Kubernetes Dashboard安装部署
1. 下载Dashboard 部署文件
#创建存放目录
mkdir dashboard
cd dashboard/
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
2. 修改yaml配置文件
修改kubernetes-dashboard的service,使用NodePort方式暴露端口。
vi recommended.yaml
#################修改内容#######################
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
type: NodePort #添加这一行,注意缩进对齐
#################修改内容#######################
3. 应用安装,查看pod和svc
#安装
kubectl apply -f recommended.yaml
#查看pod和svc
kubectl get pod,svc -o wide -n kubernetes-dashboard
#######################显示内容##################################
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-5cb4f4bb9c-mg569 0/1 ContainerCreating 0 9s <none> node1 <none> <none>
pod/kubernetes-dashboard-6967859bff-2968p 0/1 ContainerCreating 0 9s <none> node1 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.100.129.191 <none> 8000/TCP 9s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.106.130.53 <none> 443:31283/TCP 9s k8s-app=kubernetes-dashboard
#####################显示内容###################################
使用所查看service所提供的端口访问Dashboard,此次部署的访问链接为https://192.168.3.101:31283/
4. 创建dashboard服务账户
#创建一个admin-user的服务账户并与集群绑定
vi dashboard-adminuser.yaml
##################内容####################
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
##################内容####################
---
#执行生效
kubectl apply -f dashboard-adminuser.yaml
5. 创建admin-user用户的登录密钥
vi admin-user-token.yaml
##################内容####################
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
##################内容####################
#执行生效
kubectl apply -f admin-user-token.yaml
6. 登录
6.1 使用token登录
获取登录token,并将token输入dashboard登录界面,进行登录,登录后的界面如下图
(1) 短期token
#获取token
kubectl -n kubernetes-dashboard create token admin-user
#建议新建一个admin-user.token文件,将其保存
(2) token长期有效
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
6.2 使用 Kubeconfig 文件登录
#定义 token 变量
DASH_TOCKEN=$(kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d)
#设置 kubeconfig 集群条目
kubectl config set-cluster kubernetes --server=10.10.3.101:6433 --kubeconfig=/root/dashbord-admin.conf
#设置 kubeconfig 用户条目
kubectl config set-credentials admin-user --token=$DASH_TOCKEN --kubeconfig=/root/dashbord-admin.conf
#设置 kubeconfig 上下文条目
kubectl config set-context admin-user@kubernetes --cluster=kubernetes --user=admin-user --kubeconfig=/root/dashbord-admin.conf
#设置 kubeconfig 当前上下文
kubectl config use-context admin-user@kubernetes --kubeconfig=/root/dashbord-admin.conf
将生成的dashbord-admin.conf文件放到本地主机上,登录时选择Kubeconfig选项,选择 kubeconfig 文件登录即可。
登录Dashboard 后,若存在cpu使用率和内存使用率等监控指标不显示的情况,需安装metrics-server。
7.安装metrics-server
下载部署文件
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -O metrics-server-components.yaml
修改yaml文件中的Deployment内容
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls #添加
image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.4 #修改
imagePullPolicy: IfNotPresent
#执行生效
kubectl apply -f admin-user-token.yaml
查看metrics-server的pod状态
kubectl get pods --all-namespaces | grep metrics
等待一些时间,查看查看各类监控图像已成功显示。
