碼上快樂

相關內容    簡體    繁體

10-部署配置dashboard插件

本文轉載自   查看原文   2018-04-07 20:05   2535    kubenetes/ Kubernetes

配置和安裝 dashboard

官方文件目錄:kubernetes/cluster/addons/dashboard

我們需要使用的yaml文件

$ ls *.yaml
dashboard-controller.yaml  dashboard-service.yaml dashboard-rbac.yaml

已經修改好的 yaml 文件見:dashboard

由於 kube-apiserver 啟用了 RBAC 授權,而官方源碼目錄的 dashboard-controller.yaml 沒有定義授權的 ServiceAccount,所以后續訪問 kube-apiserver 的 API 時會被拒絕,web中提示:

Forbidden (403)

User "system:serviceaccount:kube-system:default" cannot list jobs.batch in the namespace "default". (get jobs.batch)

增加了一個dashboard-rbac.yaml文件,定義一個名為 dashboard 的 ServiceAccount,然后將它和 Cluster Role view 綁定。

配置dashboard-service

# cat dashboard-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  type: NodePort 
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 80
    targetPort: 9090
  • 指定端口類型為 NodePort,這樣外界可以通過地址 nodeIP:nodePort 訪問 dashboard;

配置dashboard-controller

# cat dashboard-controller.yaml 
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      serviceAccountName: dashboard
      containers:
      - name: kubernetes-dashboard
        image: index.tenxcloud.com/jimmy/kubernetes-dashboard-amd64:v1.6.0
        resources:
          limits:
            cpu: 100m
            memory: 50Mi
          requests:
            cpu: 100m
            memory: 50Mi
        ports:
        - containerPort: 9090
        livenessProbe:
          httpGet:
            path: /
            port: 9090
          initialDelaySeconds: 30
          timeoutSeconds: 30
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"

dashboard-rbac文件如下

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard
  namespace: kube-system

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard
subjects:
  - kind: ServiceAccount
    name: dashboard
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

執行所有yaml文件

# pwd
/root/yaml/dashboard
# ls *.yaml
dashboard-controller.yaml  dashboard-service.yaml dashboard-rbac.yaml
#  kubectl  create -f .
deployment "kubernetes-dashboard" created
serviceaccount "dashboard" created
clusterrolebinding "dashboard" created
service "kubernetes-dashboard" created

檢查執行結果

查看分配的 NodePort

#kubectl get services kubernetes-dashboard -n kube-system
NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   10.254.142.130   <nodes>       80:31761/TCP   1h
  • NodePort 31761映射到 dashboard pod 80端口;

檢查 controller狀態

#kubectl get deployment kubernetes-dashboard  -n kube-system
NAME                    DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1         1         1            1           1h

#  kubectl get pods  -n kube-system | grep dashboard
kubernetes-dashboard-2888692679-bpz89   1/1       Running   0          1h

訪問dashboard

有以下三種方式:

  • kubernetes-dashboard 服務暴露了 NodePort,可以使用 http://NodeIP:nodePort 地址訪問 dashboard;
  • 通過 kube-apiserver 訪問 dashboard(https 6443端口和http 8080端口方式);
  • 通過 kubectl proxy 訪問 dashboard:

通過 kubectl proxy 訪問 dashboard

啟動代理

$ kubectl proxy --address='192.168.1.121' --port=8086 --accept-hosts='^*$'
Starting to serve on 192.168.1.121:8086
  • 需要指定 --accept-hosts 選項,否則瀏覽器訪問 dashboard 頁面時提示 “Unauthorized”;

瀏覽器訪問 URL:http://192.168.1.121:8086/ui
自動跳轉到:http://192.168.1.121:8086/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload?namespace=default

通過 kube-apiserver 訪問dashboard

獲取集群服務地址列表

$ kubectl cluster-info
Kubernetes master is running at https://192.168.1.121:6443
KubeDNS is running at https://192.168.1.121:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at https://192.168.1.121:6443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard

瀏覽器訪問 URL:https://172.20.0.113:6443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard(瀏覽器會提示證書驗證,因為通過加密通道,以改方式訪問的話,需要提前導入證書到你的計算機中)。這是我當時在這遇到的坑:通過 kube-apiserver 訪問dashboard,提示User "system:anonymous" cannot proxy services in the namespace "kube-system". #5,已經解決。

導入證書

將生成的admin.pem證書轉換格式

openssl pkcs12 -export -in admin.pem  -out admin.p12 -inkey admin-key.pem

將生成的admin.p12證書導入的你的電腦,導出的時候記住你設置的密碼,導入的時候還要用到。

如果你不想使用https的話,可以直接訪問insecure port 8080端口:
http://192.168.1.121:8080/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard

  • 選擇其中一種方式訪問即可

由於缺少 Heapster 插件,當前 dashboard 不能展示 Pod、Nodes 的 CPU、內存等 metric 圖形,后續補上Heapster


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 k8s之Dashboard插件部署及使用 10-支付功能 10-事件對象 部署dashboard H3C OSPF配置10-常見配置錯誤舉例 10-關於DOM的事件操作 git使用教程10-修改 config 配置用戶名和郵箱 Windows內核開發-10-監聽對象 042 實例10-文本詞頻統計 10-微信小程序 WXS
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM