Kubernetes graphical interface dashboard

Graphical interface overview

Dashboard is the abbreviation of business intelligence dashboard (BI dashboard). It is a general business intelligence dashboard
The module that can realize data visualization is a data virtualization tool that shows the measurement information and the current situation of key business indicators (KPI s) to enterprises
dashboard combines and organizes numbers, metrics and performance scorecards on a simple screen. They are adapted to specific roles and present metrics specified for a single perspective or department.
The key feature of dashboard is to obtain real-time data from a variety of data sources, and it is a customized interactive interface.
dashboard provides better use experience for data with rich and interactive visual interface

K8s also has a relatively intuitive graphical interface. The official website has synthesized five yaml files into one, but here we still use the five files of the old model for simulation experiments

Come on! Exhibition!!

According to the last multi node K8s deployment last night

Operate on the master

Upload all the files above

[root@localhost ~]# cd k8s/
[root@localhost k8s]# mkdir dashboard
[root@localhost k8s]# cd dashboard/
[root@localhost dashboard]# kubectl get nodes
NAME       STATUS   ROLES    AGE   VERSION   Ready    <none>   8d    v1.12.3   Ready    <none>   8d    v1.12.3
[root@localhost dashboard]# rz -E
rz waiting to receive.
[root@localhost dashboard]# ls
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml  k8s-admin.yaml

Install yaml files according to the order I provided

[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml 
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml 
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml 
configmap/kubernetes-dashboard-settings created
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml 
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml 
service/kubernetes-dashboard created

View namespace

When finished, check the pods created under the specified Kube system namespace

[root@localhost dashboard]# kubectl get pods,service -n kube-system
NAME                                        READY   STATUS              RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-wtvtr   0/1     ContainerCreating   0          100s
	##You can't continue to the next step until the creation is successful. Now it's creating
NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   <none>        443:30001/TCP   95s

After the status is running, check which node the pods are on

It can be seen here that on my node, the external port is exposed to 30001

[root@localhost dashboard]# kubectl get pods,service -n kube-system -o wi
NAME                                        READY   STATUS    RESTARTS   AGE     IP            NODE       NOMINATED NODE
pod/kubernetes-dashboard-65f974f565-wtvtr   1/1     Running   0          4m15s   <none>

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE     SELECTOR
service/kubernetes-dashboard   NodePort   <none>        443:30001/TCP   4m10s   k8s-app=kubernetes-dashboard

Open page view

Firefox browser is recommended. You can skip verification

Generate login token

[root@localhost dashboard]# kubectl create -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@localhost dashboard]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-tl2bq        kubernetes.io/service-account-token   3      45s		##Copy the name
default-token-6rblg                kubernetes.io/service-account-token   3      8d
kubernetes-dashboard-certs         Opaque                                0      15m
kubernetes-dashboard-key-holder    Opaque                                2      15m
kubernetes-dashboard-token-jvqfp   kubernetes.io/service-account-token   3      15m

View certificate details
[root@localhost dashboard]# kubectl describe secret dashboard-admin-token-tl2bq -n kube-system
Name:         dashboard-admin-token-tl2bq
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 97478dda-0957-11eb-ad59-000c29aff78f

Type:  kubernetes.io/service-account-token

ca.crt:     1359 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdGwyYnEiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTc0NzhkZGEtMDk1Ny0xMWViLWFkNTktMDAwYzI5YWZmNzhmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.KLzQdBQOb1ETbdpLTN9sbDOALknhOTurzBcB8FlbpmjC2Ef1H3Wbic9mOlqxFyOUwly6GT-YKNElGAqAAxiWpuh8Lbsn1pobBPCNdYQYpgCuTBxM4Al7BIG4uDOw1WZNXeEBtxze0k-LBxMnWcwB7WxNpETicoEewqN8KLZOQSM9LUMxM6Cy-tDi7NhTPBx57BpiEMrXA5IttBhXJmzEmmCUKIqgVxK3r5kcOff5FOLSslYVeML1K3dsijr-sW0pExKITSoqhLja2CWt_g_AP9jzt2pq4rgI51w7MDApceXsA1Fm6MKq6aWyDgESQYCmfuWBGE8ED4KFWRGJoodj0w

Sign in

End of experiment

Successfully see the graphical interface

Microsoft Edge or Google browser login method

When some browsers are opened, they will report insecurity and are not allowed to accept risks. For example, as shown in the figure below, we need to add certificates manually

[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   "names": [
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"

cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

[root@localhost dashboard]# vim dashboard-controller.yaml 	##Two certificate files are declared here
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem	##This line is the same as the one below
          - --tls-cert-file=dashboard.pem

[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml 
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured

Just check it again

Tags: CentOS Docker Kubernetes Visualization cloud computing

Posted by mrcodex on Thu, 12 May 2022 09:39:34 +0300