3
AWS 下 EKS 部署 Dashboard
source link: https://blog.51cto.com/wuweijava/5951535
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
一. 准备工作
打开 AWS CloudShell
安装 eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
sudo mv /tmp/eksctl /usr/local/bin
安装 kubectl
curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl
创建演示集群
eksctl create cluster --name=cluster-1 --nodes=1 --version=1.23
安装 metric 服务器
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
二. 安装 Dashboard
下载部署文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
修改部署文件
使用 Nodeport 暴露访问端口,此处自定义为30003
部署 Dashboard
kubectl apply -f recommended.yaml
为公网访问绑定 EIP
获取 dashboard 所在节点
[cloudshell-user@ip-10-2-85-153 ~]$ kubectl get pods -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-799d786dbf-fdq6b 1/1 Running 0 77s 192.168.70.73 ip-192-168-74-45.ap-northeast-1.compute.internal <none> <none>
kubernetes-dashboard-fb8648fd9-bvh97 1/1 Running 0 78s 192.168.81.109 ip-192-168-74-45.ap-northeast-1.compute.internal <none> <none>
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-799d786dbf-fdq6b 1/1 Running 0 77s 192.168.70.73 ip-192-168-74-45.ap-northeast-1.compute.internal <none> <none>
kubernetes-dashboard-fb8648fd9-bvh97 1/1 Running 0 78s 192.168.81.109 ip-192-168-74-45.ap-northeast-1.compute.internal <none> <none>
为 Dashboard 的 Pod 所在节点绑定一个弹性公网IP
并在安全组中放开30003端口
三. 创建服务账号
创建配置文件
此处在 kube-system 的名称空间下创建名为 eks-admin 的服务账号,并绑定集群管理员角色
cat >eks-admin-service-account.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: eks-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: eks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: eks-admin
namespace: kube-system
EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: eks-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: eks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: eks-admin
namespace: kube-system
EOF
创建服务账号
kubectl apply -f eks-admin-service-account.yaml
获取服务账号的 token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}’)
四. 访问 Dashboard
https://EIP:30003
填写上一步获取的 token 登录
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK