K8s中部署并使用Dashboard
一、下载dashboard文件
从github上 https://github.com/kubernetes/dashboard/releases/
下载dashboard的recommended.yaml文件,下载完成后,打开此文件,需要修改:
修改kubernetes-dashboard关于Service配置
下载的时候需要看下版本是否完全支持
接着,修改recommended.yaml文件中kubernetes-dashboard关于Service配置部分,内容如下:
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 32001 #添加固定端口,此处端口可用范围为30000-32767。
selector:
k8s-app: kubernetes-dashboard
type: NodePort #添加NodePort方式访问
二、安装dashboard
Dashboard部署文件下载修改完成后,执行如下命令安装dashboard:
$ kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
安装完成后,执行如下命令查看pod信息:
$ kubectl get pods --namespace=kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-799d786dbf-xps9k 1/1 Running 0 10m 10.244.3.67 centos7906 <none> <none>
kubernetes-dashboard-fb8648fd9-pmqrt 1/1 Running 0 10m 10.244.2.58 centos7907 <none> <none>
注意,这个新版的kubernetes-dashboard中,默认的namespace是kubernetes-dashboard,而不是之前的kube-system。
三、将dashboard修改为NodePort访问
访问dashboard有三种方式,分别是:
- kubectl proxy:只能在localhost上访问。
- NodePort:编辑 recommended.yaml文件中,将 type: ClusterIP 改为 type: NodePort,确认dashboard运行在哪个节点后。访问地址:
https://<node-ip>:<nodePort>
- apiserver:需要在浏览器中安装用户证书。访问地址很长,类似与:
https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
kubectl proxy方式不推荐,建议使用有效证书来建立安全的HTTPS连接。
这里使用NodePort方式访问,比较简单,但需要修改dashboard配置,可执行如下命令修改:
$ kubectl --namespace=kubernetes-dashboard edit service kubernetes-dashboard
此命令会vi打开配置文件,将里面的type: ClusterIP
改为type: NodePort
即可。
保存退出后。等一会儿,重新查看,就变为NodePort了。
$ kubectl --namespace=kubernetes-dashboard get service kubernetes-dashboard
访问https://10.0.0.5:32001/
必须是https
四、登录
通过Token令牌访问
获取Token令牌
执行如下命令,创建一个ServiceAccount用户dashboard-admin:
$ kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
然后将dashboard-admin用户与角色绑定:
$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
最后,查看Token令牌,执行如下组合命令:
$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
此命令输出中,token就是令牌,复制出来保存。
eyJhbGciOiJSUzI1NiIsImtpZCI6IjBYeWhybzh0MXBIcTk5cmxqTXBlaFR2ZVpJaFVFdzhOSlJoU1FiZUxoN0EifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4td3pwdzkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2Y0NTZlYzYtNzk0OC00ZWRmLTk5ZTEtMTFjZTZkMzVkMzA0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.s4sJdp8rOQoJeL-bcbyaoph3W2nXt0fOSb2Jy09ybh1E9ky91oftuI7zdOECT5ik29BdLHX8sS-1u-_hSiUdc6ZzFeC5wubwm7s4o4LrFnD2EPImuiz8m12g5z52Pb60xV-d--bGUhy9GWDA8K80cnvcaw32w3uuMiBlI_Q4DpTs3129mnnFW_ul239h6HzrRvENUHoEW5pGJf8PqOL_jTqEsq7ucECR__kbfaVjH8JMnwk8z8fe7aylEhzTC-KUmfHh5FlkC3ITtMmy95Av5FxIgY8p7jFBu1CnVm6oboC90Nr48EjjzUbzEF5Usmuzo227yO1N6h8KzlPTyAWhKA
有了令牌后,就可以在dashboard选择令牌登录了。
进入
通过kubeconfig文件访问
$ cd /etc/kubernetes/pki
1、创建cluster集群
$ kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://10.0.0.5:6443" --embed-certs=true --kubeconfig=/root/dashboard-admin.conf
通过ca证书创建集群的配置文件
2、创建credentials
创建credentials需要使用上面的dashboard-admin-token-bt9p5对应的token信息
先获取对应的secret名称
$ kubectl get secrets -n kube-system | awk '/dashboard-admin/{print $1}'
然后根据名称解析出对应的token
$ kubectl get secret $(kubectl get secrets -n kube-system | awk '/dashboard-admin/{print $1}') -n kube-system -o jsonpath={.data.token}|base64 -d
然后把结果赋给一个变量
$ DEF_NS_ADMIN_TOKEN=`kubectl get secret $(kubectl get secrets -n kube-system | awk '/dashboard-admin/{print $1}') -n kube-system -o jsonpath={.data.token}|base64 -d`
最后将token设置到配置文件中
$ kubectl config set-credentials dashboard-admin --token=$DEF_NS_ADMIN_TOKEN --kubeconfig=/root/dashboard-admin.conf
3、创建context
$ kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/dashboard-admin.conf
4、切换context的current-context是dashboard-admin@kubernetes
$ kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/dashboard-admin.conf
5、把刚才的kubeconfig文件dashboard-admin.conf复制到桌面
浏览器访问时使用kubeconfig认证,把刚才的dashboard-admin.conf导入到web界面,那么就可以登陆了
五、安装监控组件
默认k8s集群不带监控组件,heapster从1.11版本开始逐渐废弃,替代品为新的组件metrics-server
下载此文件https://github.com/kubernetes-sigs/metrics-server/releases
$ wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml
对此文件做简单修改
vim components.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
#设定不验证tls
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
#image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1
#默认的k8s.gcr.io我们是访问不到的,需要修改成国内的
image: registry.cn-guangzhou.aliyuncs.com/k8s-hxg/metrics-server:v0.6.1
imagePullPolicy: IfNotPresent
接着,就可以安装监控组件了
$ kubectl apply -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
#查看pod状态
$ kubectl -n kube-system get pod | grep metrics
metrics-server-5d9fbf97f7-sf762 1/1 Running 0 4m39s
然后,就可以查看各个组件的资源使用信息了
$ kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
centos7905 119m 2% 1052Mi 27%
centos7906 43m 1% 502Mi 13%
centos7907 26m 0% 440Mi 11%
$ kubectl -n kubernetes-dashboard top pod kubernetes-dashboard-fb8648fd9-pmqrt
NAME CPU(cores) MEMORY(bytes)
kubernetes-dashboard-fb8648fd9-pmqrt 14m 48Mi
在图形界面也可以看到,出现了消耗资源的情况
本文来自博客园,作者:厚礼蝎,转载请注明原文链接:https://www.cnblogs.com/guangdelw/p/16970575.html