[转帖]Kubernetes-18:Dashboard安装及使用

kubernetes,dashboard,安装,使用 · 浏览次数 : 0

小编点评

## Dashboard 生成内容时带简单的排版 **1. 创建变量文件** ```yaml repository: k8s.gcr.io/kubernetes-dashboard-amd64 tag: v1.10.1 #指定版本ingress: enabled: true hosts: - k8s.vfancloud.com #指定域名 annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" #指定secret,也就是指定你的证书 secretName: repository-ssl ``` **2. 编辑变量文件** ```yaml #创建时使用 -f指定此变量文件即可 helm install . --version 2.6.0 -n k8s-dashboard --namespace kube-system -f dashboardvaluse.yamlNAME: k8s-dashboardLAST DEPLOYED: Wed Sep 23 21:58:42 2020NAMESPACE: kube-systemSTATUS: DEPLOYED ``` **3. 创建tls** ```yaml kubectl create secret tls repository-ssl --key server.key --cert server.crt ``` **4. 编辑证书文件** ```yaml #编辑完毕后,创建时使用 -f指定此变量文件即可 kubectl edit cert server.crt ``` **5. 创建Service和Secret** ```yaml #Service kind: Service TYPE: Cluster-IP NAME: k8s-dashboard CLUSTERIP: 10.97.71.25 #Secret kind: Secret TYPE: Cluster-IP NAME: k8s-dashboard-csrf ``` **6. 创建ServiceAccount** ```yaml #ServiceAccount kind: ServiceAccount TYPE: SECRETS NAME: k8s-dashboard-key-holder ``` **7. 创建Service和Port** ```yaml #Service kind: Service TYPE: Service NAME: k8s-dashboard-service CLUSTERIP: 10.97.71.25 #Port kind: Port NAME: k8s-dashboard-port TYPE: TCP CLUSTERPORT: 31087 HOSTPORT: 31087 ``` **8. 创建ServiceAccountBinding** ```yaml #ServiceAccountBinding kind: ServiceAccountBinding TYPE: SECRETS NAME: k8s-dashboard-key-holder APPSECRET: k8s-dashboard-key-holder ```

正文

https://www.cnblogs.com/v-fan/p/13950268.html

 

Helm安装Dashboard

简介

Dashboard 是 kubernetes 的图形化管理工具,可直观的看到k8s中各个类型控制器的当前运行情况,以及Pod的日志,另外也可直接在 dashboard 中对已有的资源进行资源清单的修改。

 

 

 

安装

注意:前提是已经安装好helm工具,如未安装还可请参考本人其他随笔:https://www.cnblogs.com/v-fan/p/13949025.html

复制代码
# 安装 helm 的 repo源
helm repo add k8s-dashboard https://kubernetes.github.io/dashboard
​
# 安装Dashboard,注意:要安装到kube-system名称空间下才可以操控整个集群
[root@Centos8 ~]# helm install k8s-dashboard/kubernetes-dashboard --version 2.6.0 -n k8s-dashboard --namespace kube-system
NAME:   k8s-dashboard
LAST DEPLOYED: Sat Sep 12 11:43:46 2020
NAMESPACE: kube-system
STATUS: DEPLOYED
​
RESOURCES:
==> v1/ClusterRole
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ClusterRoleBinding
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ConfigMap
NAME                                         DATA  AGE
k8s-dashboard-kubernetes-dashboard-settings  0     1s
​
==> v1/Deployment
NAME                                READY  UP-TO-DATE  AVAILABLE  AGE
k8s-dashboard-kubernetes-dashboard  0/1    1           0          1s
​
==> v1/Pod(related)
NAME                                                 READY  STATUS             RESTARTS  AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79  0/1    ContainerCreating  0         1s
​
==> v1/Role
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/RoleBinding
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/Secret
NAME                                      TYPE    DATA  AGE
k8s-dashboard-kubernetes-dashboard-certs  Opaque  0     1s
kubernetes-dashboard-csrf                 Opaque  0     1s
kubernetes-dashboard-key-holder           Opaque  0     1s
​
==> v1/Service
NAME                                TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)  AGE
k8s-dashboard-kubernetes-dashboard  ClusterIP  10.111.75.108  <none>       443/TCP  1s
​
==> v1/ServiceAccount
NAME                                SECRETS  AGE
k8s-dashboard-kubernetes-dashboard  1        1s
​
​
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************
​
Get the Kubernetes Dashboard URL by running:
  export POD_NAME=$(kubectl get pods -n kube-system -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=k8s-dashboard" -o jsonpath="{.items[0].metadata.name}")
  echo https://127.0.0.1:8443/
  kubectl -n kube-system port-forward $POD_NAME 8443:8443
复制代码

