[4] MicroK8s – WebPanel

11 lutego 2021 Wyłączono przez Adam [zicherka] Nogły

Aby włączyć zarządzanie za pomocą strony WWW, postępuj jak poniżej.

[1] Włącz przystawkę [dashboard] na głównym węźle.

[root@vlsr01 ~]# microk8s enable dashboard dns
Enabling Kubernetes Dashboard
Addon metrics-server is already enabled.
Applying manifest
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

If RBAC is not enabled access the dashboard using the default token retrieved with:

token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s kubectl -n kube-system describe secret $token

In an RBAC enabled setup (microk8s enable RBAC) you need to create a user with restricted
permissions as shown in:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

Enabling DNS
Applying manifest
serviceaccount/coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
clusterrole.rbac.authorization.k8s.io/coredns created
clusterrolebinding.rbac.authorization.k8s.io/coredns created
Restarting kubelet
Adding argument --cluster-domain to nodes.
Configuring node 192.168.100.102
Configuring node 192.168.100.101
Adding argument --cluster-dns to nodes.
Configuring node 192.168.100.102
Configuring node 192.168.100.101
Restarting nodes.
Configuring node 192.168.100.102
Configuring node 192.168.100.101
DNS is enabled

[root@vlsr01 ~]# microk8s kubectl get services -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
metrics-server ClusterIP 10.152.183.254 <none> 443/TCP 14m
kubernetes-dashboard ClusterIP 10.152.183.77 <none> 443/TCP 73s
dashboard-metrics-scraper ClusterIP 10.152.183.28 <none> 8000/TCP 73s
kube-dns ClusterIP 10.152.183.10 <none> 53/UDP,53/TCP,9153/TCP 72s

[root@vlsr01 ~]# microk8s kubectl -n kube-system get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
metrics-server-8bbfb4bdb-x2rrq 1/1 Running 0 14m 10.1.86.196 vlsr01.zicher.lab <none> <none>
dashboard-metrics-scraper-6c4568dc68-xg6fx 1/1 Running 0 83s 10.1.206.2 vlsr02.zicher.lab <none> <none>
calico-node-vq9h7 1/1 Running 0 4m10s 192.168.100.102 vlsr02.zicher.lab <none> <none>
calico-kube-controllers-847c8c99d-mv2g6 1/1 Running 0 111m 10.1.86.194 vlsr01.zicher.lab <none> <none>
calico-node-574jj 1/1 Running 0 105m 192.168.100.101 vlsr01.zicher.lab <none> <none>
kubernetes-dashboard-7ffd448895-zwj5x 1/1 Running 0 83s 10.1.206.3 vlsr02.zicher.lab <none> <none>
coredns-86f78bb79c-g5xtc 1/1 Running 0 82s 10.1.206.1 vlsr02.zicher.lab <none> <none>

# potwierdź token
# Token znajduje się w drugiej kolumnie w linii: [token: ]
[root@vlsr01 ~]# microk8s kubectl -n kube-system describe secret $(microk8s kubectl -n kube-system get secret | grep default-token | awk '{print $1}')
Name: default-token-kgc98
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: 80e3568b-1d70-4b51-abdb-637a43ce925c

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1103 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkpxS2dEWHhQS0g3c1N4TUFfSmNvSHFJYXYyVi1YQ0VjQ2FZb1ZzMGYwVmsifQ.eyJpcte-Hhrvn4l-9dwnV5jFD9nLRUC_HpIieiRVcHW9zqp1W1SZCdz6nrZ30Whaadd3uYOBKdfBmXTz5_5XBaPCi-cAkpeErKA

# ustaw przekierowanie portów, aby móc uzyskać dostęp z zewnątrz
[root@vlsr01 ~]# microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard --address 0.0.0.0 10443:443 &
Forwarding from 0.0.0.0:10443 -> 8443 

# jeżeli Firewalld jest uruchomiony należy zezwolić na ruch na następującym porcie
[root@vlsr01 ~]# firewall-cmd --add-port=10443/tcp --permanent
[root@vlsr01 ~]# firewall-cmd –reload

[2] Przejdź na adres [https://MicroK8s_pierwszy_węzeł (nazwa hosta lub adres IP):10443/] w przeglądarce z jakiegokolwiek hosta w tej samej sieci. Skopiuj token, który potwierdziłeś w [1] w wierszu [potwierdź token].

Wklej go do pola [Enter token] i naciśnij [Sign in].

[3] Zostaniesz zalogowany do panelu zarządzania.