搭建K8S dashboard
2024-05-14 15:06:39
书接上文:Centos7.9 从0到1搭建 K8S集群_u011663693的博客-CSDN博客本文记录自己从新建的centos7.9虚拟机搭建K8S集群的心路历程
https://blog.csdn.net/u011663693/article/details/125319486?spm=1001.2014.3001.5502
还需要搭建k8s dashboard,方便查看集群指标。
一、编辑生成dashboard.yaml文件
cat >> dashboard.yaml << EOFapiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---
apiVersion: v1
kind: ServiceAccount
metadata:name: kubernetes-dashboard-adminnamespace: kube-system---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: kubernetes-dashboard-admin
subjects:- kind: ServiceAccountname: kubernetes-dashboard-adminnamespace: kube-system
roleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.io---
kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 31443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.3.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.6ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}EOF二、创建dashboard的Pod,获取登陆dashboard的token
# 执行yaml文件
kubectl apply -f dashboard.yaml
# 查看dashboard的svc是否正常
kubectl get svc --all-namespaces正常启动的话,如下:
获取token,复制sa为kubernetes-dashboard-admin的token出来使用
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-admin | awk '{print $1}')
三、登陆dashboard
浏览器访问master节点的31443端口:https://192.168.0.240:31443,输入token,进入dashboard页面。
注意:访问doshboard页面时,因为没有安全证书,所以https是不受信的。会出现如下:
出现这种情况,我们可以考虑开放dashboard的80端口,或者粗暴绕过chrome浏览器的安全验证,或者自己去配置ingress去配置证书。
解决方案1:粗暴绕过chrome的检验。直接鼠标点击上述页面的空白处后,直接英文键盘直接敲“thisisunsafe”这个神秘代码即可绕开校验,直接访问dashboard登陆页面。
解决方案2:开放dashboard的9090端口。如下:重点在增加了9090端口开放、注释 # - --auto-generate-certificates。(代码的26-34行)
# 修改dashboard的deployment,增加9090端口开放
---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.3.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPname: https- containerPort: 9090protocol: TCPname: httpargs:# - --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule修改doshboard的Service。(代码的10-18行)
kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:type: NodePortports:- port: 443targetPort: 8443nodePort: 31443name: https- port: 80targetPort: 9090nodePort: 39090name: httpselector:k8s-app: kubernetes-dashboard修改完之后,先delete dashboard,再重新创建即可。
kubectl delete -f dashboard.yaml
kubectl apply -f dashboard.yaml访问:http://192.168.0.240:39090即可
~~完结撒花
搭建K8S dashboard相关推荐
- 搭建K8S 的dashboard的坑the server could not find the requested resource
搭建K8S 的dashboard的时候显示404 the server could not find the requested resource 如图所示 然后日志文件 是这个样子的 Oct 17 ...
- 【k8s系列】一分钟搭建MicroK8s Dashboard
本文基于上一篇文章的内容进行Dashboard搭建,如果没有看过上一篇的同学请先查阅上一篇文章 k8s系列]使用MicroK8s 5分钟搭建k8s集群含踩坑经验 使用MicroK8s搭建Dashboa ...
- Hyper-v搭建K8s v1.18.6 单主集群环境(包括dashboard)
一.配置基本环境: 环境配置: Windows 10 Hyper-V虚拟化: 创建3个虚拟机(CentOS Linux release 7.8),1个用于master节点,2个用于work节点:mas ...
- 『中级篇』Minikube快速搭建K8S单节点环境(61)
原创文章,欢迎转载.转载请注明:转载自IT人故事会,谢谢! 原文链接地址:『中级篇』Minikube快速搭建K8S单节点环境(61) 去介绍k8s的集群安装,本地搭建一个k8s的集群. 不会科学上网的 ...
- 简单三分钟,本地搭建k8s
使用 minikube 在本地搭建 k8s 已经比以前要简单很多了.本文,我们通过简短的三分钟来重现一下在本地搭建 k8s 实验环境的步骤. 下载 Minikube 首先,你可能会考虑从官网下载 mi ...
- Kubernetes教程之跟着官方文档从零搭建K8S
本文将带领读者一起, 参照着 Kubernetes 官方文档,对其安装部署进行讲解.Kubernetes更新迭代很快,书上.网上等教程可能并不能适用于新版本,但官方文可以. Kubernetes 教程 ...
- Kubeadm 快速搭建 k8s v1.24.1 集群(openEuler 22.03 LTS)
kubeadm 简介 kubeadm 是 Kubernetes(以下简称 k8s)官方提供的用于快速安装部署 k8s 集群的工具,伴随 k8s 每个版本的发布都会同步更新,kubeadm 会对集群配置 ...
- k8s master ping不通node_搭建k8s可用集群
k8s诞生于2014年,google出品,如今已经是0202年了,站在岸上学不会游泳,还不搭建个k8s集群来玩玩吗? 机器准备 三台位于国外的服务器 (1)k8s的相关组件官方镜像在国外,国外的服务器 ...
- 搭建K8s集群(二进制方式)-搭建步骤介绍
使用二进制方式搭建K8S集群 注意 [暂时没有使用二进制方式搭建K8S集群,因此本章节内容不完整... 欢迎小伙伴能补充~] 准备工作 在开始之前,部署Kubernetes集群机器需要满足以下几个条件 ...
最新文章
- LeetCode 1 两数之和
- Python处理mat文件的三种方式
- C语言malloc动态分配内存分配失败怎么办?exit(OVERFLOW);(include <cstdlib>)
- 将计算机设置成交换机主机名,CISCO2950交换机的配置(设置密码、IP地址、主机名)...
- Apache Camel 2.14中的更多指标
- CUDA学习(六十五)
- 数据双向绑定_手写 Vue3 数据双向绑定 理解Proxy
- oracle sql2000,sql2000的代码改成oracle的
- JNIWrapper控件发布v3.8.4版本
- cannot resolve symbol什么意思_JavaScript异步编程实现之一:Promise对象是什么?对resolve理解...
- python 秘钥_python – 使用ssh密钥加密和解密密码
- HUB、Switch、Router在OSI模型层次信息
- 识别视频文件夹,listview
- 教你如何找到线程插入式木马
- 解除谷歌浏览器默认禁止音频自动播放
- librosa.stft的输出
- js计算时间差,包括计算,天,时,分,秒
- 语法练习:left2
- 今天心情好,给各位免费呈上200兆SVN代码服务器一枚,不谢!
- Redis安装与使用