• Kubernetes 部署 Kubernetes-Dashboard v2.0.0


    部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy

    系统环境:

    • Kubernetes 版本:1.18.1
    • kubernetes-dashboard 版本:v2.0.0

    一、简介

           Kubernetes Dashboard 是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身。这个项目在 Github 已经有半年多不更新了,最近推出了 v2.0.0 版本,这里在 Kubernetes 中部署一下,尝试看看新版本咋样。

    二、兼容性

    Kubernetes版本1.131.141.151.161.171.18
    兼容性 ?
    • ✕ 不支持的版本范围。
    • ✓ 完全支持的版本范围。
    • ? 由于Kubernetes API版本之间的重大更改,某些功能可能无法在仪表板中正常运行。

    三、部署 Kubernetes Dashboard

    注意:如果“kube-system”命名空间已经存在 Kubernetes-Dashboard 相关资源,请换成别的 Namespace。

    完整部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy

    pull down相关的镜像

    [root@master dashboard]# docker pull kubernetesui/dashboard:v2.0.0
    v2.0.0: Pulling from kubernetesui/dashboard
    2a43ce254c7f: Pull complete 
    Digest: sha256:06868692fb9a7f2ede1a06de1b7b32afabc40ec739c1181d83b5ed3eb147ec6e
    Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0
    docker.io/kubernetesui/dashboard:v2.0.0
     
    [root@master kubelet-config]# docker pull kubernetesui/metrics-scraper:v1.0.4
    v1.0.4: Pulling from kubernetesui/metrics-scraper
    07008dc53a3e: Pull complete 
    1f8ea7f93b39: Pull complete 
    04d0e0aeff30: Pull complete 
    Digest: sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf
    Status: Downloaded newer image for kubernetesui/metrics-scraper:v1.0.4
    docker.io/kubernetesui/metrics-scraper:v1.0.4

    1、Dashboard RBAC

    创建 Dashboard RBAC 部署文件

    dashboard-rbac.yaml

     
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    rules:
      - apiGroups: [""]
        resources: ["secrets"]
        resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
        verbs: ["get", "update", "delete"]
      - apiGroups: [""]
        resources: ["configmaps"]
        resourceNames: ["kubernetes-dashboard-settings"]
        verbs: ["get", "update"]
      - apiGroups: [""]
        resources: ["services"]
        resourceNames: ["heapster", "dashboard-metrics-scraper"]
        verbs: ["proxy"]
      - apiGroups: [""]
        resources: ["services/proxy"]
        resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
        verbs: ["get"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
    rules:
      - apiGroups: ["metrics.k8s.io"]
        resources: ["pods", "nodes"]
        verbs: ["get", "list", "watch"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: kubernetes-dashboard
    subjects:
      - kind: ServiceAccount
        name: kubernetes-dashboard
        namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: kubernetes-dashboard
      namespace: kube-system
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: kubernetes-dashboard
    subjects:
      - kind: ServiceAccount
        name: kubernetes-dashboard
        namespace: kube-system
    

     

    部署 Dashboard RBAC

    $ kubectl apply -f dashboard-rbac.yaml
    

    2、创建 ConfigMap、Secret

    创建 Dashboard Config & Secret 部署文件

    dashboard-configmap-secret.yaml

    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard-certs
      namespace: kube-system
    type: Opaque
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard-csrf
      namespace: kube-system
    type: Opaque
    data:
      csrf: ""
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard-key-holder
      namespace: kube-system
    type: Opaque
    ---
    kind: ConfigMap
    apiVersion: v1
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard-settings
      namespace: kube-system

    部署 Dashboard Config & Secret

    $ kubectl apply -f dashboard-configmap-secret.yaml
    

    3、kubernetes-dashboard

    创建 Dashboard Deploy 部署文件

    dashboard-deploy.yaml

    ## Dashboard Service
    kind: Service
    apiVersion: v1
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    spec:
      type: NodePort
      ports:
        - port: 443
          nodePort: 30001
          targetPort: 8443
      selector:
        k8s-app: kubernetes-dashboard
    ---
    ## Dashboard Deployment
    kind: Deployment
    apiVersion: apps/v1
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    spec:
      replicas: 1
      revisionHistoryLimit: 10
      selector:
        matchLabels:
          k8s-app: kubernetes-dashboard
      template:
        metadata:
          labels:
            k8s-app: kubernetes-dashboard
        spec:
          serviceAccountName: kubernetes-dashboard
          containers:
            - name: kubernetes-dashboard
              image: kubernetesui/dashboard:v2.0.0
              securityContext:
                allowPrivilegeEscalation: false
                readOnlyRootFilesystem: true
                runAsUser: 1001
                runAsGroup: 2001
              ports:
                - containerPort: 8443
                  protocol: TCP
              args:
                - --auto-generate-certificates
                - --namespace=kube-system          #设置为当前部署的Namespace
              resources:
                limits:
                  cpu: 1000m
                  memory: 512Mi
                requests:
                  cpu: 1000m
                  memory: 512Mi
              livenessProbe:
                httpGet:
                  scheme: HTTPS
                  path: /
                  port: 8443
                initialDelaySeconds: 30
                timeoutSeconds: 30
              volumeMounts:
                - name: kubernetes-dashboard-certs
                  mountPath: /certs
                - name: tmp-volume
                  mountPath: /tmp
                - name: localtime
                  readOnly: true
                  mountPath: /etc/localtime
          volumes:
            - name: kubernetes-dashboard-certs
              secret:
                secretName: kubernetes-dashboard-certs
            - name: tmp-volume
              emptyDir: {}
            - name: localtime
              hostPath:
                type: File
                path: /etc/localtime
          tolerations:
            - key: node-role.kubernetes.io/master
              effect: NoSchedule

    部署 Dashboard Deploy

    $ kubectl apply -f dashboard-deploy.yaml
    

    4、创建 kubernetes-metrics-scraper

    创建 Dashboard Metrics 部署文件

    dashboard-metrics.yaml

    ## Dashboard Metrics Service
    kind: Service
    apiVersion: v1
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      name: dashboard-metrics-scraper
      namespace: kube-system
    spec:
      ports:
        - port: 8000
          targetPort: 8000
      selector:
        k8s-app: dashboard-metrics-scraper
    ---
    ## Dashboard Metrics Deployment
    kind: Deployment
    apiVersion: apps/v1
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      name: dashboard-metrics-scraper
      namespace: kube-system
    spec:
      replicas: 1
      revisionHistoryLimit: 10
      selector:
        matchLabels:
          k8s-app: dashboard-metrics-scraper
      template:
        metadata:
          labels:
            k8s-app: dashboard-metrics-scraper
          annotations:
            seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
        spec:
          serviceAccountName: kubernetes-dashboard
          containers:
            - name: dashboard-metrics-scraper
              image: kubernetesui/metrics-scraper:v1.0.4
              securityContext:
                allowPrivilegeEscalation: false
                readOnlyRootFilesystem: true
                runAsUser: 1001
                runAsGroup: 2001
              ports:
                - containerPort: 8000
                  protocol: TCP
              resources:
                limits:
                  cpu: 1000m
                  memory: 512Mi
                requests:
                  cpu: 1000m
                  memory: 512Mi
              livenessProbe:
                httpGet:
                  scheme: HTTP
                  path: /
                  port: 8000
                initialDelaySeconds: 30
                timeoutSeconds: 30
              volumeMounts:
              - mountPath: /tmp
                name: tmp-volume
              - name: localtime
                readOnly: true
                mountPath: /etc/localtime
          volumes:
            - name: tmp-volume
              emptyDir: {}
            - name: localtime
              hostPath:
                type: File
                path: /etc/localtime
          nodeSelector:
            "beta.kubernetes.io/os": linux
          tolerations:
            - key: node-role.kubernetes.io/master
              effect: NoSchedule

    部署 Dashboard Metrics

    $ kubectl apply -f dashboard-metrics.yaml
    

    5、创建访问的 ServiceAccount

    创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板。

    创建 Dashboard ServiceAccount 部署文件

    dashboard-token.yaml

    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: admin
      annotations:
        rbac.authorization.kubernetes.io/autoupdate: "true"
    roleRef:
      kind: ClusterRole
      name: cluster-admin
      apiGroup: rbac.authorization.k8s.io
    subjects:
    - kind: ServiceAccount
      name: admin
      namespace: kube-system
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: admin
      namespace: kube-system
      labels:
        kubernetes.io/cluster-service: "true"
        addonmanager.kubernetes.io/mode: Reconcile

    部署访问的 ServiceAccount

    $ kubectl apply -f dashboard-token.yaml
    

    获取 Token

    $ kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system
    

    token:

    eyJhbGciOiJSUzI1NiIsImtpZCI6Ikp2bV9pZmNIR0xqLUxRREd3QlRzNU1pdnBkYnMxTXRlWG15alBidW0xNTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1zandkdiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUxOTAxNmFkLTU3YjEtNDkzYS04ZGZiLTM2Mzg3NTIwODgwNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.I4voTZHn83jPe7apabqOtTjsBuj0uEbkgQGu1fl2tAbbpocg89NjN-DrTkyrETa7qDVp2bmXCHbIbiJU64xlfifCgNFgO0HnWqvuMgztYnYMUpbYSRuQVumn-WCDsIxBnfK-lIbhdSGZZVS66PK4Rwlf4hQHdE_3oclzBYnoz_i11xoFaDDUhhSLxmIDuBA-HoR-n_LJRDtJEqD7VmCTiDkUECxVpIM2oQtVb-nLxuBQg7M7rsbdWFsp5MJ7f-AdRBFgszEQaezBCt4kf0Uuakl6AC_0fDGjwEo04M12Md5Q7JOkyUNKgPbw0S3p8rxuw07I_LBipTIW8Sznll_wzw

    四、登录新版本 Dashboard 查看

           本人的 Kubernetes 集群地址为”192.168.0.155”并且在 Service 中设置了 NodePort 端口为 30001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址:https://192.168.0.155:30001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard

            跟上一个版本比较,整体风格更加简洁,并且,可以感受到的是这个页面比以前访问速度更加快速(估计是加了缓存),除了之外还增加了:

    1. 新增黑色主题
    2. 新增对CRD的管理
    3. 新增对集群角色的编辑
    4. 新增对 kubernetes 对象以 yaml 格式进行编辑
    5. 修改集群资源指标的监控监控信息以及看板样式

     查看设置 

    查看个节点的资源情况

    查看node2的资源情况

    五、部署 Metrics Server 为 Dashboard 提供指标数据

    Dashboard 已经部署完成,不过登录 Dashboard 后可以看到:

    这些栏数据显示都是空,这是由于 Dashboard 的指标部署需要从 Metrics Server 中获取,Dashboard 该版本另一个组件 kubernetes-metrics-scraper 就是用于从 Metrics Server 获取指标的适配器。之前我们已经部署 kubernetes-metrics-scraper 组件,接下来只要再部署 Metrics Server 组件就能获取系统指标数据,供 Dashboard 绘制图形,部署 Metrics Server 可以参考:

    https://www.cnblogs.com/L-O-N/p/13767511.html

    当按照上面部署完成后,等一段时间,再刷新 Dashboard 界面,可以观察到如下界面: 

     

    转载: https://blog.csdn.net/baidu_38432732/article/details/105741967

  • 相关阅读:
    以AO方式给SceneControl控件设置BaseHeight
    TreeView只能选中一个节点
    Excel导出DataTable
    TOCControl右键菜单
    Arcgis Engine符号化相关
    shapefile文件锁定问题
    ArcGIS符号库serverstyle文件编辑注意事项
    CentOS运维常用命令
    常用shell
    javascript浮点数相减、相乘出现一长串小数
  • 原文地址:https://www.cnblogs.com/L-O-N/p/13767632.html
Copyright © 2020-2023  润新知