k8s高可用环境部署7(Dashboard and metrics)
前言
通过前面的文档,K8S集群基本部署成功了,但是在正式 上线服务之前,我们还需要部署一些组件,来实现运维,监控,以及管理。
这一篇介绍的是部署kubernetes-dashboard来实现k8s的可视化管理。
部署dashboard
<1>创建dashboard目录
用于存放之后的密钥及文件
mkdir /etc/dashboard-certs
<2>下载yml
cd /etc/dashboard-certs
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
如果无法下载,可复制后面的recommended.yaml内容
<3>配置外部访问端口
vim recommended.yamlkind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 30001selector:k8s-app: kubernetes-dashboard#type:NodePort 配置外部访问方式为NodePort
#port:443 容器间服务调用的端口
#targetPort:8443 容器暴露的端口
#nodePort:30001 NodePort外部访问的端口,可自行配置(云服务器需要注意放开这个端口)
<3>创建管理用户
vim dashboard-admin.yamlapiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: dashboard-adminnamespace: kubernetes-dashboard
<4>创建用户权限
vim dashboard-admin-bind-cluster-role.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: dashboard-admin-bind-cluster-rolelabels:k8s-app: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: dashboard-adminnamespace: kubernetes-dashboard
<5>证书的配置
解决部分浏览器无法访问
https://moxiao.blog.csdn.net/article/details/106858790#创建命名空间
kubectl create namespace kubernetes-dashboard
#创建key文件
openssl genrsa -out dashboard.key 2048
#证书请求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
#自签证书
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
<6>镜像问题处理
由于网络问题,部分镜像可能无法拉取,导致部署失败,可以提前尝试拉取
如果没有该版本的镜像,可修改yaml文件降低版本
示例:
cat recommended.yaml |grep imagemetrics-scraper无v1.0.6版本,修改yaml文件后,拉取阿里云镜像
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.4
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-scraper:v1.0.4 kubernetesui/metrics-scraper:v1.0.4
<7>部署dashboard
kubectl create -f recommended.yaml
kubectl create -f dashboard-admin.yaml
kubectl create -f dashboard-admin-bind-cluster-role.yaml
<8>查看token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
注意你的命令空间的名称,如果不是按照这个文档做的,建议修改为自己的命名空间
token也可保存为文件
<9>查看pod和svc
kubectl get pod -A -o wide |grep dashboard
kubectl get svc -n kubernetes-dashboard
补充:
ClusterIP服务是 Kubernetes 的默认服务。服务只能够在集群内部可以访问,而集群外部无法访问。但是可以使用nginx进行代理到外面。
NodePort服务是引导外部流量到服务的方式。它会在所有节点上开放一个特定端口,任何发送到该端口的流量都被转发到对应服务。如果你不指定这个端口,系统将选择一个随机端口。端口范围默认是30000-32767,可各调整master节点apiseverver并重启
vim /etc/kubernetes/manifests/kube-apiserver.yaml
增加 --service-node-port-range=1-65535
<9>访问dashboard,使用tonken登录
https://IP:30001
k8s各节点的外网IP都可以
例如:
https://192.168.1.4:30001
<10>安装metrics-server
mkdir /etc/metrics-server
cd /etc/metrics-server
wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yamlvim components.yaml- name: metrics-serverimage: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 #镜像imagePullPolicy: IfNotPresentargs:- --cert-dir=/tmp- --secure-port=4443command: #添加以下三行command命令- /metrics-server- --kubelet-preferred-address-types=InternalIP- --kubelet-insecure-tlsports:- name: main-portcontainerPort: 4443kubectl apply -f components.yaml
<11>查看pod cpu,内存
查看各节点资源
kubectl top node
查看pod已占用的cpu,内存
kubectl top pod -A
or
kubectl top pod -n kubernetes-dashboard
CPU单位100m=0.1
内存单位1Mi=1024Ki
<12>dashboard yaml文件
cat recommended.yaml# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 30001selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.2.0imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.6ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
k8s高可用环境部署7(Dashboard and metrics)相关推荐
- ansible-playbook部署K8S高可用集群
通过ansible-playbook,以Kubeadm方式部署K8S高可用集群(多主多从). kubernetes安装目录: /etc/kubernetes/KubeConfig: ~/.kube/c ...
