K8s中部署并使用Dashboard

一、下载dashboard文件

从github上 https://github.com/kubernetes/dashboard/releases/

下载dashboard的recommended.yaml文件,下载完成后,打开此文件,需要修改:

修改kubernetes-dashboard关于Service配置

下载的时候需要看下版本是否完全支持

接着,修改recommended.yaml文件中kubernetes-dashboard关于Service配置部分,内容如下:

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 32001	#添加固定端口,此处端口可用范围为30000-32767。
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort	#添加NodePort方式访问

二、安装dashboard

Dashboard部署文件下载修改完成后,执行如下命令安装dashboard:

$ kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

安装完成后,执行如下命令查看pod信息:

$ kubectl get pods --namespace=kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE   IP            NODE         NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-799d786dbf-xps9k   1/1     Running   0          10m   10.244.3.67   centos7906   <none>           <none>
kubernetes-dashboard-fb8648fd9-pmqrt         1/1     Running   0          10m   10.244.2.58   centos7907   <none>           <none>

注意,这个新版的kubernetes-dashboard中,默认的namespace是kubernetes-dashboard,而不是之前的kube-system。

三、将dashboard修改为NodePort访问

访问dashboard有三种方式,分别是:

  • kubectl proxy:只能在localhost上访问。
  • NodePort:编辑 recommended.yaml文件中,将 type: ClusterIP 改为 type: NodePort,确认dashboard运行在哪个节点后。访问地址:https://<node-ip>:<nodePort>
  • apiserver:需要在浏览器中安装用户证书。访问地址很长,类似与: https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

kubectl proxy方式不推荐,建议使用有效证书来建立安全的HTTPS连接。

这里使用NodePort方式访问,比较简单,但需要修改dashboard配置,可执行如下命令修改:

$ kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard

此命令会vi打开配置文件,将里面的type: ClusterIP改为type: NodePort即可。
保存退出后。等一会儿,重新查看,就变为NodePort了。

$ kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard

访问https://10.0.0.5:32001/

必须是https

四、登录

通过Token令牌访问

获取Token令牌

执行如下命令,创建一个ServiceAccount用户dashboard-admin:

$ kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created

然后将dashboard-admin用户与角色绑定:

$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

最后,查看Token令牌,执行如下组合命令:

$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

此命令输出中,token就是令牌,复制出来保存。

eyJhbGciOiJSUzI1NiIsImtpZCI6IjBYeWhybzh0MXBIcTk5cmxqTXBlaFR2ZVpJaFVFdzhOSlJoU1FiZUxoN0EifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4td3pwdzkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2Y0NTZlYzYtNzk0OC00ZWRmLTk5ZTEtMTFjZTZkMzVkMzA0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.s4sJdp8rOQoJeL-bcbyaoph3W2nXt0fOSb2Jy09ybh1E9ky91oftuI7zdOECT5ik29BdLHX8sS-1u-_hSiUdc6ZzFeC5wubwm7s4o4LrFnD2EPImuiz8m12g5z52Pb60xV-d--bGUhy9GWDA8K80cnvcaw32w3uuMiBlI_Q4DpTs3129mnnFW_ul239h6HzrRvENUHoEW5pGJf8PqOL_jTqEsq7ucECR__kbfaVjH8JMnwk8z8fe7aylEhzTC-KUmfHh5FlkC3ITtMmy95Av5FxIgY8p7jFBu1CnVm6oboC90Nr48EjjzUbzEF5Usmuzo227yO1N6h8KzlPTyAWhKA

有了令牌后,就可以在dashboard选择令牌登录了。

进入

通过kubeconfig文件访问

$ cd /etc/kubernetes/pki

1、创建cluster集群

$ kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://10.0.0.5:6443" --embed-certs=true --kubeconfig=/root/dashboard-admin.conf

通过ca证书创建集群的配置文件

2、创建credentials

创建credentials需要使用上面的dashboard-admin-token-bt9p5对应的token信息

先获取对应的secret名称

$ kubectl get secrets -n kube-system | awk '/dashboard-admin/{print $1}'

然后根据名称解析出对应的token

$ kubectl get secret $(kubectl get secrets -n kube-system | awk '/dashboard-admin/{print $1}') -n kube-system  -o jsonpath={.data.token}|base64 -d

然后把结果赋给一个变量

$ DEF_NS_ADMIN_TOKEN=`kubectl get secret $(kubectl get secrets -n kube-system | awk '/dashboard-admin/{print $1}') -n kube-system  -o jsonpath={.data.token}|base64 -d`

最后将token设置到配置文件中

$ kubectl config set-credentials dashboard-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=/root/dashboard-admin.conf

3、创建context

$ kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/dashboard-admin.conf

4、切换context的current-context是dashboard-admin@kubernetes

$ kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/dashboard-admin.conf

5、把刚才的kubeconfig文件dashboard-admin.conf复制到桌面

浏览器访问时使用kubeconfig认证,把刚才的dashboard-admin.conf导入到web界面,那么就可以登陆了

五、安装监控组件

默认k8s集群不带监控组件,heapster从1.11版本开始逐渐废弃,替代品为新的组件metrics-server

下载此文件https://github.com/kubernetes-sigs/metrics-server/releases

$ wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml

对此文件做简单修改

vim components.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  strategy:
    rollingUpdate:
      maxUnavailable: 0
  template:
    metadata:
      labels:
        k8s-app: metrics-server
    spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --secure-port=4443
        #设定不验证tls
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        - --metric-resolution=15s
        #image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1
        #默认的k8s.gcr.io我们是访问不到的,需要修改成国内的
        image: registry.cn-guangzhou.aliyuncs.com/k8s-hxg/metrics-server:v0.6.1
        imagePullPolicy: IfNotPresent

接着,就可以安装监控组件了

$ kubectl apply -f components.yaml 
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created

#查看pod状态
$ kubectl -n kube-system get pod | grep metrics
metrics-server-5d9fbf97f7-sf762      1/1     Running   0             4m39s

然后,就可以查看各个组件的资源使用信息了

$ kubectl top node 
NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
centos7905   119m         2%     1052Mi          27%       
centos7906   43m          1%     502Mi           13%       
centos7907   26m          0%     440Mi           11%  
$ kubectl -n kubernetes-dashboard top pod kubernetes-dashboard-fb8648fd9-pmqrt 
NAME                                   CPU(cores)   MEMORY(bytes)   
kubernetes-dashboard-fb8648fd9-pmqrt   14m          48Mi

在图形界面也可以看到,出现了消耗资源的情况

posted @ 2022-12-09 23:51  厚礼蝎  阅读(1359)  评论(0编辑  收藏  举报