Kubernetes 部署 Kubernetes-Dashboard v2.0.0 尝鲜
文章目录
!版权声明:本博客内容均为原创,每篇博文作为知识积累,写博不易,转载请注明出处。
参考地址:
- 部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy
系统环境:
- Kubernetes 版本:1.18.3
- kubernetes-dashboard 版本:v2.0.5
一、简介
Kubernetes Dashboard 是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身。这个项目在 Github 已经有半年多不更新了,最近推出了 v2.0.0 版本,这里在 Kubernetes 中部署一下,尝试看看新版本咋样。
二、兼容性
| Kubernetes版本 | 1.13 | 1.14 | 1.15 | 1.16 | 1.17 | 1.18 |
|---|---|---|---|---|---|---|
| 兼容性 | ? | ? | ? | ? | ? | ✓ |
- ✕ 不支持的版本范围。
- ✓ 完全支持的版本范围。
- ? 由于Kubernetes API版本之间的重大更改,某些功能可能无法在仪表板中正常运行。
三、部署 Kubernetes Dashboard
注意:如果“kube-system”命名空间已经存在 Kubernetes-Dashboard 相关资源,请换成别的 Namespace。
完整部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.0.0-deploy
1、Dashboard RBAC
创建 Dashboard RBAC 部署文件
k8s-dashboard-rbac.yaml
1apiVersion: v1
2kind: ServiceAccount
3metadata:
4 labels:
5 k8s-app: kubernetes-dashboard
6 name: kubernetes-dashboard
7 namespace: kube-system
8---
9apiVersion: rbac.authorization.k8s.io/v1
10kind: Role
11metadata:
12 labels:
13 k8s-app: kubernetes-dashboard
14 name: kubernetes-dashboard
15 namespace: kube-system
16rules:
17 - apiGroups: [""]
18 resources: ["secrets"]
19 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
20 verbs: ["get", "update", "delete"]
21 - apiGroups: [""]
22 resources: ["configmaps"]
23 resourceNames: ["kubernetes-dashboard-settings"]
24 verbs: ["get", "update"]
25 - apiGroups: [""]
26 resources: ["services"]
27 resourceNames: ["heapster", "dashboard-metrics-scraper"]
28 verbs: ["proxy"]
29 - apiGroups: [""]
30 resources: ["services/proxy"]
31 resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
32 verbs: ["get"]
33---
34apiVersion: rbac.authorization.k8s.io/v1
35kind: ClusterRole
36metadata:
37 labels:
38 k8s-app: kubernetes-dashboard
39 name: kubernetes-dashboard
40rules:
41 - apiGroups: ["metrics.k8s.io"]
42 resources: ["pods", "nodes"]
43 verbs: ["get", "list", "watch"]
44---
45apiVersion: rbac.authorization.k8s.io/v1
46kind: RoleBinding
47metadata:
48 labels:
49 k8s-app: kubernetes-dashboard
50 name: kubernetes-dashboard
51 namespace: kube-system
52roleRef:
53 apiGroup: rbac.authorization.k8s.io
54 kind: Role
55 name: kubernetes-dashboard
56subjects:
57 - kind: ServiceAccount
58 name: kubernetes-dashboard
59 namespace: kube-system
60---
61apiVersion: rbac.authorization.k8s.io/v1
62kind: ClusterRoleBinding
63metadata:
64 name: kubernetes-dashboard
65 namespace: kube-system
66roleRef:
67 apiGroup: rbac.authorization.k8s.io
68 kind: ClusterRole
69 name: kubernetes-dashboard
70subjects:
71 - kind: ServiceAccount
72 name: kubernetes-dashboard
73 namespace: kube-system
部署 Dashboard RBAC
1$ kubectl apply -f k8s-dashboard-rbac.yaml
2、创建 ConfigMap、Secret
创建 Dashboard Config & Secret 部署文件
k8s-dashboard-configmap-secret.yaml
1apiVersion: v1
2kind: Secret
3metadata:
4 labels:
5 k8s-app: kubernetes-dashboard
6 name: kubernetes-dashboard-certs
7 namespace: kube-system
8type: Opaque
9---
10apiVersion: v1
11kind: Secret
12metadata:
13 labels:
14 k8s-app: kubernetes-dashboard
15 name: kubernetes-dashboard-csrf
16 namespace: kube-system
17type: Opaque
18data:
19 csrf: ""
