Kubernetes: Understanding K8s open source Web/desktop client tool Headlamp

写在前面

• 分享一个 k8s 客户端开源项目 Headlamp 给小伙伴
• 博文内容涉及：
  • Headlamp 桌面/集群 Web 端安装
  • Start the imported cluster to simply view the cluster information
• 理解不足小伙伴帮忙指正

我所渴求的,無非是將心中脫穎語出的本性付諸生活,為何竟如此艱難呢 ------赫尔曼·黑塞《德米安》

Headlamp 是一个2022Open source one per year k8s 客户端项目,It can be deployed with Web UI 界面的集群内服务,或者是作为 桌面端 Install locally on the desktop.Headlamp 有很好的扩展性,可以通过插件扩展.

在使用 Headlamp 桌面端的时候,需要提供 kubeconfig The files are located on the local machine.Not required if deployed within a cluster,会通过 sa 的方式访问.

Headlamp 的特性：

• 供应商独立/通用 Kubernetes UI
• Work in a cluster,Or work locally as a desktop application
• 多集群
• 可通过插件扩展
• Reflecting the user's role UI 控件（不允许删除/更新）
• Clean and modern user interface
• Cancellable creation/更新/删除操作
• Logs with documentation、Execution and resource editors
• 读写/交互（Permission-based operations）

Desktop client deployment

Headlamp Can run as a desktop application,For users who don't want to deploy it in a cluster,Or users who want to manage unrelated clusters locally.

There are currently applicable Linux 、 Mac 和 Windows的桌面应用程序 .我们尝试在 window 上安装

下载安装

curl -o  Headlamp-0.14.1-win-x64.exe https://github.com/kinvolk/headlamp/releases/download/v0.14.1/Headlamp-0.14.1-win-x64.exe

启动

This is what it looks like when it is opened directly,Here because we have no configuration kubeconfig 配置文件.

配置 kubeconfig 文件,Here we directly copy it on the cluster.

PS C:\Program Files\Headlamp> scp [email protected]:/root/.kube/config ./
[email protected]'s password:
config                                                                                100% 5677     3.9MB/s   00:00

通过命令行启动,指定配置文件

PS C:\Program Files\Headlamp> .\Headlamp.exe --kubeconfig config
PS C:\Program Files\Headlamp>
01:07:19.550 > App starting...
Check for updates:  true
arguments passed to backend server [ '--kubeconfig', 'config' ]
01:07:22.299 > server process stderr: 2023/01/14 01:07:22 plugins-dir: C:\Users\山河已无恙\AppData\Roaming\Headlamp\Config\plugins

01:07:22.301 > server process stdout: *** Headlamp Server ***
  API Routers:
        localhost:4466/clusters/[email protected]/{
    api...} -> https://192.168.26.81:6443

Plugins are loaded. Loading full menu.
01:07:22.923 > server process stderr: 2023/01/14 01:07:22 Requesting  https://192.168.26.81:6443/api/v1/events

01:07:22.924 > server process stderr: 2023/01/14 01:07:22 Requesting  https://192.168.26.81:6443/version
..........

If you don't want to start using the command line,Or you can also put the configuration file into the default location read location

PS C:\Users\山河已无恙\.kube> ls

    目录: C:\Users\山河已无恙\.kube

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----         2023/1/14      7:48                cache
-a----         2023/1/13     22:05           5579 config
PS C:\Users\山河已无恙\.kube>

Launch directly from the desktop,Here again administrator privileges may be required.

查看集群节点信息

查看集群资源

集群部署 Web 客户端

下载安装

┌──[[email protected]]-[~/ansible]
└─$mkdir kubernetes-headlamp
┌──[[email protected]]-[~/ansible]
└─$cd kubernetes-headlamp/
┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$curl -o kubernetes-headlamp.yaml https://raw.githubusercontent.com/kinvolk/headlamp/main/kubernetes-headlamp.yaml

如果你没有科学上网,You can try browser access and download

在应用之前,你需要做一些准备工作,This mirror image requires science to go online,所以你只能 在 hub.docker find similar,Or find a machine that can scientifically surf the Internet to download.Here we replace the mirror image