回显中可以看到,在kube-system名称空间下为k8s集群创建ClusterRole、ClusterRoleBinding、ConfigMap、Deployment、Pod(related)、Role、RoleBinding、Secret、Service和ServiceAccount等资源

详细可参考helm官方手册:https://hub.helm.sh/charts/k8s-dashboard/kubernetes-dashboard

 

查看是Pod是否正常启动
[root@Centos8 dashboard]# kubectl get pod -n kube-system
NAME                                                 READY   STATUS        RESTARTS   AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79   0/1     ImagePullBackOff   0  2m59s

发现 Pod 状态为 ImagePullBackOff ,因为镜像的原因,查看下所需镜像:

[root@Centos8 dashboard]# kubectl describe pod k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79 -n kube-system
  Normal   BackOff    72s (x7 over 3m13s)   kubelet, testcentos7  Back-off pulling image "kubernetesui/dashboard:v2.0.3"

 

自己手动导入镜像,并传入所有的node节点即可:

[root@Centos8 dashboard]# docker pull kubernetesui/dashboard:v2.0.3
v2.0.3: Pulling from kubernetesui/dashboard
d5ba0740de2a: Pull complete 
Digest: sha256:45ef224759bc50c84445f233fffae4aa3bdaec705cb5ee4bfe36d183b270b45d
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.3

再次查看Pod状态,正常运行:

[root@Centos8 ~]# kubectl get pod -n kube-system
NAME                                                  READY   STATUS    RESTARTS   AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-zgz79   1/1     Running   0          102s

 

配置

修改service的type类型为Nodeport,使其可以外部访问

复制代码
# 默认为 ClusterIp
[root@Centos8 ~]# kubectl get svc -n kube-system
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   
k8s-dashboard-kubernetes-dashboard   ClusterIP   10.111.75.108    <none>        443/TCP   
​
# 修改
[root@Centos8 ~]# kubectl edit svc k8s-dashboard-kubernetes-dashboard -n kube-system
...
ports:
  - name: https
    nodePort: 30001
type: NodePort
...
service/k8s-dashboard-kubernetes-dashboard edited
​
#修改成功
[root@Centos8 ~]# kubectl get svc -n kube-system
NAME                                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   
k8s-dashboard-kubernetes-dashboard   NodePort    10.111.75.108    <none>    443:30001/TCP
复制代码

Dashboard默认为https

 

访问

https://192.168.152.53:3000

 

 

 

提示选择是使用Token方式连接还是Kubeconfig方式连接,看个人心情。

在此使用Token连接,查看Token方法:

复制代码
[root@Centos8 ~]# kubectl get secret -n kube-system |grep dashboard
k8s-dashboard-kubernetes-dashboard-certs         Opaque                                0 
k8s-dashboard-kubernetes-dashboard-token-xpjj8   kubernetes.io/service-account-token   3 
​
[root@Centos8 ~]# kubectl describe secret k8s-dashboard-kubernetes-dashboard-token-xpjj8 -n kube-system | grep token
Name:         k8s-dashboard-kubernetes-dashboard-token-xpjj8
Type:  kubernetes.io/service-account-token
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrOHMtZGFzaGJvYXJkLWt1YmVybmV0ZXMtZGFzaGJvYXJkLXRva2VuLXhwamo4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Ims4cy1kYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1YjRjMzViYi02Mzc3LTRhY2EtYWY0Yy1mZmQyYjg2OWFmM2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06azhzLWRhc2hib2FyZC1rdWJlcm5ldGVzLWRhc2hib2FyZCJ9.WTibcCYSOqTpfyTBT6vqsHULTfmWh3TU3NcQHIf-yZw-r5pdd2H5Edz4VqG6d_Ef1zwCzD6Burvdq80gQps7Ju9FdxLl_cjNgq6r9fycaYUMIedrgof7w43BIyBiwh064f3SFpJuZToVxErdHBnLToDpiNjJ0rbsn79oRufA6VRbqA0ogstcFfZ55lWGuEZ7JoDOUH_vno1geZQvk8LJLfd75EeMEBaq_F7I_7go5cydPvi11Sm3hKigOY53wwsBlvNJ3FlTfZMAxPb5IP024cJB-zXXdZjiUDGzeagcwAqrKdKwZl78RW1q0VXM5QwtL08dOBDgoOHMFeiSkeEjyw
复制代码

