Kubernetes V1.18.2部署Dashboard V2.0
部署Kubernetes V1.18.2
下載並修改Dashboard安裝腳本(在Master上執行)
參照官網安裝說明在master上執行:
cd ~
mkdir Dashboard
cd Dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
修改recommended.yaml文件內容(vi recommended.yaml):
---
#增加直接訪問端口
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30008 #增加
selector:
k8s-app: kubernetes-dashboard
---
#因為自動生成的證書很多瀏覽器無法使用,所以我們自己創建,注釋掉kubernetes-dashboard-certs對象聲明
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
創建證書
mkdir dashboard-certs
cd dashboard-certs/
#創建命名空間
kubectl create namespace kubernetes-dashboard
# 創建key文件
openssl genrsa -out dashboard.key 2048
#證書請求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#自簽證書
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#創建kubernetes-dashboard-certs對象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
安裝Dashboard
#安裝
kubectl create -f ~/Dashboard/recommended.yaml
#檢查結果
kubectl get pods -A -o wide
kubectl get service -n kubernetes-dashboard -o wide
創建dashboard管理員
#創建賬號
vi dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
#保存退出后執行
kubectl create -f dashboard-admin.yaml
#為用戶分配權限
vi dashboard-admin-bind-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
#保存退出后執行
kubectl create -f dashboard-admin-bind-cluster-role.yaml
#查看並復制用戶Token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
因為宿主機沒有開通30008端口並且沒有轉發給Node節點,所以我們先開記錄登錄Token,並開通端口設置轉發規則:
#在宿主機上開通30008端口
firewall-cmd --add-port=30008/tcp --permanent
firewall-cmd --reload
#用SSH實現轉發
ssh -CNg -L 30008:192.168.122.4:30008 root@127.0.0.1
訪問:https://192.168.0.5:30008,谷歌瀏覽器不行,但其他瀏覽器可以,比如Safari,選擇Token登錄,輸入剛才復制的密鑰,注意密鑰沒有前面的空格:
因為沒有安裝metrics-server所以Pods的CPU、內存情況是看不到的。
安裝metrics-server
Ps:heapster已經被metrics-server取代
在所有Node節點上下載鏡像文件:
docker pull bluersw/metrics-server-amd64:v0.3.6
docker tag bluersw/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
根據官方說明在Master上執行安裝:
cd ~
mkdir metrics-server
cd metrics-server
wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
修改安裝腳本:
vi components.yaml
Deployment腳本修改如下:
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP #添加
- --kubelet-insecure-tls #添加
ports:
- name: main-port
containerPort: 4443
#修改 Kubernetes apiserver 啟動參數
vi /etc/kubernetes/manifests/kube-apiserver.yaml
#在kube-apiserver項中添加如下配置選項 修改后apiserver會自動重啟
--enable-aggregator-routing=true
#安裝
kubectl create -f components.yaml
#1-2分鍾后查看結果
kubectl top nodes
再回到dashboard界面可以看到CPU和內存使用情況了:
