Kubernetes 部署 Kubernetes-Dashboard v2.0.0
部署檔案 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy
系統環境:
- Kubernetes 版本:1.18.1
- kubernetes-dashboard 版本:v2.0.0
一、簡介
Kubernetes Dashboard 是 Kubernetes 叢集的基於 Web 的通用 UI。它允許使用者管理在群集中執行的應用程式並對其進行故障排除,以及管理群集本身。這個專案在 Github 已經有半年多不更新了,最近推出了 v2.0.0 版本,這裡在 Kubernetes 中部署一下,嘗試看看新版本咋樣。
二、相容性
Kubernetes版本 | 1.13 | 1.14 | 1.15 | 1.16 | 1.17 | 1.18 |
---|---|---|---|---|---|---|
相容性 | ? | ? | ? | ? | ? | ✓ |
- ✕ 不支援的版本範圍。
- ✓ 完全支援的版本範圍。
- ? 由於Kubernetes API版本之間的重大更改,某些功能可能無法在儀表板中正常執行。
三、部署 Kubernetes Dashboard
注意:如果“kube-system”名稱空間已經存在 Kubernetes-Dashboard 相關資源,請換成別的 Namespace。
完整部署檔案 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy
pull down相關的映象
- [root@master dashboard]# docker pull kubernetesui/dashboard:v2.0.0
- v2.0.0: Pulling from kubernetesui/dashboard
- 2a43ce254c7f: Pull complete
- Digest: sha256:06868692fb9a7f2ede1a06de1b7b32afabc40ec739c1181d83b5ed3eb147ec6e
-
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0
- docker.io/kubernetesui/dashboard:v2.0.0
- [root@master kubelet-config]# docker pull kubernetesui/metrics-scraper:v1.0.4
- v1.0.4: Pulling from kubernetesui/metrics-scraper
- 07008dc53a3e: Pull complete
- 1f8ea7f93b39: Pull complete
- 04d0e0aeff30: Pull complete
- Digest: sha256:555981a24f184420f3be0c79d4efb6c948a85cfce84034f85a563f4151a81cbf
- Status: Downloaded newer image for kubernetesui/metrics-scraper:v1.0.4
- docker.io/kubernetesui/metrics-scraper:v1.0.4
1、Dashboard RBAC
建立 Dashboard RBAC 部署檔案
dashboard-rbac.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- rules:
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- rules:
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kubernetes-dashboard
- namespace: kube-system
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kube-system
部署 Dashboard RBAC
$ kubectl apply -f dashboard-rbac.yaml
2、建立 ConfigMap、Secret
建立 Dashboard Config & Secret 部署檔案
dashboard-configmap-secret.yaml
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-certs
- namespace: kube-system
- type: Opaque
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-csrf
- namespace: kube-system
- type: Opaque
- data:
- csrf: ""
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-key-holder
- namespace: kube-system
- type: Opaque
- kind: ConfigMap
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-settings
- namespace: kube-system
部署 Dashboard Config & Secret
$ kubectl apply -f dashboard-configmap-secret.yaml
3、kubernetes-dashboard
建立 Dashboard Deploy 部署檔案
dashboard-deploy.yaml
- ## Dashboard Service
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- spec:
- type: NodePort
- ports:
- - port: 443
- nodePort: 30001
- targetPort: 8443
- selector:
- k8s-app: kubernetes-dashboard
- ## Dashboard Deployment
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: kubernetes-dashboard
- template:
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- spec:
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: kubernetesui/dashboard:v2.0.0
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- ports:
- - containerPort: 8443
- protocol: TCP
- args:
- - --auto-generate-certificates
- - --namespace=kube-system #設定為當前部署的Namespace
- resources:
- limits:
- cpu: 1000m
- memory: 512Mi
- requests:
- cpu: 1000m
- memory: 512Mi
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- - name: tmp-volume
- mountPath: /tmp
- - name: localtime
- readOnly: true
- mountPath: /etc/localtime
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
- - name: localtime
- hostPath:
- type: File
- path: /etc/localtime
