kubernetes 二进制安装(v1.20.15)(九)收尾:部署几个仪表盘
2024-04-13 14:00:25
文章目录
- 部署dashboard
- dashboard.yaml:
- 创建dashboard组件
- 修改svc类型
- 生成token
- 部署MetricsServer
- metrics-server.yml
- 部署MetricsServer组件
- 查看资源使用情况
部署dashboard
cd /opt/TLS/k8s/yml
dashboard.yaml:
apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
---
kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""
---
apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard
---
kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:securityContext:seccompProfile:type: RuntimeDefaultcontainers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.5.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboardvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linuxtolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper
---
kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperspec:securityContext:seccompProfile:type: RuntimeDefaultcontainers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.7ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
上一篇能部署出来,这个yaml就能用哈哈。
创建dashboard组件
[root@k8s-master yml]# kubectl apply -f dashboard.yaml
....
修改svc类型
组件已成功创建,但是还不能从外部进行访问,为了能一见dashboard的芳容,我们需要改造一下svc的类型。
[root@vm01 yml]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard
service/kubernetes-dashboard patched
[root@vm01 yml]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-5b8896d7fc-62t5g 1/1 Running 0 4m23s
pod/kubernetes-dashboard-7b5d774449-np99c 1/1 Running 0 4m23s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.0.0.206 <none> 8000/TCP 4m23s
service/kubernetes-dashboard NodePort 10.0.0.128 <none> 443:31054/TCP 4m24s
#此时svc中已经出现了对外可访问的端口31054
在浏览器中访问 https://ip:31054
生成token
打开页面之后,你会发现需要登陆。
#创建service account
[root@vm01 yml]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
#绑定默认cluster-admin管理员集群角色
[root@vm01 yml]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
#查看token值,最长的那一串字符就是token值了
[root@vm01 yml]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')....
部署MetricsServer
从 v1.8 开始,资源使用情况的监控可以通过 Metrics API的形式获取,具体的组件为Metrics Server,用来替换之前的heapster,heapster从1.11开始逐渐被废弃。
metrics-server.yml
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: metrics-servername: metrics-servernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:k8s-app: metrics-serverrbac.authorization.k8s.io/aggregate-to-admin: "true"rbac.authorization.k8s.io/aggregate-to-edit: "true"rbac.authorization.k8s.io/aggregate-to-view: "true"name: system:aggregated-metrics-reader
rules:
- apiGroups:- metrics.k8s.ioresources:- pods- nodesverbs:- get- list- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:k8s-app: metrics-servername: system:metrics-server
rules:
- apiGroups:- ""resources:- pods- nodes- nodes/stats- namespaces- configmapsverbs:- get- list- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: metrics-servername: metrics-server-auth-readernamespace: kube-system
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccountname: metrics-servernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:labels:k8s-app: metrics-servername: metrics-server:system:auth-delegator
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:auth-delegator
subjects:
- kind: ServiceAccountname: metrics-servernamespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:labels:k8s-app: metrics-servername: system:metrics-server
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:metrics-server
subjects:
- kind: ServiceAccountname: metrics-servernamespace: kube-system
---
apiVersion: v1
kind: Service
metadata:labels:k8s-app: metrics-servername: metrics-servernamespace: kube-system
spec:ports:- name: httpsport: 443protocol: TCPtargetPort: httpsselector:k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:labels:k8s-app: metrics-servername: metrics-servernamespace: kube-system
spec:selector:matchLabels:k8s-app: metrics-serverstrategy:rollingUpdate:maxUnavailable: 0template:metadata:labels:k8s-app: metrics-serverspec:containers:- args:- --cert-dir=/tmp- --secure-port=4443- --kubelet-insecure-tls- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname- --kubelet-use-node-status-portimage: bitnami/metrics-server:0.4.1imagePullPolicy: IfNotPresentlivenessProbe:failureThreshold: 3httpGet:path: /livezport: httpsscheme: HTTPSperiodSeconds: 10name: metrics-serverports:- containerPort: 4443name: httpsprotocol: TCPreadinessProbe:failureThreshold: 3httpGet:path: /readyzport: httpsscheme: HTTPSperiodSeconds: 10securityContext:readOnlyRootFilesystem: truerunAsNonRoot: truerunAsUser: 1000volumeMounts:- mountPath: /tmpname: tmp-dirnodeSelector:kubernetes.io/os: linuxpriorityClassName: system-cluster-criticalserviceAccountName: metrics-servervolumes:- emptyDir: {}name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:labels:k8s-app: metrics-servername: v1beta1.metrics.k8s.io
spec:group: metrics.k8s.iogroupPriorityMinimum: 100insecureSkipTLSVerify: trueservice:name: metrics-servernamespace: kube-systemversion: v1beta1versionPriority: 100
部署MetricsServer组件
[root@k8s-master yml]# kubectl apply -f metrics-server.yml
....
查看资源使用情况
等个几分钟等它起来先。
#经过上述的操作之后,我们就可以按一定的排序规则来查看k8s集群的资源使用情况了
[root@vm01 yml]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
vm01 113m 11% 1223Mi 66%
vm02 71m 7% 720Mi 38%
vm03 83m 8% 816Mi 44%
[root@vm01 yml]# kubectl top pods -n kube-system
NAME CPU(cores) MEMORY(bytes)
calico-kube-controllers-858c9597c8-m4bvk 2m 27Mi
calico-node-j92d2 15m 160Mi
calico-node-mwv5h 20m 162Mi
calico-node-sb6hg 19m 177Mi
coredns-75c59cb869-znpk8 1m 18Mi
metrics-server-68cf7d657c-9rfg4 2m 15Mi
再来看dashboard界面,多了一些资源使用情况的可视化展示,对于分析问题来讲,是个不错的手段。
kubernetes 二进制安装(v1.20.15)(九)收尾:部署几个仪表盘相关推荐
- kubernetes 二进制安装(v1.20.15)(七)加塞一个工作节点
文章目录 k8s-node1 加入集群 分发文件 核对文件 启动kubelet 批准新Node证书申请 启动kube-proxy k8s-node1 加入集群 分发文件 #此操作在Master(k8s ...
- kubernetes 二进制安装(v1.20.16)(四)部署 master
文章目录 自签CA证书 生成CA证书配置 生成CA证书 部署Apiserver 签发apiserver 证书 创建配置文件 启用 TLS Bootstrapping 机制 创建管理文件 分发文件 核对 ...
- mysql二进制升级_MySQL二进制安装,升级,多实例部署
MySQL二进制安装,升级,多实例部署 目标 理解线上部署考虑的因素 学会编译安装以及二进制安装mysql 学会升级mysql 学会多实例部署mysql数据库 学会合理部署mysql线上库 考虑因素: ...
- 【k8s】记踩坑无数后的kubernetes二进制安装详细步骤
前言:其实远在8月份的时候就尝试过二进制安装kubernetes,结果当时遇到的问题很多,奈何自己知识面也不够,所以最后不了了之.最近时间稍微比较宽裕,就再次重振旗鼓,重新开始安装,没想到整个过程还蛮 ...
- Kubernetes 二进制安装详细步骤
目录 一.Kubernetes概述 1.1 分布式中容器编排面临的问题 1.2Kubernetes解决的问题 1.3 Kubernetes是什么 1.4 Kubernetes集群架构与组件 二.k8s ...
- kubernetes二进制安装
1.准备工作: k8s主机地址: 192.168.0.4 k8s-master01 192.168.0.5 k8s-master02 192.168.0.6 k8s-master03 192.168. ...
- 【kubernetes】k8s v1.20高可用多master节点部署
一,安装环境 1,硬件要求 内存:2GB或更多RAM CPU: 2核CPU或更多CPU 硬盘: 30GB或更多 2,本次环境说明: 操作系统:CentOS 7.9 内核版本:3.10.0-1160 虚 ...
- 离线安装k8sv1.20.5版本并部署服务
注意:我这里的离线安装包是V1.20.5的,单安装一个master节点并部署服务,保证可以使用.如果安装集群也是可以的,但是需要把离线包上传到所有的node节点,导入,最后把node节点接入到K8S集 ...
- 二进制安装K8S(四):部署flannel网络
一.master编写flannel脚本: vim /root/scripts/flannel.sh #!/bin/bash cd /opt/kubernetes/ssl/ #写入分配的子网网段 /op ...
最新文章
- 建一所希望小学需要600万!
- 今早服务器出现的问题
- Android:Android学习路线图
- hive多个表join_8个Hive数据仓工具面试题锦集!
- 使用继电器制作振荡器
- 苹果系统tft选哪个服务器不卡,TFT是什么
- 抖音短视频如何去水印
- 计算机桌面标题栏怎么锁定,(excel图表标题设置)在excel表格中,如何锁定标题栏不被修改?...
- 计算机无法启动故障树,发动机无法启动的故障树分析及诊断方法.docx
- CentOS安装NTFS-3G读写Windows 10的移动NTFS磁盘
- w ndows无法安装未知设备,Win7安装驱动程序时提示“unknown device(未知设备)”如何解决...
- Unity小地图中点击角色移动功能 (附上demo)
- Quoted-printable1(BUCTF在线评测)
- 怎么把图片的文字提取出来?
- Youtube到底怎么读?你读对了吗?
- Packets out of order
- JS 判断浏览器客户端类型(ipad,iphone,android)
- 补脾常见中成药辩驳------健脾丸、归脾丸、人参健脾丸和人参归脾丸的区别!
- ROS::多种方式的GDB调试
- JAVA 调用摄像头 拍照 实现人脸识别