Kubernetes叢集中部署dashboard
部署 dashboard 外掛
下載k8s後的解壓縮目錄結構:kubernetes/cluster/addons/dashboard
使用的檔案:
$ ls *.yaml
dashboard-controller.yaml dashboard-rbac.yaml dashboard-service.yaml
- 新加了
dashboard-rbac.yaml
檔案,定義 dashboard 使用的 RoleBinding。
由於 kube-apiserver
啟用了 RBAC
授權,而官方原始碼目錄的 dashboard-controller.yaml
沒有定義授權的 ServiceAccount,所以後續訪問 kube-apiserver
解決辦法是:定義一個名為 dashboard 的 ServiceAccount,然後將它和 Cluster Role view 繫結。參考下面修改的檔案。
dashboard-controller.yaml
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: serviceAccountName: dashboard containers: - name: kubernetes-dashboard image: cokabug/kubernetes-dashboard-amd64:v1.6.0 resources: limits: cpu: 100m memory: 50Mi requests: cpu: 100m memory: 50Mi ports: - containerPort: 9090 livenessProbe: httpGet: path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 tolerations: - key: "CriticalAddonsOnly" operator: "Exists"
dashboard-service.yaml
apiVersion: v1 kind: Service metadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: type: NodePort selector: k8s-app: kubernetes-dashboard ports: - port: 80 targetPort: 9090
dashboard-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
配置dashboard-service
$ diff dashboard-service.yaml.orig dashboard-service.yaml
10a11
> type: NodePort
- 指定埠型別為 NodePort,這樣外界可以通過地址 nodeIP:nodePort 訪問 dashboard;
配置dashboard-controller
20a21
> serviceAccountName: dashboard
23c24
< image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.0
---
> image: cokabug/kubernetes-dashboard-amd64:v1.6.0
- 使用名為 dashboard 的自定義 ServiceAccount;
執行所有定義檔案
$ pwd
/home/app/kubernetes/cluster/addons/dashboard
$ ls *.yaml
dashboard-controller.yaml dashboard-rbac.yaml dashboard-service.yaml
$ kubectl create -f .
$
檢查執行結果
檢視分配的 NodePort
$ kubectl get services kubernetes-dashboard -n kube-system
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.254.224.130 <nodes> 80:30312/TCP 25s
- NodePort 30312對映到 dashboard pod 80埠;
檢查 controller
$ kubectl get deployment kubernetes-dashboard -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kubernetes-dashboard 1 1 1 1 3m
$ kubectl get pods -n kube-system | grep dashboard
kubernetes-dashboard-1339745653-pmn6z 1/1 Running 0 4m
訪問dashboard
- kubernetes-dashboard 服務暴露了 NodePort,可以使用
http://NodeIP:nodePort
地址訪問 dashboard; - 通過 kube-apiserver 訪問 dashboard;
- 通過 kubectl proxy 訪問 dashboard:
通過 kubectl proxy訪問dashboard
啟動代理
$ kubectl proxy --address='10.501.101.41' --port=8086 --accept-hosts='^*$'
Starting to serve on 10.501.101.41:8086
- 需要指定
--accept-hosts
選項,否則瀏覽器訪問 dashboard 頁面時提示 “Unauthorized”;
瀏覽器訪問 URL:http://10.501.101.41:8086/ui
自動跳轉到:http://10.501.101.41:8086/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload?namespace=default
通過 kube-apiserver 訪問dashboard
獲取叢集服務地址列表
$ kubectl cluster-info
Kubernetes master is running at https://10.501.101.41:6443
KubeDNS is running at https://10.501.101.41:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns
kubernetes-dashboard is running at https://10.501.101.41:6443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
由於 kube-apiserver 開啟了 RBAC 授權,而瀏覽器訪問 kube-apiserver 的時候使用的是匿名證書,所以訪問安全埠會導致授權失敗。這裡需要使用非安全埠訪問 kube-apiserver:
瀏覽器訪問 URL:http://10.501.101.41:8080/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
由於缺少 Heapster 外掛,當前 dashboard 不能展示 Pod、Nodes 的 CPU、記憶體等 metric 圖形;
歡迎訂閱微信公眾號