
E:\>kubectl describe sa dashboard-admin -n kube-system
Name: dashboard-admin
Namespace: kube-system
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: <none>
Tokens: <none>
Events: <none>KubernetesDashboardUIV270.yaml
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-csrf
namespace: kubernetes-dashboard
type: Opaque
data:
csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-key-holder
namespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-settings
namespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
rules:
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
# Allow Dashboard to get metrics.
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
# Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kubernetes-dashboard
image: registry.aliyuncs.com/google_containers/dashboard:v2.7.0
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
ports:
- port: 8000
targetPort: 8000
selector:
k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: dashboard-metrics-scraper
name: dashboard-metrics-scraper
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: registry.aliyuncs.com/google_containers/metrics-scraper:v1.0.8
ports:
- containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 8000
initialDelaySeconds: 30
timeoutSeconds: 30
volumeMounts:
- mountPath: /tmp
name: tmp-volume
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 2001
serviceAccountName: kubernetes-dashboard
nodeSelector:
"kubernetes.io/os": linux
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
volumes:
- name: tmp-volume
emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dashboard页面:
终端显示: Error while proxying request: context canceled
Chrome控制台报错:
The text was updated successfully, but these errors were encountered: