原文地址:http://www.mydlq.club/article/28/

目录[-]

一、简介

二、兼容性

三、部署 Kubernetes Dashboard

1、Dashboard RBAC

2、创建 ConfigMap、Secret

3、kubernetes-dashboard

4、创建 kubernetes-metrics-scraper

5、创建访问的 ServiceAccount

四、登录新版本 Dashboard 查看

系统环境:

  • Kubernetes 版本:1.15.3

  • kubernetes-dashboard 版本:v2.0.0-beta4

一、简介

Kubernetes Dashboard 是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身。这个项目在 Github 已经有半年多不更新了,最近推出了 v2.0.0-beta4 版本,这里在 Kubernetes 中部署一下,尝试看看新版本咋样。

二、兼容性

  • ✕ 不支持的版本范围。

  • ✓ 完全支持的版本范围。

  • ? 由于Kubernetes API版本之间的重大更改,某些功能可能无法在仪表板中正常运行。

三、部署 Kubernetes Dashboard

注意:如果“kube-system”命名空间已经存在 Kubernetes-Dashboard 相关资源,请换成别的 Namespace。

完整部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes-dashboard2.0.0-beta4-deploy

1、Dashboard RBAC

创建 Dashboard RBAC 部署文件

k8s-dashboard-rbac.yaml

apiVersion: v1kind: ServiceAccountmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-systemrules:  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.  - apiGroups: [""]    resources: ["secrets"]    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]    verbs: ["get", "update", "delete"]    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.  - apiGroups: [""]    resources: ["configmaps"]    resourceNames: ["kubernetes-dashboard-settings"]    verbs: ["get", "update"]    # Allow Dashboard to get metrics.  - apiGroups: [""]    resources: ["services"]    resourceNames: ["heapster", "dashboard-metrics-scraper"]    verbs: ["proxy"]  - apiGroups: [""]    resources: ["services/proxy"]    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]    verbs: ["get"]---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboardrules:  # Allow Metrics Scraper to get metrics from the Metrics server  - apiGroups: ["metrics.k8s.io"]    resources: ["pods", "nodes"]    verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-systemroleRef:  apiGroup: rbac.authorization.k8s.io  kind: Role  name: kubernetes-dashboardsubjects:  - kind: ServiceAccount    name: kubernetes-dashboard    namespace: kube-system---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: kubernetes-dashboard  namespace: kube-systemroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: kubernetes-dashboardsubjects:  - kind: ServiceAccount    name: kubernetes-dashboard    namespace: kube-system

部署 Dashboard RBAC

$ kubectl apply -f k8s-dashboard-rbac.yaml

2、创建 ConfigMap、Secret

创建 Dashboard Config & Secret 部署文件

k8s-dashboard-configmap-secret.yaml

apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-certs  namespace: kube-systemtype: Opaque---apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-csrf  namespace: kube-systemtype: Opaquedata:  csrf: ""---apiVersion: v1kind: Secretmetadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-key-holder  namespace: kube-systemtype: Opaque---kind: ConfigMapapiVersion: v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard-settings  namespace: kube-system

部署 Dashboard Config & Secret

$ kubectl apply -f k8s-dashboard-configmap-secret.yaml

3、kubernetes-dashboard

创建 Dashboard Deploy 部署文件

k8s-dashboard-deploy.yaml

kind: ServiceapiVersion: v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-systemspec:  type: NodePort  ports:    - port: 443      targetPort: 8443      nodePort: 31001  selector:    k8s-app: kubernetes-dashboard---kind: DeploymentapiVersion: apps/v1metadata:  labels:    k8s-app: kubernetes-dashboard  name: kubernetes-dashboard  namespace: kube-systemspec:  replicas: 1  revisionHistoryLimit: 10  selector:    matchLabels:      k8s-app: kubernetes-dashboard  template:    metadata:      labels:        k8s-app: kubernetes-dashboard    spec:      containers:        - name: kubernetes-dashboard          image: kubernetesui/dashboard:v2.0.0-beta4          ports:            - containerPort: 8443              protocol: TCP          args:            - --auto-generate-certificates            - --namespace=kube-system          #设置为当前namespace          volumeMounts:            - name: kubernetes-dashboard-certs              mountPath: /certs            - mountPath: /tmp              name: tmp-volume          livenessProbe:            httpGet:              scheme: HTTPS              path: /              port: 8443            initialDelaySeconds: 30            timeoutSeconds: 30      volumes:        - name: kubernetes-dashboard-certs          secret:            secretName: kubernetes-dashboard-certs        - name: tmp-volume          emptyDir: {}      serviceAccountName: kubernetes-dashboard      tolerations:        - key: node-role.kubernetes.io/master          effect: NoSchedule

部署 Dashboard Deploy

$ kubectl apply -f k8s-dashboard-deploy.yaml

4、创建 kubernetes-metrics-scraper

创建 Dashboard Metrics 部署文件

k8s-dashboard-metrics.yaml

kind: ServiceapiVersion: v1metadata:  labels:    k8s-app: kubernetes-metrics-scraper  name: dashboard-metrics-scraper  namespace: kube-systemspec:  ports:    - port: 8000      targetPort: 8000  selector:    k8s-app: kubernetes-metrics-scraper---kind: DeploymentapiVersion: apps/v1metadata:  labels:    k8s-app: kubernetes-metrics-scraper  name: kubernetes-metrics-scraper  namespace: kube-systemspec:  replicas: 1  revisionHistoryLimit: 10  selector:    matchLabels:      k8s-app: kubernetes-metrics-scraper  template:    metadata:      labels:        k8s-app: kubernetes-metrics-scraper    spec:      containers:        - name: kubernetes-metrics-scraper          image: kubernetesui/metrics-scraper:v1.0.1          ports:            - containerPort: 8000              protocol: TCP          livenessProbe:            httpGet:              scheme: HTTP              path: /              port: 8000            initialDelaySeconds: 30            timeoutSeconds: 30      serviceAccountName: kubernetes-dashboard      tolerations:        - key: node-role.kubernetes.io/master          effect: NoSchedule

部署 Dashboard Metrics

$ kubectl apply -f k8s-dashboard-metrics.yaml

5、创建访问的 ServiceAccount

创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板。

创建 Dashboard ServiceAccount 部署文件

k8s-dashboard-token.yaml

kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata:  name: admin  annotations:    rbac.authorization.kubernetes.io/autoupdate: "true"roleRef:  kind: ClusterRole  name: cluster-admin  apiGroup: rbac.authorization.k8s.iosubjects:- kind: ServiceAccount  name: admin  namespace: kube-system---apiVersion: v1kind: ServiceAccountmetadata:  name: admin  namespace: kube-system  labels:    kubernetes.io/cluster-service: "true"    addonmanager.kubernetes.io/mode: Reconcile

部署访问的 ServiceAccount

$ kubectl apply -f k8s-dashboard-token.yaml

获取 Token

$ kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system

token:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1iNGo0aCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjkwMTQzMWYxLTVmNGItMTFlOS05Mjg3LTAwMGMyOWQ5ODY5NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.iwE1UdhB78FgXZJh4ByyOZVNh7M1l2CmOOevihOrY9tl_Z5sf3i_04CA33xA2LAMg7WNVYPjGB7vszBlkQyDGw0H5kJzIfL1YnR0JeLQkNk3v9TLyRqKJA2n8pxmJQIJP1xq0OPRGOfcA_n_c5qESs9QFHejVc5vABim8VBGX-pefKoJVXgu3r4w8gr1ORn4l5-LtHdQjSz3Dys7HwZo71fX2aLQR5bOPurkFKXqymcUoBYpWVsf-0cyN7hLRO-x-Z1i-uVpdM8ClpYSHv49eoDJePrcWpRp-Ryq6SNpGhiqCjjifEQAVHbr36QSAx8I1aamqLcpA0Da2qnunw52JA

四、登录新版本 Dashboard 查看

本人的 Kubernetes 集群地址为”192.168.2.11”并且在 Service 中设置了 NodePort 端口为 31001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址:https://192.168.2.11:31001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard。

可以感受到的是,这个页面比以前访问速度更加快速(估计是加了缓存),增加了暗黑模式,和编译对象时候增加了 yaml 格式的查看,整体风格更加简洁,并且新增角色对象可以直接在页面进行编译了。


©著作权归作者所有:来自51CTO博客作者mob604756e5abbc的原创作品,如需转载,请注明出处,否则将追究法律责任

更多相关文章

  1. kubernetes存储之ceph-csi
  2. SQL基础知识V2——SQL语句快速参考
  3. ceph-块设备部署
  4. 了解pod和pod的生命周期-这一篇文章就够了
  5. SQL基础知识V2——索引
  6. Kubernetes中部署MySQL高可用集群
  7. 小技巧 | 如何在SQL Server中快速创建测试数据?
  8. k8s中蓝绿部署、金丝雀发布、滚动更新汇总
  9. 3.14 为vCenter Server服务器添加外部DSN连接

随机推荐

  1. Android自定义对话框(Custom Dialog)
  2. Android(安卓)实现可以自由移动缩放的图
  3. Android O 硬鼠导致黑屏
  4. Android:Resources资源文件
  5. android gravity padding margin 布局属
  6. 2.3 SQLite存储
  7. Android开发实战-项目学习笔记(1)
  8. android学习日志(一)
  9. Android ADB使用之详细篇
  10. Android开发环境搭配