Pulling image "ghcr.io/kinvolk/headlamp:latest"

替换为

docker pull epamedp/headlamp:0.14.0.6

At the same time, in order to be able to access outside the cluster,这里设置 svc 类型为 NodePort

┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$cat kubernetes-headlamp.yaml
kind: Service
apiVersion: v1
metadata:
  name: headlamp
  namespace: kube-system
spec:
  ports:
    - port: 30025
      targetPort: 4466
  type: NodePort
  selector:
    k8s-app: headlamp
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: headlamp
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: headlamp
  template:
    metadata:
      labels:
        k8s-app: headlamp
    spec:
      containers:
      - name: headlamp
        image: epamedp/headlamp:0.14.0.6
        args:
          - "-in-cluster"
          - "-plugins-dir=/headlamp/plugins"
        ports:
        - containerPort: 4466
        livenessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 4466
          initialDelaySeconds: 30
          timeoutSeconds: 30
      nodeSelector:
        'kubernetes.io/os': linux
---
kind: Secret
apiVersion: v1
metadata:
  name: headlamp-admin
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: "headlamp-admin"
type: kubernetes.io/service-account-token

应用 yaml 文件

┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$kubectl apply  -f kubernetes-headlamp.yaml
service/headlamp created
deployment.apps/headlamp created
secret/headlamp-admin created

嗯,Here you will find that it cannot be created Secret ,这是因为没有 sa 的原因,所以需要创建一个 sa.One will be generated by default after creation token 的 Secret.

┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$kubectl -n kube-system create serviceaccount headlamp-admin

创建好 sa Then it needs to be empowered,Here are the management tools,So give it the built in cluster-admin 角色

┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$kubectl create clusterrolebinding headlamp-admin --serviceaccount=kube-system:headlamp-admin --clusterrole=cluster-admin
clusterrolebinding.rbac.authorization.k8s.io/headlamp-admin created

查看 sa 对应的 tocker

┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$kubectl get secrets | grep headlamp-admin-
headlamp-admin-token-8d5pr                       kubernetes.io/service-account-token   3      19m

获取 toker 登录 Web 端

┌──[[email protected]]-[~/ansible/kubernetes-headlamp]
└─$kubectl get secrets   headlamp-admin-token-8d5pr  -o  jsonpath='{.data.token}' | base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6ImF2MmJVZ3d6M21JRC1BZUwwaHlDdzZHSGNyaVJON1BkUHF6MlhPV2NfX00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJoZWFkbGFtcC1hZG1pbi10b2tlbi04ZDVwciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJoZWFkbGFtcC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjI0NDMxNTA4LWU4ZjEtNGYxOC1hMWIxLTlmMmUzZmFhNDU3ZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpoZWFkbGFtcC1hZG1pbiJ9.oSA_i8gZOXYNRQMyoUKCK_wivtSiEjJ78EDUzZ1R7_HFxiLBKWLtxYN81wyf19bp9y9BFc2YYAW9lBy9QfVxg6LzBhW1sb4tcJJ0SOldxQX8z9kWK9m1MPMMs3aqtt1S9n8ShMBeobyY5AXSkBMDvVh6_E1P22dnPyOH7r_m0DEM0pgOP7B347sDKHiKx60hHBTfayvF7WDgfVlqsItBrc-MupC7NieRe8pztCllQ8awPksZXPRAJdcKwlSPvskoYxaqOBGbfZvFAFeLJaiGHdwkb6jUKyVfcB_hX_Pm5aEHGU8LZq7twrup859zxLxwn3nAgQpM6-NySZt8ax24kg

访问 http://192.168.26.81:30023/c/main/token ,输入 token

Go in to see resource information

节点信息,查看 集群相关信息

关于 Headlamp k8s The client can share with friends here,如果条件允许,建议使用 via desktop,Start by naming the line,只需要拷贝一个 kubeconfig 文件,Web The client needs to deploy services in the cluster,需要暴露端口,Consider invasive questions,建议优先使用 桌面端.

博文参考

https://github.com/headlamp-k8s/headlamp

https://headlamp.dev/

https://headlamp.dev/docs/latest/installation/