Kubernetes dashboard v2.0.0安装

发布时间:2020-01-12 13:32:39阅读:(933)

安装完k8s 1.16集群后,再安装dashboard v1.* 发现不兼容,于是折腾了这个v2.0.0的教程

k8s dashboard v2.0.0效果展示

V2.0.0对比V1.*的优势

  • 监控信息不需要通过Heapster来提供,而是通过Metrics Server来提供,Metrics Scraper服务来采集,不需要单独维护Heapster
  • 支持暗黑主题
  • 监控图显示更细节化
  • 编辑支持yaml和json

下载官方配置并执行,目前最新版本为2.0.0-rc1

$ wget -O dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc1/aio/deploy/recommended.yaml
$ kubectl apply -f dashboard.yaml

创建一个管理员账户

$ cat dashboard-admin.yaml <<EOF 
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-bind-cluster-role
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard
EOF
$ kubectl apply -f dashboard-admin.yaml

获取管理员token

$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
Name: dashboard-admin-token-mhkb2
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 6119e627-4c86-4ee2-85bc-26a71982b2f4

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkRZbFJzOC1nTE1DaFRtaXVuV0NyZ0FwbTFrWVdIWWlNU211ZG9QYXNKc0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbWhrYjIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNjExOWU2MjctNGM4Ni00ZWUyLTg1YmMtMjZhNzE5ODJiMmY0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.Btyn7SLKXPCHEeHIHkd36RLvwkK1-OE7Co1IIbPIHXXo63yGslXOgqOT8C7nv7Ft_jVHNusCNdnVBDbsGxCHdgBBpK9-ra6_5efqdxniPErd5cpOnmPrEW-zgnTyBd-czLRMjzy2TR59H4va70z4lmnyQgY9K3em8V1kUeWOVDo2j5g-QAiha8LL7H9eL2M2HAYiu8myqLG5B1MC5bfRTQBh2FYqN2tV2asMj_UKE-XPVCq6SyklGRTWuSmNzXT9XtBnxv6JXz8Xpqm6rW--lQeKZYoPvj_8bupvjQtEKu964iqkv25G1NQYC73e279KfMFhpx1tf1q7VnwZgAT20A

最后一行的token就是我们登陆dashboard需要的token

查看dashboard service地址

$ kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.101.104.193 <none> 8000/TCP 150m
kubernetes-dashboard ClusterIP 10.101.21.131 <none> 443/TCP 150m

直接在浏览器中输入https://10.101.21.131,输入上面获取的token即可进入dashboard(此处还没有配置证书,默认的自签证书chrome无法信任所以打不开,可以在Firefox中打开)(我这里k8s使用的是ipvs模式,在电脑上添加一条路由规则后即可直接访问service-ip,可以以使用NodePort模式将dashboard暴露出来)

我们看到这是CPU和内存信息都还没有,因为我们还没有安装metrics-server

metrics-server github仓库为:https://github.com/kubernetes-sigs/metrics-server,我们从这里获取配置文件

$ mkdir metrics-server && cd metrics-server
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/aggregated-metrics-reader.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/auth-delegator.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/auth-reader.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/metrics-apiservice.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/metrics-server-deployment.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/metrics-server-service.yaml
$ wget https://raw.githubusercontent.com/kubernetes-sigs/metrics-server/master/deploy/1.8%2B/resource-reader.yaml

修改配置

$ vi metrics-server-deployment.yaml 
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  template:
    metadata:
      name: metrics-server
      labels:
        k8s-app: metrics-server
    spec:
      serviceAccountName: metrics-server
      volumes:
      # mount in tmp so we can safely use from-scratch images and/or read-only containers
      - name: tmp-dir
        emptyDir: {}
      containers:
      - name: metrics-server
        image: k8s.gcr.io/metrics-server-amd64:v0.3.6
        imagePullPolicy: Always
        command: #增加这几行
        - /metrics-server
        - --kubelet-preferred-address-types=InternalIP
        - --kubelet-insecure-tls
        volumeMounts:
        - name: tmp-dir
          mountPath: /tmp

执行脚本

$ kubectl apply -f .

过1-2分钟后即可在dashboard中看到CPU、内存信息,也可通过执行kubectl top nodes 查看信息

$ kubectl top nodes 
NAME   CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
m1     280m         14%    1144Mi          31%
m2     219m         10%    994Mi           26%
m3     207m         10%    1019Mi          27%
w1     136m         6%     498Mi           13%
w2     140m         7%     437Mi           11%
w3     133m         6%     368Mi           9%

证书配置

方式一,使用已有证书

可以通过阿里云申请1年免费证书,或者通过Let’s Encrypt生成90天免费证书,建免费证书存放在$HOME/certs目录下,取名为tls.crt和tls.key。

删除dashboard

$ kubectl delete -f dashboard.yaml

创建ssl证书secret

$ kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kubernetes-dashboard

重新部署dashboard

$ kubectl apply -f dashboard.yaml

重新获取dashboard service ip,然后绑定一个host,然后就能通过域名访问dashboard了

方式二,使用Ingress卸载ssl证书,并使用Ingress中配置的证书

ingress的部署可以查看Kubernetes使用Ingress nginx暴露服务并配置证书

$ cat dashboard-ingress.yaml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: dashboard
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true" # 强制跳转https
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # 代理后端https
spec:
tls:
- hosts:
- '*.yourdoman.com'
secretName: yourdoman-com-tls
rules:
- host: dashboard.yourdoman.com
http:
paths:
- path:
backend:
serviceName: kubernetes-dashboard
servicePort: 443
EOF
$ kubectl apply -f dashboard-ingress.yaml

然后就能在浏览器中正常访问了

标签:k8sdashboard

发表评论

评论列表(有0条评论933人围观)
暂无评论