Kubernetes dashboard v2.0.0安装
发布时间:2020-01-12 13:32:39阅读:(886)
安装完k8s 1.16集群后,再安装dashboard v1.* 发现不兼容,于是折腾了这个v2.0.0的教程
k8s dashboard v2.0.0效果展示
V2.0.0对比V1.*的优势
- 监控信息不需要通过Heapster来提供,而是通过Metrics Server来提供,Metrics Scraper服务来采集,不需要单独维护Heapster
- 支持暗黑主题
- 监控图显示更细节化
- 编辑支持yaml和json
下载官方配置并执行,目前最新版本为2.0.0-rc1
$ wget -O dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc1/aio/deploy/recommended.yaml
$ kubectl apply -f dashboard.yaml创建一个管理员账户
$ cat dashboard-admin.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
EOF
$ kubectl apply -f dashboard-admin.yaml获取管理员token
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-mhkb2
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 6119e627-4c86-4ee2-85bc-26a71982b2f4
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkRZbFJzOC1nTE1DaFRtaXVuV0NyZ0FwbTFrWVdIWWlNU211ZG9QYXNKc0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbWhrYjIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjExOWU2MjctNGM4Ni00ZWUyLTg1YmMtMjZhNzE5ODJiMmY0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.Btyn7SLKXPCHEeHIHkd36RLvwkK1-OE7Co1IIbPIHXXo63yGslXOgqOT8C7nv7Ft_jVHNusCNdnVBDbsGxCHdgBBpK9-ra6_5efqdxniPErd5cpOnmPrEW-zgnTyBd-czLRMjzy2TR59H4va70z4lmnyQgY9K3em8V1kUeWOVDo2j5g-QAiha8LL7H9eL2M2HAYiu8myqLG5B1MC5bfRTQBh2FYqN2tV2asMj_UKE-XPVCq6SyklGRTWuSmNzXT9XtBnxv6JXz8Xpqm6rW--lQeKZYoPvj_8bupvjQtEKu964iqkv25G1NQYC73e279KfMFhpx1tf1q7VnwZgAT20A最后一行的token就是我们登陆dashboard需要的token
查看dashboard service地址
$ kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.101.104.193 <none> 8000/TCP 150m
kubernetes-dashboard ClusterIP 10.101.21.131 <none> 443/TCP 150m直接在浏览器中输入https://10.101.21.131,输入上面获取的token即可进入dashboard(此处还没有配置证书,默认的自签证书chrome无法信任所以打不开,可以在Firefox中打开)(我这里k8s使用的是ipvs模式,在电脑上添加一条路由规则后即可直接访问service-ip,可以以使用NodePort模式将dashboard暴露出来)
我们看到这是CPU和内存信息都还没有,因为我们还没有安装metrics-server
metrics-server github仓库为:https://github.com/kubernetes-sigs/metrics-server,我们从这里获取配置文件
$ mkdir metrics-server && cd metrics-server
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/aggregated-metrics-reader.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/auth-delegator.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/auth-reader.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/metrics-apiservice.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/metrics-server-deployment.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/metrics-server-service.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/resource-reader.yaml 修改配置
$ vi metrics-server-deployment.yaml
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: Always
command: #增加这几行
- /metrics-server
- --kubelet-preferred-address-types=InternalIP
- --kubelet-insecure-tls
volumeMounts:
- name: tmp-dir
mountPath: /tmp 执行脚本
$ kubectl apply -f .过1-2分钟后即可在dashboard中看到CPU、内存信息,也可通过执行kubectl top nodes 查看信息
$ kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
m1 280m 14% 1144Mi 31%
m2 219m 10% 994Mi 26%
m3 207m 10% 1019Mi 27%
w1 136m 6% 498Mi 13%
w2 140m 7% 437Mi 11%
w3 133m 6% 368Mi 9% 证书配置
方式一,使用已有证书
可以通过阿里云申请1年免费证书,或者通过Let’s Encrypt生成90天免费证书,建免费证书存放在$HOME/certs目录下,取名为tls.crt和tls.key。
删除dashboard
$ kubectl delete -f dashboard.yaml创建ssl证书secret
$ kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kubernetes-dashboard重新部署dashboard
$ kubectl apply -f dashboard.yaml重新获取dashboard service ip,然后绑定一个host,然后就能通过域名访问dashboard了
方式二,使用Ingress卸载ssl证书,并使用Ingress中配置的证书
ingress的部署可以查看Kubernetes使用Ingress nginx暴露服务并配置证书
$ cat dashboard-ingress.yaml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: dashboard
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true" # 强制跳转https
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 代理后端https
spec:
tls:
- hosts:
- '*.yourdoman.com'
secretName: yourdoman-com-tls
rules:
- host: dashboard.yourdoman.com
http:
paths:
- path:
backend:
serviceName: kubernetes-dashboard
servicePort: 443
EOF
$ kubectl apply -f dashboard-ingress.yaml然后就能在浏览器中正常访问了
文章版权及转载声明:
文章转载或复制请以超链接形式并注明出处陌上小筑
发表评论