安裝kubernetes1.12.1的 dashboard v1.10 + Heapster
- Dashboard是kubernetes的官方WEB UI。
- Heapster爲集羣添加使用統計和監控功能,爲Dashboard添加儀表盤。 使用InfluxDB作爲Heapster的後端存儲。
Dashboard 安裝
kubernetes dashboard 官方資源定義文檔:https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml html
注意點:node
- 默認資源定義文檔中Service 定義沒有使用NodePort,不能服務器外部訪問
- 默認資源定義文檔中的權限定義,僅包含了dashboard須要的最小權限,不支持本地訪問外的其餘方式訪問,須要建立身份令牌(Create An Authentication Token)才能獨立的提供訪問。
經過查看dashboard的定義文檔,須要的鏡像是k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0, 咱們在全部node節點上pull該鏡像:git
docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.0 docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard:v1.10.0
使用anbile-playbook,腳本以下:github
---
- hosts: slave
remote_user: root
tasks:
- name: copy pull-images-nodes-dashboard.sh to remote nodes
copy: src=../pull-images-nodes-dashboard.sh dest=/tmp/pull-images-nodes-dashboard.sh
- name: pull images for node
shell: sh /tmp/pull-images-nodes-dashboard.sh
因爲以前使用kubeadm安裝kubernetes時,均沒有-adm64後綴,爲保持統一,此時須要修改kubernetes-dashboard.yaml文檔中使用的鏡像名。docker
在鏡像中添加鏡像的拉取策略:imagePullPolicy: IfNotPresent,保證在本地有鏡像的狀況下不去網絡上拉取。shell
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard:v1.10.0
imagePullPolicy: IfNotPresent
此處,也能夠將鏡像下載下來後存到本地倉庫中,而後將配置的鏡像地址改成私有倉庫的地址。express
Service 外網訪問
修改Service 的定義,type爲NodePort,以下:apache
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 8443
selector:
k8s-app: kubernetes-dashboard
dashboard外部訪問僅支持https協議。後端
修改權限配置
默認的角色權限登錄後,會出現以下圖的問題:api
能夠依據實際的使用狀況調整kubernetes-dashboard的權限。
主要修改Role 以及RoleBinding兩個部分。
註釋原kubernetes-dashboard.yml中Role 以及RoleBinding部分。
原RBAC受權是基於namespace的受權(使用的Role 和 RoleBinding),改成基於集羣的受權(使用ClusterRole和ClusterRoleBinding)。基於集羣受權admin登錄後,可管理整個集羣的各個namespace下的資源。可是在實際生產使用中,應該仍是區分用戶和namespace 受權。
詳細的RBAC說明,參考kubernetes 官網:Using RBAC Authorization
受權資源配置改成:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
使用kubectl apply -f dashboard/使用新的配置部署kubernetes dashboard。
訪問dashboard:登錄https://10.20.13.24:30443。
可查看各種kubernetes集羣的資源。
kube-system空間的負載:
完整的kubernetes dashboard 配置參考文末。
啓動dashboard
啓動dashboard:kubectl apply -f kubernetes-dashboard.yaml
查看pod運行狀態:
[root@kuber24 dashboard]# kubectl get pods --all-namespaces -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE kube-system coredns-576cbf47c7-75gcc 1/1 Running 0 4d19h 10.1.0.3 kuber24 <none> kube-system coredns-576cbf47c7-v242w 1/1 Running 0 4d19h 10.1.0.2 kuber24 <none> kube-system etcd-kuber24 1/1 Running 2 4d19h 10.20.13.24 kuber24 <none> kube-system kube-apiserver-kuber24 1/1 Running 1 4d19h 10.20.13.24 kuber24 <none> kube-system kube-controller-manager-kuber24 1/1 Running 2 4d19h 10.20.13.24 kuber24 <none> kube-system kube-flannel-ds-6hqc4 1/1 Running 0 3d19h 10.20.13.25 kuber25 <none> kube-system kube-flannel-ds-bs4b7 1/1 Running 0 3d19h 10.20.13.27 kuber27 <none> kube-system kube-flannel-ds-gwcj5 1/1 Running 0 4d16h 10.20.13.24 kuber24 <none> kube-system kube-flannel-ds-tmsbc 1/1 Running 0 3d19h 10.20.13.26 kuber26 <none> kube-system kube-proxy-fqm89 1/1 Running 0 3d19h 10.20.13.27 kuber27 <none> kube-system kube-proxy-nd875 1/1 Running 2 4d19h 10.20.13.24 kuber24 <none> kube-system kube-proxy-qsf9z 1/1 Running 0 3d19h 10.20.13.25 kuber25 <none> kube-system kube-proxy-ww8x7 1/1 Running 0 3d19h 10.20.13.26 kuber26 <none> kube-system kube-scheduler-kuber24 1/1 Running 2 4d19h 10.20.13.24 kuber24 <none> kube-system kubernetes-dashboard-68bbb49dc-kl5gn 1/1 Running 0 16s 10.1.3.2 kuber27 <none>
dashboard的訪問地址爲:https://<master-ip>:<dashboard-nodeport>
若是發生
ErrImagePull,先查看pod部署的物理節點是否有dashboard鏡像,而後肯定鏡像名和版本信息等是否與yml定義一致。
使用kubectl get secret --all-namespaces|grep dashboard查看dashboard關聯的身份令牌token。
[root@kuber24 dashboard]# kubectl get Secret --all-namespaces|grep dashboard
kube-system kubernetes-dashboard-certs Opaque 0 152m
kube-system kubernetes-dashboard-key-holder Opaque 2 75m
kube-system kubernetes-dashboard-token-9msgn kubernetes.io/service-account-token 3 152m
[root@kuber24 dashboard]# kubectl describe secret/kubernetes-dashboard-token-9msgn -n kube-system
Name: kubernetes-dashboard-token-9msgn
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 43b5fdcf-d67d-11e8-8f15-00259029d7a2
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi05bXNnbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQzYjVmZGNmLWQ2N2QtMTFlOC04ZjE1LTAwMjU5MDI5ZDdhMiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.LjBwNW93Gn-XRmJvkpHpPkpYhE3v7CB3Vm5GE1VvXRDSMtme7q7K-E522BS__I6BCqLTtmncN1rSkEYtBKgmfhUf6UhABL3vW8zoPYneFZINrcWA1wrlLx5TlIIcdDLVGrWQUbv3X5NYVfP-yhCuLMv7K3glXa01-B6L8Mgm8EiuMJqZ6ypiGUySl3dLld0vu4reT5fIHgipziuChZWLrYd2mPHXNesVv4UHw_UGASD0-CCEtMvTZ5Bgvs3IP278qOw8AyAioBDNMjPTqri4MDBbkzuXjmXhBiknA6yBDYD4piBt_cjVWq6diTwV2veFCiGMxfetz36AkgMFSSQjKA
其中前面是kubernetes dashboard 的默認安裝的token。
Heapster 安裝
heapster 依賴 influxdb,下載heapster運行的配置資源定義文檔和受權定義文檔。
mkdir heapster cd heapster wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
準備鏡像
查看資源定義文檔,找到須要使用的鏡像,以下:
k8s.gcr.io/heapster-grafana-amd64:v5.0.4 k8s.gcr.io/heapster-amd64:v1.5.4 k8s.gcr.io/heapster-influxdb-amd64:v1.5.2
使用腳本在node上pull鏡像:
#!/bin/bash
images=(kube-proxy-amd64:v1.12.1 pause-amd64:3.1 kubernetes-dashboard-amd64:v1.10.0 heapster-grafana-amd64:v5.0.4 heapster-amd64:v1.5.4 heapster-influxdb-amd64:v1.5.2)
for imageName in ${images[@]} ; do
docker pull mirrorgooglecontainers/$imageName
if [[ $imageName =~ "amd64" ]]; then
docker tag mirrorgooglecontainers/$imageName "k8s.gcr.io/${imageName//-amd64/}"
else
docker tag mirrorgooglecontainers/$imageName k8s.gcr.io/$imageName
fi
# docker rmi mirrorgooglecontainers/$imageName
done
因爲以前使用kubeadm安裝kubernetes時,均沒有-adm64後綴,爲保持統一,此時須要修改kubernetes-dashboard.yaml文檔中使用的鏡像名。
在上文建立的heapster文件夾上級目錄,運行:
kubectl apply -f ./heapster/
刪除kubernetes dashboard 的相關資源
使用官方的kubernetes dashboard 配置後,登錄系統沒有任何的權限,須要更改權限。更改前,清理以前配置和運行的資源。
- 刪除secret:
kubectl delete secret $(kubectl get secret -n kube-system|grep dashboard| awk '{print $1}') -n kube-system - 刪除ServiceAccount:
kubectl delete ServiceAccount $(kubectl get ServiceAccount -n kube-system|grep dashboard| awk '{print $1}') -n kube-system - 刪除Role:
kubectl delete Role $(kubectl get Role -n kube-system|grep dashboard| awk '{print $1}') -n kube-system - 刪除RoleBinding:
kubectl delete RoleBinding $(kubectl get RoleBinding -n kube-system|grep dashboard| awk '{print $1}') -n kube-system - 刪除Deployment:
kubectl delete Deployment $(kubectl get Deployment -n kube-system|grep dashboard| awk '{print $1}') -n kube-system - 刪除Service:
kubectl delete Service $(kubectl get Service -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
清理:
kubectl delete secret $(kubectl get secret -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
kubectl delete ServiceAccount $(kubectl get ServiceAccount -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
kubectl delete Role $(kubectl get Role -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
kubectl delete RoleBinding $(kubectl get RoleBinding -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
kubectl delete RoleBinding $(kubectl get RoleBinding -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