20---
21apiVersion: v1
22kind: Secret
23metadata:
24 labels:
25 k8s-app: kubernetes-dashboard
26 name: kubernetes-dashboard-key-holder
27 namespace: kube-system
28type: Opaque
29---
30kind: ConfigMap
31apiVersion: v1
32metadata:
33 labels:
34 k8s-app: kubernetes-dashboard
35 name: kubernetes-dashboard-settings
36 namespace: kube-system
部署 Dashboard Config & Secret
1$ kubectl apply -f k8s-dashboard-configmap-secret.yaml
3、kubernetes-dashboard
创建 Dashboard Deploy 部署文件
k8s-dashboard-deploy.yaml
1## Dashboard Service
2kind: Service
3apiVersion: v1
4metadata:
5 labels:
6 k8s-app: kubernetes-dashboard
7 name: kubernetes-dashboard
8 namespace: kube-system
9spec:
10 type: NodePort
11 ports:
12 - port: 443
13 nodePort: 30001
14 targetPort: 8443
15 selector:
16 k8s-app: kubernetes-dashboard
17---
18## Dashboard Deployment
19kind: Deployment
20apiVersion: apps/v1
21metadata:
22 labels:
23 k8s-app: kubernetes-dashboard
24 name: kubernetes-dashboard
25 namespace: kube-system
26spec:
27 replicas: 1
28 revisionHistoryLimit: 10
29 selector:
30 matchLabels:
31 k8s-app: kubernetes-dashboard
32 template:
33 metadata:
34 labels:
35 k8s-app: kubernetes-dashboard
36 spec:
37 serviceAccountName: kubernetes-dashboard
38 containers:
39 - name: kubernetes-dashboard
40 image: kubernetesui/dashboard:v2.0.5
41 securityContext:
42 allowPrivilegeEscalation: false
43 readOnlyRootFilesystem: true
44 runAsUser: 1001
45 runAsGroup: 2001
46 ports:
47 - containerPort: 8443
48 protocol: TCP
49 args:
50 - --auto-generate-certificates
51 - --namespace=kube-system #设置为当前部署的Namespace
52 resources:
53 limits:
54 cpu: 1000m
55 memory: 512Mi
56 requests:
57 cpu: 1000m
58 memory: 512Mi
59 livenessProbe:
60 httpGet:
61 scheme: HTTPS
62 path: /
63 port: 8443
64 initialDelaySeconds: 30
65 timeoutSeconds: 30
66 volumeMounts:
67 - name: kubernetes-dashboard-certs
68 mountPath: /certs
69 - name: tmp-volume
70 mountPath: /tmp
71 - name: localtime
72 readOnly: true
73 mountPath: /etc/localtime
74 volumes:
75 - name: kubernetes-dashboard-certs
76 secret:
77 secretName: kubernetes-dashboard-certs
78 - name: tmp-volume
79 emptyDir: {}
80 - name: localtime
81 hostPath:
82 type: File
83 path: /etc/localtime
84 tolerations:
85 - key: node-role.kubernetes.io/master
86 effect: NoSchedule
部署 Dashboard Deploy
1$ kubectl apply -f k8s-dashboard-deploy.yaml
4、创建 kubernetes-metrics-scraper
创建 Dashboard Metrics 部署文件
k8s-dashboard-metrics.yaml
1## Dashboard Metrics Service
2kind: Service
3apiVersion: v1
4metadata:
5 labels:
6 k8s-app: dashboard-metrics-scraper
7 name: dashboard-metrics-scraper
8 namespace: kube-system
9spec:
10 ports:
11 - port: 8000
12 targetPort: 8000
13 selector:
14 k8s-app: dashboard-metrics-scraper
15---
16## Dashboard Metrics Deployment
17kind: Deployment
18apiVersion: apps/v1
19metadata:
20 labels:
21 k8s-app: dashboard-metrics-scraper
22 name: dashboard-metrics-scraper
23 namespace: kube-system
24spec:
25 replicas: 1
26 revisionHistoryLimit: 10
27 selector:
28 matchLabels:
29 k8s-app: dashboard-metrics-scraper
30 template:
31 metadata:
32 labels:
33 k8s-app: dashboard-metrics-scraper
34 annotations:
35 seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
36 spec:
37 serviceAccountName: kubernetes-dashboard
38 containers:
39 - name: dashboard-metrics-scraper
40 image: kubernetesui/metrics-scraper:v1.0.6
41 securityContext:
42 allowPrivilegeEscalation: false
43 readOnlyRootFilesystem: true
44 runAsUser: 1001
45 runAsGroup: 2001
46 ports:
47 - containerPort: 8000
48 protocol: TCP
49 resources:
50 limits:
51 cpu: 1000m
52 memory: 512Mi
53 requests:
54 cpu: 1000m
55 memory: 512Mi
56 livenessProbe:
57 httpGet:
58 scheme: HTTP
59 path: /
60 port: 8000
61 initialDelaySeconds: 30
62 timeoutSeconds: 30
63 volumeMounts:
64 - mountPath: /tmp
65 name: tmp-volume
66 - name: localtime
67 readOnly: true
68 mountPath: /etc/localtime
69 volumes:
70 - name: tmp-volume
71 emptyDir: {}
72 - name: localtime
73 hostPath:
74 type: File
75 path: /etc/localtime
76 nodeSelector:
77 "beta.kubernetes.io/os": linux
78 tolerations:
79 - key: node-role.kubernetes.io/master
80 effect: NoSchedule
部署 Dashboard Metrics
1$ kubectl apply -f k8s-dashboard-metrics.yaml
5、创建访问的 ServiceAccount
创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板。
创建 Dashboard ServiceAccount 部署文件
k8s-dashboard-token.yaml
1kind: ClusterRoleBinding
2apiVersion: rbac.authorization.k8s.io/v1
3metadata:
4 name: admin
5 annotations:
6 rbac.authorization.kubernetes.io/autoupdate: "true"
7roleRef:
8 kind: ClusterRole
9 name: cluster-admin
10 apiGroup: rbac.authorization.k8s.io
11subjects:
12- kind: ServiceAccount
13 name: admin
14 namespace: kube-system
15---
16apiVersion: v1
17kind: ServiceAccount
18metadata:
19 name: admin
20 namespace: kube-system
21 labels:
22 kubernetes.io/cluster-service: "true"
23 addonmanager.kubernetes.io/mode: Reconcile
部署访问的 ServiceAccount
1$ kubectl apply -f k8s-dashboard-token.yaml
获取 Token
1$ kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1iNGo0aCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjkwMTQzMWYxLTVmNGItMTFlOS05Mjg3LTAwMGMyOWQ5ODY5NyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.iwE1UdhB78FgXZJh4ByyOZVNh7M1l2CmOOevihOrY9tl_Z5sf3i_04CA33xA2LAMg7WNVYPjGB7vszBlkQyDGw0H5kJzIfL1YnR0JeLQkNk3v9TLyRqKJA2n8pxmJQIJP1xq0OPRGOfcA_n_c5qESs9QFHejVc5vABim8VBGX-pefKoJVXgu3r4w8gr1ORn4l5-LtHdQjSz3Dys7HwZo71fX2aLQR5bOPurkFKXqymcUoBYpWVsf-0cyN7hLRO-x-Z1i-uVpdM8ClpYSHv49eoDJePrcWpRp-Ryq6SNpGhiqCjjifEQAVHbr36QSAx8I1aamqLcpA0Da2qnunw52JA
四、登录新版本 Dashboard 查看
本人的 Kubernetes 集群地址为"192.168.2.11"并且在 Service 中设置了 NodePort 端口为 30001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址:https://192.168.2.11:30001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard。
跟上一个版本比较,整体风格更加简洁,并且,可以感受到的是这个页面比以前访问速度更加快速(估计是加了缓存),除了之外还增加了:
- 新增黑色主题
- 新增对CRD的管理
- 新增对集群角色的编辑
- 新增对 kubernetes 对象以 yaml 格式进行编辑
- 修改集群资源指标的监控监控信息以及看板样式
五、部署 Metrics Server 为 Dashboard 提供指标数据
Dashboard 已经部署完成,不过登录 Dashboard 后可以看到:
这些栏数据显示都是空,这是由于 Dashboard 的指标部署需要从 Metrics Server 中获取,Dashboard 该版本另一个组件 kubernetes-metrics-scraper 就是用于从 Metrics Server 获取指标的适配器。之前我们已经部署 kubernetes-metrics-scraper 组件,接下来只要再部署 Metrics Server 组件就能获取系统指标数据,供 Dashboard 绘制图形,部署 Metrics Server 可以参考:
当按照上面部署完成后,等一段时间,再刷新 Dashboard 界面,可以观察到如下界面:
--END--
!版权声明:本博客内容均为原创,每篇博文作为知识积累,写博不易,转载请注明出处。