K8S UI 之 Dashboard

发表于 分类于 置顶 精品
阅读次数: 本文字数: 1.3k 阅读时长 ≈ 5 分钟

摘要

Dashboard 简介

  • Dashboard 是基于网页的 Kubernetes 用户界面。

  • 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。

  • 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment、Job、DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。

  • Dashboard 同时展示了 Kubernetes 集群中的资源状态信息和所有报错信息。

部署 Dashboard

  • Kubernetes Dashboard 目前仅支持基于 Helm 的安装,因为它速度更快, 并且可以让我们更好地控制 Dashboard 运行所需的所有依赖项。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# 添加 kubernetes-dashboard 仓库
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# 使用 kubernetes-dashboard Chart 部署名为 `kubernetes-dashboard` 的 Helm Release
$ helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \
    --create-namespace \
    --namespace kubernetes-dashboard
## 输出
Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Sun Jul  6 00:40:02 2025
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************

Congratulations! You have just installed Kubernetes Dashboard in your cluster.

To access Dashboard run:
  kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

NOTE: In case port-forward command does not work, make sure that kong service name is correct.
      Check the services in Kubernetes Dashboard namespace using:
        kubectl -n kubernetes-dashboard get svc

Dashboard will be available at:
  https://localhost:8443

# 查看 helm 安装的包,注意指定 命名空间
$ helm list -n kubernetes-dashboard
NAME                	NAMESPACE           	REVISION	UPDATED                                	STATUS  	CHART                      	APP VERSION
kubernetes-dashboard	kubernetes-dashboard	1       	2025-07-24 14:01:06.678570212 +0800 CST	deployed	kubernetes-dashboard-7.13.0

  • 查看启动的资源

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ kubectl -n kubernetes-dashboard get all
NAME                                                       READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-api-568f47ddd7-tx6f8              1/1     Running   0          20m
pod/kubernetes-dashboard-auth-645b944589-t6v2m             1/1     Running   0          20m
pod/kubernetes-dashboard-kong-648658d45f-7qsm9             1/1     Running   0          20m
pod/kubernetes-dashboard-metrics-scraper-547874fcf-87mrv   1/1     Running   0          20m
pod/kubernetes-dashboard-web-7796b9fbbb-xsdlw              1/1     Running   0          20m

NAME                                           TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/kubernetes-dashboard-api               ClusterIP   10.96.149.59    <none>        8000/TCP   20m
service/kubernetes-dashboard-auth              ClusterIP   10.96.145.120   <none>        8000/TCP   20m
service/kubernetes-dashboard-kong-proxy        ClusterIP   10.96.171.40    <none>        443/TCP    20m
service/kubernetes-dashboard-metrics-scraper   ClusterIP   10.96.79.48     <none>        8000/TCP   20m
service/kubernetes-dashboard-web               ClusterIP   10.96.247.143   <none>        8000/TCP   20m

NAME                                                   READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/kubernetes-dashboard-api               1/1     1            1           20m
deployment.apps/kubernetes-dashboard-auth              1/1     1            1           20m
deployment.apps/kubernetes-dashboard-kong              1/1     1            1           20m
deployment.apps/kubernetes-dashboard-metrics-scraper   1/1     1            1           20m
deployment.apps/kubernetes-dashboard-web               1/1     1            1           20m

NAME                                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/kubernetes-dashboard-api-568f47ddd7              1         1         1       20m
replicaset.apps/kubernetes-dashboard-auth-645b944589             1         1         1       20m
replicaset.apps/kubernetes-dashboard-kong-648658d45f             1         1         1       20m
replicaset.apps/kubernetes-dashboard-metrics-scraper-547874fcf   1         1         1       20m
replicaset.apps/kubernetes-dashboard-web-7796b9fbbb              1         1         1       20m

小贴士

  • 第一次创建kubernetes-dashboard时,有几个 pod 一直处于 ContainerCreating 状态,通过 describe 命令,查看 pod 的状态发现报如下错误:
1
Warning  FailedCreatePodSandBox  4m52s                kubelet            Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "cfa0b6062fabd77353e6d832ab0e62f96787b4d59346d9e57c28dbc0e19a3127": plugin type="calico" failed (add): error getting ClusterInformation: connection is unauthorized: Unauthorized

  • 这条错误说明:

    • 容器网络插件(CNI)使用的是 Calico
    • Calico 在尝试获取 Kubernetes 集群的 ClusterInformation 时 认证失败
    • 错误关键词:connection is unauthorized: Unauthorized

  • 不确定导致这一问题的原因,我的解决方法是重新安装 Calico

1
2
kubectl delete -f calico.yaml
kubectl apply -f calico.yaml

  • 开放代理端口

1
2
# 在哪个机器上运行的命令,开放的就是哪个机器的端口
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

登录帐号

  • 创建管理员用户

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount                    # 创建 ServiceAccount
metadata:
  name: admin-user                      # SA 名称
  namespace: kubernetes-dashboard       # SA 所在命名空间
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding                # 集群角色绑定
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io   # 集群角色组,这个是 k8s 内置的
  kind: ClusterRole                     # 集群角色
  name: cluster-admin                   # 集群管理员角色
subjects:
- kind: ServiceAccount                  # 服务账号
  name: admin-user                      # 服务账号名称
  namespace: kubernetes-dashboard       # 服务账号命名空间

  • 创建并获取token

1
2
3
kubectl apply -f dashboard-adminuser.yaml
# 获取token,该 token 有效期为 1 小时,token格式为 jwt,可以通过 jwt.io 解析
kubectl -n kubernetes-dashboard create token admin-user

  • 获取长效token

1
2
3
4
5
6
7
8
9
# dashboard-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
1
2
3
kubectl apply -f dashboard-secret.yaml
# 该命令获取token,永不过期,将其保存下来
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath="{.data.token}" | base64 -d

卸载 kubernetes-dashboard

  • 卸载 kubernetes-dashboard

1
helm uninstall kubernetes-dashboard --namespace kubernetes-dashboard

  • 清理用户信息

1
2
3
4
5
kubectl -n kubernetes-dashboard delete serviceaccount admin-user
kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user

# 也可以直接删除 命名空间,删除命名空间会同时删除所有资源
kubectl delete namespace kubernetes-dashboard