- 部署一套完整的K8s高可用集群(二进制-V1.20)
<部署一套完整的企业级K8s集群> v1.20,二进制方式 作者信息 李振良(阿良),微信:xyz12366699 DevOps实战学院 http://www.aliangedu.cn 说 ...
- k8s高可用集群搭建部署
简介 k8s普通搭建出来只是单master节点,如果该节点挂掉,则整个集群都无法调度,K8s高可用集群是用多个master节点加负载均衡节点组成,外层再接高可用分布式存储集群例如ceph集群,实现计算 ...
- mysql+keepalived搭建高可用环境
假设已经搭建好了mysql并且存在正常状态的主主复制 1.安装keepalived并且根据业务的vip及主机网卡,ip配置好/etc/keepalived/keepalived.conf,具体操作已在 ...
- K8S实战之环境部署1.18(一)
安装要求,准备环境 #系统centos7.6 #硬件:2个CPU,2G内存 #可以访问外网,禁用swap #提前安装docker环境 准备三台服务器 初始化系统环境,以下命令三台服务器全部执行 1.1 ...
- 镭速(Raysync)文件传输高可用安装部署介绍!
使用HeartBeat实现高可用HA的配置.HA即(high available)高可用,又被叫做双机热备,用于关键性业务.简单理解就是,有2台机器 A 和 B,正常是 A提供服务,B待命闲置,当 A ...
- 企业实战-Kubernetes(十四)k8s高可用集群
k8s高可用集群 1 使用pacemaker搭建k8s的高可用(haproxy的高可用) 安装并配置haproxy 安装并配置pacemaker 2 k8s集群部署 master准备 三个结点关闭交换 ...
- MHA+keepalive高可用环境搭建
MHA+keepalive高可用环境搭建 2017年02月17日 14:05:57 阅读数:2582 MHA(Master HighAvailability)目前在MySQL高可用方面是一个相对成熟的 ...
- MHA高可用架构部署以及配置(详细)
目录 一.MHA概述 1.简介 2.MHA特点 3.何为高可用 4.故障切换过程 二.MHA高可用架构部署 1.架构图 2. 实验环境:需要四台Centos7服务器 3.实验部署 3.1.master ...
- 自动化运维之k8s——Helm、普罗米修斯、EFK日志管理、k8s高可用集群(未完待续)
一.k8s高可用集群(3.12日课) 几种常见的集群结构 1.堆叠的 etcd 拓扑 2. 外部 etcd 拓扑 3.外部 etcd 拓扑(load balancer = lvs + keepaliv ...
最新文章
- Linux实战教学笔记49:Zabbix监控平台3.2.4(一)搭建部署与概述
- hdu-2209 dfs
- 作者招募 | 加入PaperWeekly,让你的文字被更多人看到
- delete和delete[]的区别
- mysql的c接口_mysql C接口大全
- 正则表达式匹配指定的tr标签
- 智能车制作pdf 王盼宝_智能车制作——从元器件、机电系统、控制算法到完整的智能车设计(Word+PDF+ePub+PPT)...
- 工程测量计算机在线用,工程测量中的计算机编程新技术.doc
- BFGS(Broyden-Fletcher-Goldfarb-Shanno)
- 韦东山:驱动和APP,根本不应该上升到互相鄙视的地步
- Office文档在线编辑
- 从零学Linux第一章——操作系统演变及历史介绍
- QFN封装工艺,QFN封装制程
- TFTP服务器搭建与总结
- Linux字符截取命令-cut
- 习题9-1时间换算:本题要求编写程序,以hh:mm:ss的格式输出某给定时间再过n秒后的时间值(超过23:59:59就从0点开始计时)...
- 百度网盘VIP功能免费用!官方出品的这个文件管理App,太赞了!
- DeFi的困局与变局 |链捕手
- Java打印一个比较好看的表白爱心
- 小程序模板消息改成订阅消息功能开发
热门文章
- 卧槽!被蜜雪冰城洗脑了!
- CodeForces 1153D : Serval and Rooted Tree 树形DP
- 鸿蒙系统手机电脑互传文件,华为手机怎么与电脑互传文件(Huawei Share教程
- 基于Processing的躲避球游戏
- android称重的技术,智能称重系统之智能地磅称解决方案
- VUE3模板,JSX,JSV
- JZOJ 4250. 【五校联考7day1附加题】路径(折半搜索)
- CSP 201809-1 卖菜
- 学科基本结构理论-布鲁纳学习理论
- BootStrap--CSS组件--按钮组(btn-group)