将Token的值粘贴进网页,点击登录即可。

 

但是,默认情况下,直接进入,它本身没有访问整个集群的权限,所以要先对 dashborad 的SA进行一个ClusterRoleBinding 的操作:

vim dashbindins.yaml

复制代码
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-1
subjects:
- kind: ServiceAccount
  name: k8s-dashboard-kubernetes-dashboard
  namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
复制代码

将 cluster-admin 的权限赋予给名称为 k8s-dashboard-kubernetes-dashboard 的 SA,cluster-admin是集群默认的的角色,具有整个集群的所有权限,如果有个性化需求,自己定义一个ClusterRole也是可以的

 

进行绑定:

[root@Centos8 dashboard]# kubectl create -f dashbindins.yaml 
clusterrolebinding.rbac.authorization.k8s.io/dashboard-1 created

绑定完成后,再次刷新 dashboard 的界面,就可以看到整个集群的资源情况。

 

个性化定制参数

Dashboard 默认采用 https 的形式进行访问,众所周知,https是需要绑定证书的,咱们以上直接通过 helm 方法安装的是自动绑定了config文件里的证书:

crt:grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d
kry:grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

 

但是如果我们想要定义自己的https证书,我们可以在创建 dashboard 的时候采用指定变量的方法:

先将 dashboard 文件下载下来:

复制代码
[root@Centos8 dashboard]# helm fetch k8s-dashboard/kubernetes-dashboard
[root@Centos8 dashboard]# ls
kubernetes-dashboard-2.6.0.tgz
​
[root@Centos8 dashboard]# tar zxvf kubernetes-dashboard-2.6.0.tgz
[root@Centos8 kubernetes-dashboard]# ls
charts  Chart.yaml  README.md  requirements.lock  requirements.yaml  templates  values.yaml
复制代码

 

创建变量文件:

vim dashboardvaluse.yaml

复制代码
image: 
  repository: k8s.gcr.io/kubernetes-dashboard-amd64 # 指定存储库
  tag: v1.10.1  #指定版本
ingress:
  enabled: true #ingress是否开启
  hosts:
  - k8s.vfancloud.com   #指定域名
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  tls:  #指定secret,也就是指定你的证书
  - secretName: repository-ssl
    hosts:
    - k8s.vfancloud.com
rbac:
  clusterAdminRole: true
复制代码

创建tls:kubectl create secret tls repository-ssl --key server.key --cert server.crt

 

编辑完毕后,创建时使用 -f 指定此变量文件即可:

复制代码
[root@Centos8 kubernetes-dashboard]# helm install . --version 2.6.0 -n k8s-dashboard --namespace kube-system -f dashboardvaluse.yaml
NAME:   k8s-dashboard
LAST DEPLOYED: Wed Sep 23 21:58:42 2020
NAMESPACE: kube-system
STATUS: DEPLOYED
​
RESOURCES:
==> v1/ClusterRole
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ClusterRoleBinding
NAME                                        AGE
k8s-dashboard-kubernetes-dashboard-metrics  0s
​
==> v1/ConfigMap
NAME                                         DATA  AGE
k8s-dashboard-kubernetes-dashboard-settings  0     2s
​
==> v1/Deployment
NAME                                READY  UP-TO-DATE  AVAILABLE  AGE
k8s-dashboard-kubernetes-dashboard  0/1    1           0          2s
​
==> v1/Pod(related)
NAME                                                 READY  STATUS             RESTARTS  AGE
k8s-dashboard-kubernetes-dashboard-6d5c6c747f-5dkhj  0/1    ContainerCreating  0         1s
​
==> v1/Role
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/RoleBinding
NAME                                AGE
k8s-dashboard-kubernetes-dashboard  0s
​
==> v1/Secret
NAME                                      TYPE    DATA  AGE
k8s-dashboard-kubernetes-dashboard-certs  Opaque  0     2s
kubernetes-dashboard-csrf                 Opaque  0     2s
kubernetes-dashboard-key-holder           Opaque  0     2s
​
==> v1/Service
NAME                                TYPE       CLUSTER-IP   EXTERNAL-IP  PORT(S)  AGE
k8s-dashboard-kubernetes-dashboard  ClusterIP  10.97.71.25  <none>       443/TCP  2s
​
==> v1/ServiceAccount
NAME                                SECRETS  AGE
k8s-dashboard-kubernetes-dashboard  1        2s
​
==> v1beta1/Ingress
NAME                                HOSTS              ADDRESS  PORTS  AGE
k8s-dashboard-kubernetes-dashboard  hub.vfancloud.com  80, 443  2s
​
​
NOTES:
*********************************************************************************
*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install ***
*********************************************************************************
From outside the cluster, the server URL(s) are:
     https://hub.vfancloud.com
复制代码

