人生第一個 K8s Dashboard ^.^

[文章目录]

1. 起手式 deploy dashboard
   1. 下載 kubernetes-dashboard.yaml
   2. 修改 kubernetes-dashboard.yaml
   3. 建立 kubernetes-dashboard
   4. Create An Authentication Token (RBAC)
      1. Create Service Account
      2. Create ClusterRoleBinding
      3. deploy Account & ClusterRoleBinding
   5. 存取 Dashboard
      1. Bearer Token
      2. 實作 Kubeconfig file

建置完成 K8s 環境後，總是需要有個操作介面，給予管理人員使用。
官方有提供 Dashboard GUI 介面，下面紀錄安裝過程～

起手式 deploy dashboard

我是參考官網資訊頁來建置

下載 kubernetes-dashboard.yaml

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

修改 kubernetes-dashboard.yaml

service type= NodePort

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
    - port: 443
      targetPort: 8443
  #    nodePort: 30001
  type: NodePort    # <<<～～～～
  selector:
    k8s-app: kubernetes-dashboard

建立 kubernetes-dashboard

[afu@dev-k8sm1 ~]$ kc apply -f kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created

Create An Authentication Token (RBAC)

參考官方說明頁

Create Service Account

k8s-dashboard-adminuser.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

Create ClusterRoleBinding

k8s-dashboard-CRB.yml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

deploy Account & ClusterRoleBinding

[afu@dev-k8sm1 ~]$ kc apply -f k8s-dashboard-adminuser.yml -f k8s-dashboard-CRB.yml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

存取 Dashboard

存取網址：https://192.168.100.174:NodePort/

登入 Dashboard 有兩個方式：

1. Kubeconfig：選擇你建立的 kubeconfig 檔案，來設定存取叢集。
2. Token：每個服務帳戶(Service Account)擁有一個持有 Bearer Token 的 Secret，可用來登入儀表板。

Bearer Token

• 請參閱 Configure Access to Multiple Clusters

透過獲取 token ，完成登入認證，可參考官方說明頁
指令：

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | awk '/^token:/{print $2}'

實作 Kubeconfig file

• 請參閱 Authentication

mkdir ansible/k8s/kubeconfig-exercise
cd ansible/k8s/kubeconfig-exercise
vi kubeconfig-demo

apiVersion: v1
kind: Config
preferences: {}

clusters:
- cluster:
  name: TestOCE

users:
- name: admin-user
#- name: experimenter

contexts:
- context:
  name: exp-default
- context:
  name: dev-frontend
- context:
  name: dev-storage

Go to your config-exercise directory.

• Add cluster details to your configuration file:

  $ kubectl config --kubeconfig=kubeconfig-demo set-cluster development --server=https://192.168.100.174 --insecure-skip-tls-verify
  Cluster "development" set.

• Add user details to your configuration file:

  $ kubectl config --kubeconfig=kubeconfig-demo set-credentials admin-user --username=admin --password=ooxxqqpp
  User "admin-user" set.

• Add context details to your configuration file:

  $ kubectl config --kubeconfig=kubeconfig-demo set-context dev-frontend --cluster=TestOCE --namespace=default --user=admin-user
  Context "dev-frontend" modified.
  $ kubectl config --kubeconfig=kubeconfig-demo set-context dev-storage --cluster=TestOCE --namespace=default --user=admin-user
  Context "dev-storage" modified.
  $ kubectl config --kubeconfig=kubeconfig-demo set-context exp-default --cluster=TestOCE --namespace=default --user=admin-user
  Context "exp-default" modified.

• opening the config-demo file, you can use the config view command.

  $ kubectl config --kubeconfig=kubeconfig-demo view
  
  # To see only the configuration information associated with the current context, use the --minify flag.
  $ kubectl config --kubeconfig=kubeconfig-demo view --minify

• Set the current-context to dev-frontend:
  $ kubectl config --kubeconfig=kubeconfig-demo use-context dev-frontend

• Change the current context to dev-storage:
  $ kubectl config --kubeconfig=kubeconfig-demo use-context dev-storage

• Delete the context
  kubectl config delete-context kubernetes-admin@kubernetes

Kubernetes 建置與執行，此書第四章 p.37~38 也有提到 kubectl config use-context 用法。