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
部署 Dashboard Deploy
$ kubectl apply -f dashboard-deploy.yaml
4、建立 kubernetes-metrics-scraper
建立 Dashboard Metrics 部署檔案
dashboard-metrics.yaml
- ## Dashboard Metrics Service
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kube-system
- spec:
- ports:
- - port: 8000
- targetPort: 8000
- selector:
- k8s-app: dashboard-metrics-scraper
- ## Dashboard Metrics Deployment
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kube-system
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: dashboard-metrics-scraper
- template:
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- annotations:
- seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
- spec:
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: dashboard-metrics-scraper
- image: kubernetesui/metrics-scraper:v1.0.4
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- ports:
- - containerPort: 8000
- protocol: TCP
- resources:
- limits:
- cpu: 1000m
- memory: 512Mi
- requests:
- cpu: 1000m
- memory: 512Mi
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- - name: localtime
- readOnly: true
- mountPath: /etc/localtime
- volumes:
- - name: tmp-volume
- emptyDir: {}
- - name: localtime
- hostPath:
- type: File
- path: /etc/localtime
- nodeSelector:
- "beta.kubernetes.io/os": linux
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
部署 Dashboard Metrics
$ kubectl apply -f dashboard-metrics.yaml
5、建立訪問的 ServiceAccount
建立一個繫結 admin 許可權的 ServiceAccount,獲取其 Token 用於訪問看板。
建立 Dashboard ServiceAccount 部署檔案
dashboard-token.yaml
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: admin
- rbac.authorization.kubernetes.io/autoupdate: "true"
- roleRef:
- kind: ClusterRole
- name: cluster-admin
- apiGroup: rbac.authorization.k8s.io
- subjects:
- - kind: ServiceAccount
- name: admin
- namespace: kube-system
- apiVersion: v1
- name: admin
- namespace: kube-system
- labels:
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
部署訪問的 ServiceAccount
$ kubectl apply -f dashboard-token.yaml
獲取 Token
$ kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6Ikp2bV9pZmNIR0xqLUxRREd3QlRzNU1pdnBkYnMxTXRlWG15alBidW0xNTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1zandkdiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjUxOTAxNmFkLTU3YjEtNDkzYS04ZGZiLTM2Mzg3NTIwODgwNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.I4voTZHn83jPe7apabqOtTjsBuj0uEbkgQGu1fl2tAbbpocg89NjN-DrTkyrETa7qDVp2bmXCHbIbiJU64xlfifCgNFgO0HnWqvuMgztYnYMUpbYSRuQVumn-WCDsIxBnfK-lIbhdSGZZVS66PK4Rwlf4hQHdE_3oclzBYnoz_i11xoFaDDUhhSLxmIDuBA-HoR-n_LJRDtJEqD7VmCTiDkUECxVpIM2oQtVb-nLxuBQg7M7rsbdWFsp5MJ7f-AdRBFgszEQaezBCt4kf0Uuakl6AC_0fDGjwEo04M12Md5Q7JOkyUNKgPbw0S3p8rxuw07I_LBipTIW8Sznll_wzw
四、登入新版本 Dashboard 檢視
本人的 Kubernetes 叢集地址為”192.168.0.155”並且在 Service 中設定了 NodePort 埠為 30001 和型別為 NodePort 方式訪問 Dashboard ,所以訪問地址:https://192.168.0.155:30001進入 Kubernetes Dashboard 頁面,然後輸入上一步中建立的 ServiceAccount 的 Token 進入 Dashboard,可以看到新的 Dashboard
跟上一個版本比較,整體風格更加簡潔,並且,可以感受到的是這個頁面比以前訪問速度更加快速(估計是加了快取),除了之外還增加了:
- 新增黑色主題
- 新增對CRD的管理
- 新增對叢集角色的編輯
- 新增對 kubernetes 物件以 yaml 格式進行編輯
- 修改叢集資源指標的監控監控資訊以及看板樣式
檢視設定
檢視個節點的資源情況
檢視node2的資源情況
五、部署 Metrics Server 為 Dashboard 提供指標資料
Dashboard 已經部署完成,不過登入 Dashboard 後可以看到:
這些欄資料顯示都是空,這是由於 Dashboard 的指標部署需要從 Metrics Server 中獲取,Dashboard 該版本另一個元件 kubernetes-metrics-scraper 就是用於從 Metrics Server 獲取指標的介面卡。之前我們已經部署 kubernetes-metrics-scraper 元件,接下來只要再部署 Metrics Server 元件就能獲取系統指標資料,供 Dashboard 繪製圖形,部署 Metrics Server 可以參考:
https://blog.csdn.net/baidu_38432732/article/details/105742271
當按照上面部署完成後,等一段時間,再重新整理 Dashboard 介面,可以觀察到如下介面: