访问 Azure Stack 集线器中的 Kubernetes 仪表板Access the Kubernetes Dashboard in Azure Stack Hub

备注

仅使用 Kubernetes Azure Stack Marketplace 项将群集部署为概念证明。Only use the Kubernetes Azure Stack Marketplace item to deploy clusters as a proof-of-concept. 有关 Azure Stack 上支持的 Kubernetes 群集,请使用AKS 引擎For supported Kubernetes clusters on Azure Stack, use the AKS engine.

Kubernetes 包含一个 web 仪表板,可用于基本管理操作。Kubernetes includes a web dashboard that you can use for basic management operations. 使用此仪表板,可以查看应用程序的基本运行状况状态和指标,创建并部署服务,以及编辑现有应用程序。This dashboard lets you view basic health status and metrics for your applications, create and deploy services, and edit existing applications. 本文介绍如何在 Azure Stack 集线器上设置 Kubernetes 仪表板。This article shows you how to set up the Kubernetes dashboard on Azure Stack Hub.

Kubernetes 仪表板的先决条件Prerequisites for Kubernetes Dashboard

  • Azure Stack 中心 Kubernetes 群集Azure Stack Hub Kubernetes cluster

    需要将 Kubernetes 群集部署到 Azure Stack 中心。You will need to have deployed a Kubernetes cluster to Azure Stack Hub. 有关详细信息,请参阅部署 KubernetesFor more information, see Deploy Kubernetes.

  • SSH 客户端SSH client

    需要使用 SSH 客户端来连接到群集中的主节点。You'll need an SSH client to security connect to your master node in the cluster. 如果使用的是 Windows,则可以使用PuttyIf you're using Windows, you can use Putty. 部署 Kubernetes 群集时,需要使用私钥。You will need the private key used when you deployed your Kubernetes cluster.

  • FTP (PSCP)FTP (PSCP)

    你可能还需要一个支持 SSH 和 SSH 文件传输协议的 FTP 客户端,以便将证书从主节点传输到 Azure Stack 中心管理计算机。You may also need an FTP client that supports SSH and SSH File Transfer Protocol to transfer the certificates from the master node to your Azure Stack Hub management machine. 可以使用FileZillaYou can use FileZilla. 部署 Kubernetes 群集时,需要使用私钥。You will need the private key used when you deployed your Kubernetes cluster.

启用仪表板的步骤概述Overview of steps to enable dashboard

  1. 从群集的主节点中导出 Kubernetes 证书。Export the Kubernetes certificates from the master node in the cluster.
  2. 将证书导入到 Azure Stack 集线器管理计算机。Import the certificates to your Azure Stack Hub management machine.
  3. 打开 "Kubernetes web 仪表板"。Open the Kubernetes web dashboard.

从主服务器导出证书Export certificate from the master

可从群集中的主节点检索仪表板的 URL。You can retrieve the URL for the dashboard from the master node in your cluster.

  1. 从 Azure Stack 中心仪表板获取群集主机的公共 IP 地址和用户名。Get the public IP address and username for your cluster master from the Azure Stack Hub dashboard. 若要获取此信息:To get this information:

    • 登录到Azure Stack 中心门户Sign in to the Azure Stack Hub portal
    • 选择 "所有服务" > "所有资源"。Select All services > All resources. 在群集资源组中查找主节点。Find the master in your cluster resource group. 主节点命名为 k8s-master-<sequence-of-numbers>The master is named k8s-master-<sequence-of-numbers>.
  2. 在门户中打开主节点。Open the master node in the portal. 复制公共 IP地址。Copy the Public IP address. 单击 "连接",在 "使用 VM 本地帐户登录" 框中获取用户名。Click Connect to get your user name in the Login using VM local account box. 这是创建群集时所设置的相同用户名。This is the same user name you set when creating your cluster. 使用公共 IP 地址,而不使用 "连接" 边栏选项卡中列出的专用 IP 地址。Use the public IP address rather than the private IP address listed in the connect blade.

  3. 打开 SSH 客户端以连接到主节点。Open an SSH client to connect to the master. 如果使用的是 Windows,则可以使用Putty创建连接。If you are working on Windows, you can use Putty to create the connection. 你将使用主节点的公共 IP 地址、用户名,并添加在创建群集时使用的私钥。You will use the public IP address for the master node, the username, and add the private key you used when creating the cluster.

  4. 当终端连接时,键入 kubectl 打开 Kubernetes 命令行客户端。When the terminal connects, type kubectl to open the Kubernetes command-line client.

  5. 运行以下命令:Run the following command:

    kubectl cluster-info 
    

    查找仪表板的 URL。Find the URL for the dashboard. 例如:https://k8-1258.local.cloudapp.azurestack.external/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxyFor example: https://k8-1258.local.cloudapp.azurestack.external/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

  6. 提取自签名证书并将其转换为 PFX 格式。Extract the self-signed cert and convert it to the PFX format. 运行以下命令:Run the following command:

    sudo su 
    openssl pkcs12 -export -out /etc/kubernetes/certs/client.pfx -inkey /etc/kubernetes/certs/client.key  -in /etc/kubernetes/certs/client.crt -certfile /etc/kubernetes/certs/ca.crt 
    
  7. 获取kube命名空间中的机密列表。Get the list of secrets in the kube-system namespace. 运行以下命令:Run the following command:

    kubectl -n kube-system get secrets
    

    记下 kubernetes XXXXX > 值<。Make note of the kubernetes-dashboard-token-<XXXXX> value.

  8. 获取令牌并将其保存。Get the token and save it. kubernetes-dashboard-token-<####> 更新为上一步中的机密值。Update the kubernetes-dashboard-token-<####> with the secret value from the previous step.

    kubectl -n kube-system describe secret kubernetes-dashboard-token-<####>| awk '$1=="token:"{print $2}' 
    

导入证书Import the certificate

  1. 打开 Filezilla 并连接到主节点。Open Filezilla and connect to the master node. 你将需要:You will need the:

    • 主节点公共 IPthe master node public IP
    • 用户名the username
    • 私有机密the private secret
    • 使用SFTP SSH 文件传输协议Use SFTP - SSH File Transfer Protocol
  2. /etc/kubernetes/certs/client.pfx/etc/kubernetes/certs/ca.crt 复制到 Azure Stack 集线器管理计算机。Copy /etc/kubernetes/certs/client.pfx and /etc/kubernetes/certs/ca.crt to your Azure Stack Hub management machine.

  3. 记下文件位置。Make note of the file locations. 使用位置更新脚本,然后使用提升的提示符打开 PowerShell。Update the script with the locations, and then open PowerShell with an elevated prompt. 运行更新的脚本:Run the updated script:

    Import-Certificate -Filepath "ca.crt" -CertStoreLocation cert:\LocalMachine\Root 
    $pfxpwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below' 
    Import-PfxCertificate -Filepath "client.pfx" -CertStoreLocation cert:\CurrentUser\My -Password $pfxpwd.Password 
    

打开 Kubernetes 仪表板Open the Kubernetes dashboard

  1. 在 Web 浏览器上禁用弹出窗口阻止程序。Disable the pop-up blocker on your Web browser.

  2. 将浏览器指向 kubectl cluster-info运行命令时记下的 URL。Point your browser to the URL noted when you ran the command kubectl cluster-info. 例如: https://azurestackdomainnamefork8sdashboard/api/v1/namespaces/kube-system/services/https: kubernetes:/proxyFor example: https://azurestackdomainnamefork8sdashboard/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

  3. 选择客户端证书。Select the client certificate.

  4. 输入令牌。Enter the token.

  5. 重新连接到主节点上的 bash 命令行并授予 kubernetes-dashboard的权限。Reconnect to the bash command line on the master node and give permissions to kubernetes-dashboard. 运行以下命令:Run the following command:

    kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard 
    

    此脚本提供 kubernetes-dashboard 云管理员权限。The script gives kubernetes-dashboard Cloud administrator privileges. 有关详细信息,请参阅for 已启用 RBAC 的群集For more information, see For RBAC-enabled clusters.

您可以使用 "仪表板"。You can use the dashboard. 有关 Kubernetes 仪表板的详细信息,请参阅Kubernetes WEB UI 仪表板For more information on the Kubernetes dashboard, see Kubernetes Web UI Dashboard

Azure Stack 中心 Kubernetes 仪表板

故障排除Troubleshooting

自定义虚拟网络Custom Virtual Networks

如果在将 Kubernetes 部署到自定义虚拟网络后访问 Kubernetes 仪表板时遇到连接问题,请确保目标子网链接到 AKS 引擎创建的路由表和网络安全组资源。If you face connectivity issues accessing the Kubernetes dashboard after you deploy Kubernetes to a custom virtual network, ensure that target subnets are linked to the route table and network security group resources that were created by the AKS engine.

请确保网络安全组规则允许主节点和 Kubernetes 仪表板 pod IP 之间的通信。Make sure that the network security group rules allow communication between the master nodes and the Kubernetes dashboard pod IP. 这可以通过使用主节点上的 ping 命令进行验证。This can be validated by using the ping command from a master node.

后续步骤Next steps

将 Kubernetes 部署到 Azure Stack 中心Deploy Kubernetes to Azure Stack Hub

将 Kubernetes 群集添加到 Marketplace (适用于 Azure Stack 中心操作员)Add a Kubernetes cluster to the Marketplace (for the Azure Stack Hub operator)

Azure 上的 KubernetesKubernetes on Azure