• Kubernetes的Resource和Dashboard(十三)


    一、Resource和Dashboard

    1.1、Resource

    因为K8S的最小操作单元是Pod,所以这里主要讨论的是Pod的资源

    官网:https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

     在K8S的集群中,Node节点的资源信息会上报给APIServer,可以通过下面两个属性设置cpu和内存大小

    • requests
    • limits

    配置文件案例如下

     apiVersion: v1
     kind: Pod
     metadata:
     name: frontend
     spec:
     containers:
       - name: db
      image: mysql
      env:
         - name: MYSQL_ROOT_PASSWORD
        value: "password"
      resources:
        requests:
          memory: "64Mi"     # 表示64M需要内存
          cpu: "250m"        # 表示需要0.25核的CPU
        limits:
          memory: "128Mi"    
          cpu: "500m"
       - name: wp
      image: wordpress
      resources:
        requests:
          memory: "64Mi"
          cpu: "250m"
        limits:
          memory: "128Mi"
          cpu: "500m"

    1.2、Dashboard

    官网:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

    Dashboard这玩意在前面文章中我画过一个图,也在每个功能模块介绍中也说明过,这玩意其实就是一个图形化监控界面,下面是官网的说明

     (1)根据yaml文件创建资源dashboard.yaml

    apiVersion: v1
    kind: ConfigMap
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        # Allows editing resource and makes sure it is created first.
        addonmanager.kubernetes.io/mode: EnsureExists
      name: kubernetes-dashboard-settings
      namespace: kube-system
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        addonmanager.kubernetes.io/mode: Reconcile
      name: kubernetes-dashboard
      namespace: kube-system
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: kubernetes-dashboard
      namespace: kube-system
      labels:
        k8s-app: kubernetes-dashboard
        kubernetes.io/cluster-service: "true"
        addonmanager.kubernetes.io/mode: Reconcile
    spec:
      selector:
        matchLabels:
          k8s-app: kubernetes-dashboard
      template:
        metadata:
          labels:
            k8s-app: kubernetes-dashboard
          annotations:
            scheduler.alpha.kubernetes.io/critical-pod: ''
            seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
        spec:
          priorityClassName: system-cluster-critical
          containers:
          - name: kubernetes-dashboard
            image: registry.cn-hangzhou.aliyuncs.com/ghy/kubernetes-dashboard-amd64:v1.8.3
            resources:
              limits:
                cpu: 100m
                memory: 300Mi
              requests:
                cpu: 50m
                memory: 100Mi
            ports:
            - containerPort: 8443
              protocol: TCP
            args:
              # PLATFORM-SPECIFIC ARGS HERE
              - --auto-generate-certificates
            volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
            - name: tmp-volume
              mountPath: /tmp
            livenessProbe:
              httpGet:
                scheme: HTTPS
                path: /
                port: 8443
              initialDelaySeconds: 30
              timeoutSeconds: 30
          volumes:
          - name: kubernetes-dashboard-certs
            secret:
              secretName: kubernetes-dashboard-certs
          - name: tmp-volume
            emptyDir: {}
          serviceAccountName: kubernetes-dashboard
          tolerations:
          - key: "CriticalAddonsOnly"
            operator: "Exists"
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        addonmanager.kubernetes.io/mode: Reconcile
      name: kubernetes-dashboard-minimal
      namespace: kube-system
    rules:
      # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
    - apiGroups: [""]
      resources: ["secrets"]
      resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
      verbs: ["get", "update", "delete"]
      # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
    - apiGroups: [""]
      resources: ["configmaps"]
      resourceNames: ["kubernetes-dashboard-settings"]
      verbs: ["get", "update"]
      # Allow Dashboard to get metrics from heapster.
    - apiGroups: [""]
      resources: ["services"]
      resourceNames: ["heapster"]
      verbs: ["proxy"]
    - apiGroups: [""]
      resources: ["services/proxy"]
      resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
      verbs: ["get"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: kubernetes-dashboard-minimal
      namespace: kube-system
      labels:
        k8s-app: kubernetes-dashboard
        addonmanager.kubernetes.io/mode: Reconcile
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: kubernetes-dashboard-minimal
    subjects:
    - kind: ServiceAccount
      name: kubernetes-dashboard
      namespace: kube-system
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        # Allows editing resource and makes sure it is created first.
        addonmanager.kubernetes.io/mode: EnsureExists
      name: kubernetes-dashboard-certs
      namespace: kube-system
    type: Opaque
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        # Allows editing resource and makes sure it is created first.
        addonmanager.kubernetes.io/mode: EnsureExists
      name: kubernetes-dashboard-key-holder
      namespace: kube-system
    type: Opaque
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: kubernetes-dashboard
      namespace: kube-system
      labels:
        k8s-app: kubernetes-dashboard
        kubernetes.io/cluster-service: "true"
        addonmanager.kubernetes.io/mode: Reconcile
    spec:
      selector:
        k8s-app: kubernetes-dashboard
      ports:
      - port: 443
        targetPort: 8443
        nodePort: 30018
      type: NodePort

     (2)运行脚本

    kubectl apply -f dashboard.yaml

    (3)查看资源

    kubectl get pods -n kube-system
    kubectl get pods -n kube-system -o wide
    kubectl get svc -n kube-system
    kubectl get deploy kubernetes-dashboard -n kube-system

    (4)使用火狐浏览器访问

    https://ip:30018/

     (5)生成登录需要的token

    创建service account

    kubectl create sa dashboard-admin -n kube-system

    创建角色绑定关系

    kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

    查看dashboard-admin的secret名字

    ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
    echo ADMIN_SECRET

    打印secret的token

    kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}'
  • 相关阅读:
    今天没有去上班
    [转]分析ASP.NET读取XML文件4种方法
    Div+CSS布局入门教程
    net 怎么调用迅雷
    类图(Class Diagram)
    asp.net删除文件夹后引起Session丢失的解决办法[转]
    对象图(Object Diagram)
    C#使用Strings.StrConv进行简繁体转换
    ASP.NET使用Memcached高缓存实例(入门级)[转]
    类似豆丁网、百度文库的开源文档播放器源码下载[转]
  • 原文地址:https://www.cnblogs.com/xing1/p/15846901.html
Copyright © 2020-2023  润新知