kubectl delete Deployment $(kubectl get Deployment -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
kubectl delete Service $(kubectl get Service -n kube-system|grep dashboard| awk '{print $1}') -n kube-system
完整的kubernetes dashboard 配置
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ------------------- Dashboard Secret ------------------- #
apiVersion: v1
kind: Secret
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-certs
namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
---
# # ------------------- Dashboard Role & Role Binding ------------------- #
#
# kind: Role
# apiVersion: rbac.authorization.k8s.io/v1
# metadata:
# name: kubernetes-dashboard-minimal
# namespace: kube-system
# rules:
# # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["create"]
# # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
# - apiGroups: [""]
# resources: ["configmaps"]
# verbs: ["create"]
# # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
# - apiGroups: [""]
# resources: ["secrets"]
# resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
# verbs: ["get", "update", "delete"]
# # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
# - apiGroups: [""]
# resources: ["configmaps"]
# resourceNames: ["kubernetes-dashboard-settings"]
# verbs: ["get", "update"]
# # Allow Dashboard to get metrics from heapster.
# - apiGroups: [""]
# resources: ["services"]
# resourceNames: ["heapster"]
# verbs: ["proxy"]
# - apiGroups: [""]
# resources: ["services/proxy"]
# resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
# verbs: ["get"]
#
# ---
# apiVersion: rbac.authorization.k8s.io/v1
# kind: RoleBinding
# metadata:
# name: kubernetes-dashboard-minimal
# namespace: kube-system
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: Role
# name: kubernetes-dashboard-minimal
# subjects:
# - kind: ServiceAccount
# name: kubernetes-dashboard
# namespace: kube-system
#
---
# ---------- Dashboard ClusterRole & ClusterRoleBinding --------- #
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard:v1.10.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30443
selector:
k8s-app: kubernetes-dashboard
參考
最後
感謝你們的閱讀,若是有什麼疑問️,請您留言。
歡迎你們來個人github,查看更多關於kubernetes的我的經驗,共同進步。
相關文章
- 1. kubernetes1.6 安裝Heapster+dashboard
- 2. kubernetes1.9部署metrics-server0.3.1、dashboard、heapster
- 3. Kubernetes Dashboard集成Heapster
- 4. Kubernetes dashboard集成heapster
- 5. Kubernetes安裝dashboard
- 6. kubeadm安裝Kubernetes V1.10集羣詳細文檔
- 7. kubernetes安裝dashboard
- 8. Kubernetes安裝系列之heapster安裝
- 9. kubernetes dashboard安裝
- 10. k8s v1.10部署筆記
- 更多相關文章...
- • Docker 安裝 Nginx - Docker教程
- • Docker 安裝 Node.js - Docker教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 安裝cuda+cuDNN
- 2. GitHub的使用說明
- 3. phpDocumentor使用教程【安裝PHPDocumentor】
- 4. yarn run build報錯Component is not found in path 「npm/taro-ui/dist/weapp/components/rate/index「
- 5. 精講Haproxy搭建Web集羣
- 6. 安全測試基礎之MySQL
- 7. C/C++編程筆記:C語言中的複雜聲明分析,用實例帶你完全讀懂
- 8. Python3教程(1)----搭建Python環境
- 9. 李宏毅機器學習課程筆記2:Classification、Logistic Regression、Brief Introduction of Deep Learning
- 10. 阿里雲ECS配置速記
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. kubernetes1.6 安裝Heapster+dashboard
- 2. kubernetes1.9部署metrics-server0.3.1、dashboard、heapster
- 3. Kubernetes Dashboard集成Heapster
- 4. Kubernetes dashboard集成heapster
- 5. Kubernetes安裝dashboard
- 6. kubeadm安裝Kubernetes V1.10集羣詳細文檔
- 7. kubernetes安裝dashboard
- 8. Kubernetes安裝系列之heapster安裝
- 9. kubernetes dashboard安裝
- 10. k8s v1.10部署筆記