部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy
系統環境:
- Kubernetes 版本:1.18.1
- kubernetes-dashboard 版本:v2.0.0
一、簡介
Kubernetes Dashboard 是 Kubernetes 集群的基於 Web 的通用 UI。它允許用戶管理在群集中運行的應用程序並對其進行故障排除,以及管理群集本身。這個項目在 Github 已經有半年多不更新了,最近推出了 v2.0.0 版本,這里在 Kubernetes 中部署一下,嘗試看看新版本咋樣。
二、兼容性
| Kubernetes版本 | 1.13 | 1.14 | 1.15 | 1.16 | 1.17 | 1.18 |
|---|---|---|---|---|---|---|
| 兼容性 | ? | ? | ? | ? | ? | ✓ |
- ✕ 不支持的版本范圍。
- ✓ 完全支持的版本范圍。
- ? 由於Kubernetes API版本之間的重大更改,某些功能可能無法在儀表板中正常運行。
三、部署 Kubernetes Dashboard
注意:如果“kube-system”命名空間已經存在 Kubernetes-Dashboard 相關資源,請換成別的 Namespace。
完整部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy
pull down相關的鏡像
[root@master dashboard]# docker pull kubernetesui/dashboard:v2.0.0 v2.0.0: Pulling from kubernetesui/dashboard 2a43ce254c7f: Pull complete Digest: sha256:06868692fb9a7f2ede1a06de1b7b32afabc40ec739c1181d83b5ed3eb147ec6e Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0 docker.io/kubernetesui/dashboard:v2.0.0 [root@master kubelet-config]# docker pull kubernetesui/metrics-scraper:v1.0.4 v1.0.4: Pulling from kubernetesui/metrics-scraper 07008dc53a3e: Pull complete 1f8ea7f93b39: Pull complete 04d0e0aeff30: Pull complete Digest: sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf Status: Downloaded newer image for kubernetesui/metrics-scraper:v1.0.4 docker.io/kubernetesui/metrics-scraper:v1.0.4
1、Dashboard RBAC
創建 Dashboard RBAC 部署文件
dashboard-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
verbs: ["get", "update", "delete"]
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["kubernetes-dashboard-settings"]
verbs: ["get", "update"]
- apiGroups: [""]
resources: ["services"]
resourceNames: ["heapster", "dashboard-metrics-scraper"]
verbs: ["proxy"]
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
rules:
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
部署 Dashboard RBAC
$ kubectl apply -f dashboard-rbac.yaml
2、創建 ConfigMap、Secret
創建 Dashboard Config & Secret 部署文件
dashboard-configmap-secret.yaml
apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kube-system type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kube-system type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kube-system
部署 Dashboard Config & Secret
$ kubectl apply -f dashboard-configmap-secret.yaml
3、kubernetes-dashboard
創建 Dashboard Deploy 部署文件
dashboard-deploy.yaml
## Dashboard Service kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort ports: - port: 443 nodePort: 30001 targetPort: 8443 selector: k8s-app: kubernetes-dashboard --- ## Dashboard Deployment kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: serviceAccountName: kubernetes-dashboard containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kube-system #設置為當前部署的Namespace resources: limits: cpu: 1000m memory: 512Mi requests: cpu: 1000m memory: 512Mi livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs - name: tmp-volume mountPath: /tmp - name: localtime readOnly: true mountPath: /etc/localtime volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} - name: localtime hostPath: type: File path: /etc/localtime tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule
部署 Dashboard Deploy
$ kubectl apply -f dashboard-deploy.yaml
4、創建 kubernetes-metrics-scraper
創建 Dashboard Metrics 部署文件
dashboard-metrics.yaml
## Dashboard Metrics Service kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kube-system spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- ## Dashboard Metrics Deployment kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: serviceAccountName: kubernetes-dashboard containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.4 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 ports: - containerPort: 8000 protocol: TCP resources: limits: cpu: 1000m memory: 512Mi requests: cpu: 1000m memory: 512Mi livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume - name: localtime readOnly: true mountPath: /etc/localtime volumes: - name: tmp-volume emptyDir: {} - name: localtime hostPath: type: File path: /etc/localtime nodeSelector: "beta.kubernetes.io/os": linux tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule
部署 Dashboard Metrics
$ kubectl apply -f dashboard-metrics.yaml
5、創建訪問的 ServiceAccount
創建一個綁定 admin 權限的 ServiceAccount,獲取其 Token 用於訪問看板。
創建 Dashboard ServiceAccount 部署文件
dashboard-token.yaml
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile
部署訪問的 ServiceAccount
$ kubectl apply -f dashboard-token.yaml
獲取 Token
$ kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6Ikp2bV9pZmNIR0xqLUxRREd3QlRzNU1pdnBkYnMxTXRlWG15alBidW0xNTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1zandkdiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUxOTAxNmFkLTU3YjEtNDkzYS04ZGZiLTM2Mzg3NTIwODgwNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.I4voTZHn83jPe7apabqOtTjsBuj0uEbkgQGu1fl2tAbbpocg89NjN-DrTkyrETa7qDVp2bmXCHbIbiJU64xlfifCgNFgO0HnWqvuMgztYnYMUpbYSRuQVumn-WCDsIxBnfK-lIbhdSGZZVS66PK4Rwlf4hQHdE_3oclzBYnoz_i11xoFaDDUhhSLxmIDuBA-HoR-n_LJRDtJEqD7VmCTiDkUECxVpIM2oQtVb-nLxuBQg7M7rsbdWFsp5MJ7f-AdRBFgszEQaezBCt4kf0Uuakl6AC_0fDGjwEo04M12Md5Q7JOkyUNKgPbw0S3p8rxuw07I_LBipTIW8Sznll_wzw
四、登錄新版本 Dashboard 查看
本人的 Kubernetes 集群地址為”192.168.0.155”並且在 Service 中設置了 NodePort 端口為 30001 和類型為 NodePort 方式訪問 Dashboard ,所以訪問地址:https://192.168.0.155:30001 進入 Kubernetes Dashboard 頁面,然后輸入上一步中創建的 ServiceAccount 的 Token 進入 Dashboard,可以看到新的 Dashboard
跟上一個版本比較,整體風格更加簡潔,並且,可以感受到的是這個頁面比以前訪問速度更加快速(估計是加了緩存),除了之外還增加了:
- 新增黑色主題
- 新增對CRD的管理
- 新增對集群角色的編輯
- 新增對 kubernetes 對象以 yaml 格式進行編輯
- 修改集群資源指標的監控監控信息以及看板樣式
查看設置
查看個節點的資源情況
查看node2的資源情況
五、部署 Metrics Server 為 Dashboard 提供指標數據
Dashboard 已經部署完成,不過登錄 Dashboard 后可以看到:
這些欄數據顯示都是空,這是由於 Dashboard 的指標部署需要從 Metrics Server 中獲取,Dashboard 該版本另一個組件 kubernetes-metrics-scraper 就是用於從 Metrics Server 獲取指標的適配器。之前我們已經部署 kubernetes-metrics-scraper 組件,接下來只要再部署 Metrics Server 組件就能獲取系統指標數據,供 Dashboard 繪制圖形,部署 Metrics Server 可以參考:
https://www.cnblogs.com/L-O-N/p/13767511.html
當按照上面部署完成后,等一段時間,再刷新 Dashboard 界面,可以觀察到如下界面:
轉載: https://blog.csdn.net/baidu_38432732/article/details/105741967