访问 Azure Kubernetes 服务 (AKS) 中的 Kubernetes Web 仪表板Access the Kubernetes web dashboard in Azure Kubernetes Service (AKS)

Kubernetes 包含一个可用于基本管理操作的 Web 仪表板。Kubernetes includes a web dashboard that can be used for basic management operations. 使用此仪表板,可以查看应用程序的基本运行状况状态和指标,创建并部署服务,以及编辑现有应用程序。This dashboard lets you view basic health status and metrics for your applications, create and deploy services, and edit existing applications. 本文介绍如何使用 Azure CLI 访问 Kubernetes 仪表板,然后引导你完成一些基本的仪表板操作。This article shows you how to access the Kubernetes dashboard using the Azure CLI, then guides you through some basic dashboard operations.

有关 Kubernetes 仪表板的详细信息,请参阅 Kubernetes Web UI 仪表板For more information on the Kubernetes dashboard, see Kubernetes Web UI Dashboard. AKS 使用版本 2.0 及更高版本的开源仪表板。AKS uses version 2.0 and greater of the open-source dashboard.

警告

AKS 仪表板加载项已设置为弃用。The AKS dashboard add-on is set for deprecation.

  • 默认情况下,为运行的 Kubernetes 版本低于 1.18 的群集启用 Kubernetes 仪表板。The Kubernetes dashboard is enabled by default for clusters running a Kubernetes version less than 1.18.
  • 默认情况下,在 Kubernetes 1.18 或更高版本上创建的所有新群集都将禁用仪表板加载项。The dashboard add-on will be disabled by default for all new clusters created on Kubernetes 1.18 or greater.
  • 从 Kubernetes 1.19 预览版开始,AKS 将不再支持安装托管的 kube-dashboard 加载项。Starting with Kubernetes 1.19 in preview, AKS will no longer support installation of the managed kube-dashboard addon.
  • 启用了加载项的现有群集不会受到影响。Existing clusters with the add-on enabled will not be impacted. 用户能够继续将开源仪表板作为用户安装的软件手动安装。Users will continue to be able to manually install the open-source dashboard as user-installed software.

准备阶段Before you begin

本文档详述的步骤假设你已创建 AKS 群集并已通过该群集建立 kubectl 连接。The steps detailed in this document assume that you've created an AKS cluster and have established a kubectl connection with the cluster. 如果需要创建 AKS 群集,请参阅快速入门:使用 Azure CLI 部署 Azure Kubernetes 服务群集If you need to create an AKS cluster, see Quickstart: Deploy an Azure Kubernetes Service cluster using the Azure CLI.

还需要安装并配置 Azure CLI 2.6.0 或更高版本。You also need the Azure CLI version 2.6.0 or later installed and configured. 运行  az --version  即可查找版本。Run az --version to find the version. 如果需要进行安装或升级,请参阅 安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI.

禁用 Kubernetes 仪表板Disable the Kubernetes dashboard

默认情况下,在 K8s 版本低于 1.18 的群集上启用 kube-dashboard 加载项。The kube-dashboard addon is enabled by default on clusters older than K8s 1.18. 可以通过运行以下命令禁用加载项。The addon can be disabled by running the following command.

az aks disable-addons -g myRG -n myAKScluster -a kube-dashboard

启动 Kubernetes 仪表板Start the Kubernetes dashboard

若要在群集上启动 Kubernetes 仪表板,请使用 az aks browse 命令。To start the Kubernetes dashboard on a cluster, use the az aks browse command. 此命令要求在群集上安装 kube-dashboard 加载项,运行任何低于 Kubernetes 1.18 的版本的群集都默认包含该加载项。This command requires the installation of the kube-dashboard addon on the cluster, which is included by default on clusters running any version older than Kubernetes 1.18.

以下示例将为 myResourceGroup 资源组中的 myAKSCluster 群集打开仪表板:The following example opens the dashboard for the cluster named myAKSCluster in the resource group named myResourceGroup:

# Enable kube-dashboard addon before start the kubernetes dashboard
az aks enable-addons --addons kube-dashboard --resource-group myResourceGroup --name myAKSCluster

az aks browse --resource-group myResourceGroup --name myAKSCluster

此命令在开发系统与 Kubernetes API 之间创建一个代理,并在 Web 浏览器中打开 Kubernetes 仪表板。This command creates a proxy between your development system and the Kubernetes API, and opens a web browser to the Kubernetes dashboard. 如果 Web 浏览器未打开到 Kubernetes 仪表板,请复制并在 Azure CLI 中粘贴所记录的 URL 地址,通常为 http://127.0.0.1:8001If a web browser doesn't open to the Kubernetes dashboard, copy and paste the URL address noted in the Azure CLI, typically http://127.0.0.1:8001.

备注

如果在 http://127.0.0.1:8001 没有看到仪表板,则可以手动路由到以下地址。If you do not see the dashboard at http://127.0.0.1:8001 you can manually route to the following addresses. 运行 1.16 或更高版本的群集使用 https 并需要单独的终结点。Clusters on 1.16 or greater use https and require a separate endpoint.

  • K8s 1.16 或更高版本:http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxyK8s 1.16 or greater: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
  • K8s 1.15 及更低版本:http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard:/proxyK8s 1.15 and below: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard:/proxy

登录到仪表板 (kubernetes 1.16+)Sign in to the dashboard (kubernetes 1.16+)

重要

Kubernetes 仪表板 v1.10.1 或 kubernetes v1.16 + 开始,由于该版本中的安全修补程序,服务帐户“kubernetes-dashboard”不再能够用于检索资源。As of v1.10.1 of the Kubernetes dashboard or kubernetes v1.16+ the service account "kubernetes-dashboard" can no longer be used to retrieve resources due to a security fix in that release. 因此,没有身份验证信息的请求会返回 401 未授权错误。As a result, requests without auth info return a 401 unauthorized error. 从服务帐户检索的持有者令牌仍可通过此 Kubernetes 仪表板示例中的方式使用,但与早期版本相比,这会影响仪表板加载项的登录流。A bearer token retrieved from a service account can still be used as in this Kubernetes Dashboard example, but this impacts the login flow of the dashboard add-on compared to older versions.

如果仍运行 1.16 之前的版本,则仍可向“kubernetes-dashboard”服务帐户授予权限,但不建议这样做:If you still run a version prior to 1.16 you can still give permissions to the "kubernetes-dashboard" service account, but this is not recommended:

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

显示的初始屏幕要求提供 kubeconfig 或令牌。The initial screen presented requires a kubeconfig or token. 这两个选项都要求提供资源权限才会在仪表板中显示这些资源。Both options require resource permissions to display those resources in the dashboard.

登录屏幕

使用 kubeconfigUse a kubeconfig

对于启用了 Azure AD 的群集和启用了非 Azure AD 的群集,都可以传入kubeconfig。For both Azure AD enabled and non-Azure AD enabled clusters, a kubeconfig can be passed in. 确保访问令牌有效,如果令牌已过期,则可以通过 kubectl 刷新令牌。Ensure access tokens are valid, if your tokens are expired you can refresh tokens via kubectl.

  1. 使用 az aks get-credentials -a --resource-group <RG_NAME> --name <CLUSTER_NAME> 设置管理员 kubeconfigSet the admin kubeconfig with az aks get-credentials -a --resource-group <RG_NAME> --name <CLUSTER_NAME>
  2. 选择 Kubeconfig 并单击 Choose kubeconfig file 打开文件选择器Select Kubeconfig and click Choose kubeconfig file to open file selector
  3. 选择 kubeconfig 文件(默认为 $HOME/.kube/config)Select your kubeconfig file (defaults to $HOME/.kube/config)
  4. 单击 Sign InClick Sign In

使用令牌Use a token

  1. 对于启用了非 Azure AD 的群集,运行 kubectl config view 并复制与群集的用户帐户关联的令牌。For non-Azure AD enabled cluster, run kubectl config view and copy the token associated with the user account of your cluster.
  2. 登录时,粘贴到令牌选项中。Paste into the token option at sign in.
  3. 单击 Sign InClick Sign In

对于启用了 Azure AD 的群集,使用以下命令检索 AAD 令牌。For Azure AD enabled clusters, retrieve your AAD token with the following command. 验证是否已替换命令中的资源组和群集名称。Validate you've replaced the resource group and cluster name in the command.

## Update <RESOURCE_GROUP and <AKS_NAME> with your input.

kubectl config view -o jsonpath='{.users[?(@.name == "clusterUser_<RESOURCE GROUP>_<AKS_NAME>")].user.auth-provider.config.access-token}'

成功后,将显示类似如下的页面。Once successful, a page similar to the below will be displayed.

Kubernetes Web 仪表板的概述页

创建应用程序Create an application

以下步骤要求用户具有对相应资源的权限。The following steps require the user to have permissions to the respective resources.

若要查看 Kubernetes 仪表板可以如何降低管理任务的复杂性,让我们创建一个应用程序。To see how the Kubernetes dashboard can reduce the complexity of management tasks, let's create an application. 可以从 Kubernetes 仪表板通过提供文本输入、YAML 文件或通过一个图形化向导来创建应用程序。You can create an application from the Kubernetes dashboard by providing text input, a YAML file, or through a graphical wizard.

若要创建应用程序,请完成以下步骤:To create an application, complete the following steps:

  1. 选择窗口右上角的“创建”按钮。Select the Create button in the upper right window.
  2. 若要使用图形化向导,请选择“创建应用”。To use the graphical wizard, choose to Create an app.
  3. 为部署提供一个名称,例如 nginxProvide a name for the deployment, such as nginx
  4. 输入要使用的容器映像的名称,例如 nginx:1.15.5Enter the name for the container image to use, such as nginx:1.15.5
  5. 若要为 Web 流量公开端口 80,请创建一个 Kubernetes 服务。To expose port 80 for web traffic, you create a Kubernetes service. 在“服务”下,选择“外部”,对于端口和目标端口,都输入 80Under Service, select External, then enter 80 for both the port and target port.
  6. 准备就绪后,选择“部署”来创建应用。When ready, select Deploy to create the app.

在 Kubernetes Web 仪表板中部署应用

为 Kubernetes 服务分配公共外部 IP 地址需要一到两分钟时间。It takes a minute or two for a public external IP address to be assigned to the Kubernetes service. 在左侧,在“发现和负载均衡”下,选择“服务”。On the left-hand size, under Discovery and Load Balancing select Services. 此时将列出应用的服务,包括“外部终结点”,如以下示例中所示:Your application's service is listed, including the External endpoints, as shown in the following example:

查看服务和终结点的列表

选择终结点地址以在 Web 浏览器窗口中打开默认的 NGINX 页面:Select the endpoint address to open a web browser window to the default NGINX page:

查看部署的应用程序的默认 NGINX 页面

查看 Pod 信息View pod information

Kubernetes 仪表板可以提供基本的监视指标和故障排除信息,例如日志。The Kubernetes dashboard can provide basic monitoring metrics and troubleshooting information such as logs.

若要查看有关应用程序 Pod 的详细信息,请在左侧菜单中选择“Pod”。To see more information about your application pods, select Pods in the left-hand menu. 此时会显示可用 Pod 的列表。The list of available pods is shown. 选择你的 nginx Pod 来查看信息,例如资源消耗:Choose your nginx pod to view information, such as resource consumption:

查看 Pod 信息

编辑应用程序Edit the application

除了创建和查看应用程序之外,Kubernetes 仪表板还可以用来编辑和更新应用程序部署。In addition to creating and viewing applications, the Kubernetes dashboard can be used to edit and update application deployments. 若要为应用程序提供额外的冗余,让我们来增加 NGINX 副本数。To provide additional redundancy for the application, let's increase the number of NGINX replicas.

若要编辑部署,请执行以下操作:To edit a deployment:

  1. 在左侧菜单中选择“部署”,然后选择你的 nginx 部署。Select Deployments in the left-hand menu, and then choose your nginx deployment.
  2. 在右上角的导航栏中选择“编辑”。Select Edit in the upper right-hand navigation bar.
  3. 找到 spec.replica 值,大约在第 20 行。Locate the spec.replica value, at around line 20. 若要增加应用程序的副本数,请将此值从 1 更改为 3To increase the number of replicas for the application, change this value from 1 to 3.
  4. 在完成后,选择“更新”。Select Update when ready.

编辑部署以更新副本数

在副本集内创建新 Pod 需要花费一些时间。It takes a few moments for the new pods to be created inside a replica set. 在左侧菜单上,选择“副本集”,然后选择你的 nginx 副本集。On the left-hand menu, choose Replica Sets, and then choose your nginx replica set. Pod 列表现在反映了已更新的副本计数,如以下示例输出中所示:The list of pods now reflects the updated replica count, as shown in the following example output:

查看副本集的信息

后续步骤Next steps

有关 Kubernetes 仪表板的详细信息,请参阅 Kubernetes Web UI 仪表板For more information about the Kubernetes dashboard, see the Kubernetes Web UI Dashboard.