获取官方配置文件
首先,从GitHub仓库下载Kubernetes Dashboard的最新配置文件v2.0.0-beta8版本(recommended.yaml),使用以下命令:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
下载完成后,需对配置文件进行必要的修改,以便通过NodePort方式访问Dashboard界面。原始配置文件中的Service部分如下所示:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
修改后的配置应包含NodePort类型及端口号,示例如下:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
nodePort: 30001
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
同时,为了提高镜像拉取效率,建议将容器的imagePullPolicy设置为IfNotPresent,即只有当本地不存在该镜像时才从远程仓库拉取。原始容器配置段落如下:
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
调整后的内容为:
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
protocol: TCP
启动服务
在Master节点上执行以下命令来下载所需的Docker镜像并应用配置文件:
docker pull kubernetesui/dashboard:v2.0.0-beta8
kubectl apply -f recommended.yaml
接下来,检查Pod和服务的状态,确保Dashboard已成功部署:
kubectl get pods,svc -n kubernetes-dashboard -o wide
kubectl describe po kubernetes-dashboard --namespace=kubernetes-dashboard
如果遇到Pod启动失败的情况,如显示crashloopbackoff错误,可能是因为网络问题或资源不足导致。此时可尝试重启kubelet和Docker服务,并清空iptables规则后重试:
systemctl stop kubelet
systemctl stop docker
iptables --flush
iptables -tnat --flush
systemctl start kubelet
systemctl start docker
kubectl delete -f recommended.yaml
若问题仍未解决,可考虑删除故障节点并重新加入集群。具体操作步骤包括在故障节点上执行kubeadm reset命令,重置iptables规则,然后按照标准流程重新添加节点。
配置安全访问
为确保Dashboard的安全访问,需创建一个具有管理员权限的服务账户,并生成相应的认证Token。首先,创建一个名为create-admin.yaml的文件,内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
应用上述配置并验证服务账户及Secret是否创建成功:
kubectl apply -f create-admin.yaml
kubectl get sa,secrets -n kubernetes-dashboard
kubectl describe secret admin-user-token-t79xh -n kubernetes-dashboard
最后,使用生成的Token登录至Kubernetes Dashboard,完成整个部署过程。
以上内容基于实际部署经验整理,适用于希望在Windows环境中部署Kubernetes Dashboard的用户。