至此,后边的步骤就和上边演示的一样了,绑定ClusterRole即可使用https://hub.vfancloud.com进行访问,以上变量文件仅仅是指定了部分值,具体其他可选变量可以去官网上查看。

 

使用域名访问:https://hub.vfancloud.com:31087

与[转帖]Kubernetes-18:Dashboard安装及使用相似的内容:

[转帖]Kubernetes-18:Dashboard安装及使用

https://www.cnblogs.com/v-fan/p/13950268.html Helm安装Dashboard 简介 Dashboard 是 kubernetes 的图形化管理工具,可直观的看到k8s中各个类型控制器的当前运行情况,以及Pod的日志,另外也可直接在 dashboard 中

【转帖】eBay 云计算“网”事:网络超时篇

https://www.infoq.cn/article/JmCbkA0XX9NqrcX6loIo eBay技术荟 2020-06-19 本文字数:5508 字 阅读完需:约 18 分钟 导读 eBay 自 2016 年开始将业务迁往 Kubernetes 容器平台,其间遇到了各种网络问题。云计算“

[转帖]Kubernetes 蓝绿发布、ABTest、滚动发布、灰度发布、金丝雀发布简介

蓝绿发布: 一些应用程序只需要部署一个新版本,并需要立即切到这个版本。因此,我们需要执行蓝/绿部署。在进行蓝/绿部署时,应用程序的一个新副本(绿)将与现有版本(蓝)一起部署。然后更新应用程序的入口/路由器以切换到新版本(绿)。然后,您需要等待旧(蓝)版本来完成所有发送给它的请求,但是大多数情况下,应

[转帖]kubernetes 资源管理概述

https://cizixs.com/2018/06/25/kubernetes-resource-management/ kubernetes 资源简介 什么是资源? 在 kubernetes 中,有两个基础但是非常重要的概念:node 和 pod。node 翻译成节点,是对集群资源的抽象;pod

[转帖]Kubernetes中的nodePort,targetPort,port的区别和意义(转)

原文https://blog.csdn.net/u013760355/article/details/70162242 https://blog.csdn.net/xinghun_4/article/details/50492041 1. nodePort 外部机器可访问的端口。 比如一个Web应用

[转帖]Kubernetes 集群无损升级实践

https://www.jianshu.com/p/182952a00efc 一、背景 活跃的社区和广大的用户群,使 Kubernetes 仍然保持3个月一个版本的高频发布节奏。高频的版本发布带来了更多的新功能落地和 bug 及时修复,但是线上环境业务长期运行,任何变更出错都可能带来巨大的经济损失,

[转帖]Kubernetes 领进门 | 使用 Ingress-nginx 反向代理外部站点

https://cloud.tencent.com/developer/article/2187041 warning: 这篇文章距离上次修改已过204天,其中的内容可能已经有所变动。 本文旨在展示如何使用 ingress-nginx 作为反向代理加速集群外部服务原理。下文以反向代理 github

[转帖]kubernetes Tcp流量可视化

https://www.cnblogs.com/charlieroro/p/16771739.html 使用k8spacket和grafana的node graph插件可以查看kubernetes pod的TCP相关信息,如connection、bytes、和duration。下面是接收和响应的字节

[转帖]Kubernetes的垂直和水平扩缩容的性能评估

https://www.cnblogs.com/charlieroro/p/17009778.html 译自:Performance evaluation of the autoscaling strategies vertical and horizontal using Kubernetes 可

[转帖]Kubernetes的Nginx Ingress 0.20之前的版本,upstream的keep-alive不生效

https://www.cnblogs.com/lizexiong/p/15358923.html 1说明 Kubernetes使用nginx-ingress-controller代理到集群内服务的请求,nginx所在的机器上上有大量的time-wait连接。 抓包发现nginx发起的到upstre