Kubernetes监控:Dashbaord 2.0.0部署方式
2024-04-24 09:43:42
Kubernetes的Dashboard目前版本已经升至2.0.0-rc3,这篇文章介绍一下如何在Kubernetes 1.17.2中安装此版本的Dashboard。
Dashboard
Github地址
https://github.com/kubernetes/dashboard目前版本:2.0.0-rc3 (2020/1/31)
配置文件
Dashboard的配置文件可以在如下链接中获得:
- https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc3/aio/deploy/recommended.yaml
获取此文件内容,并将其保存为名为dashboard.yml
所需镜像
使用此版本的Dashboard,会用到如下两个镜像:
[root@host131 dashboard]# grep image: dashboard.yml image: kubernetesui/dashboard:v2.0.0-rc3image: kubernetesui/metrics-scraper:v1.0.3
[root@host131 dashboard]#
- Dashboard镜像:kubernetesui/dashboard:v2.0.0-rc3
- kubernetesui/metrics-scraper:v1.0.3
环境准备
本文使用Kubernetes 1.17.2,可参看下文进行快速环境搭建:
- 单机版本或者集群版本环境搭建
[root@host131 ansible]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
192.168.163.131 Ready <none> 3m49s v1.17.2 192.168.163.131 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://19.3.5
[root@host131 ansible]#
事先下载如下两个镜像,可以加快速度
[root@host131 dashboard]# docker images |grep dashboard
kubernetesui/dashboard v2.0.0-rc3 4a0a1cf1b459 29 hours ago 126MB
k8s.gcr.io/kubernetes-dashboard-amd64 v1.10.1 f9aed6605b81 13 months ago 122MB
[root@host131 dashboard]#
修改配置文件:设定NodePort方式,端口设定为33307
32 kind: Service33 apiVersion: v134 metadata:35 labels:36 k8s-app: kubernetes-dashboard37 name: kubernetes-dashboard38 namespace: kubernetes-dashboard39 spec:40 type: NodePort41 ports:42 - port: 44343 targetPort: 844344 nodePort: 3330745 selector:46 k8s-app: kubernetes-dashboard
修改配置文件:修改imagePullPolicy为IfNotPresent
imagePullPolicy: IfNotPresent
创建Dashboard服务
[root@host131 dashboard]# kubectl create -f .
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@host131 dashboard]#
结果确认
[root@host131 dashboard]# kubectl get service -A |grep dashboard
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.254.80.105 <none> 8000/TCP 48s
kubernetes-dashboard kubernetes-dashboard NodePort 10.254.254.214 <none> 443:33307/TCP 48s
[root@host131 dashboard]#
[root@host131 dashboard]# kubectl get pod -A |grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-7b8b58dc8b-dmvqj 1/1 Running 0 59s
kubernetes-dashboard kubernetes-dashboard-98d9ff664-s27v9 1/1 Running 0 59s
[root@host131 dashboard]#
浏览器确认
Chrome浏览器
由于Chrome浏览器在58+之后对于自签名的证书需要在subjectAltName中设定DNS.1,所以缺省下会有如下错误信息提示,注意此种状态下无法继续打开页面了
具体原因和对应方式可参看这篇SSL的基础内容:https://blog.csdn.net/liumiaocn/article/details/103562650
Firefox
使用Firefox还可以继续确认
点击View Certificate可以确认到证书的内容
这里点击Accept Risk and Continue按钮即可看到Dashboard的登录界面
选择token的方式进行登录,具体获得token详细信息的方式可以使用如下两行命令来完成:
步骤1: 获取secret
[root@host131 dashboard]# kubectl -n kubernetes-dashboard get secret
NAME TYPE DATA AGE
default-token-9g8fb kubernetes.io/service-account-token 3 23m
kubernetes-dashboard-certs Opaque 0 23m
kubernetes-dashboard-csrf Opaque 1 23m
kubernetes-dashboard-key-holder Opaque 2 23m
kubernetes-dashboard-token-cvjhq kubernetes.io/service-account-token 3 23m
[root@host131 dashboard]#
步骤2: 获取toekn信息
[root@host131 dashboard]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-cvjhq
Name: kubernetes-dashboard-token-cvjhq
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboardkubernetes.io/service-account.uid: 5d344a06-2efe-4c03-a5b4-cd0c90d4f463Type: kubernetes.io/service-account-tokenData
====
ca.crt: 1359 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikt5aFRwRXR6M1hMLU5GTjg0M0R1LTNfNTZLOVNhVUxZd1BSZW9HNGJrMVEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1jdmpocSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjVkMzQ0YTA2LTJlZmUtNGMwMy1hNWI0LWNkMGM5MGQ0ZjQ2MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.gDRilxWVTYQmVh7MyvgLHpFOIYC8fU2qzscfJnqdPiioGjPeGZ3nE-V7BC7xQN5Ic6eiIe8aG7kFokerm6Y4JHJ9Mmd9E-0ny30Q32csqZePc4WX3_Odc9WqD4bAbaRIwJXeKxKS6MQfcDjaaA_7ziVVtmxgxkyK9i1htrfh62tKuLsPHmh7jrp5yUk3W7I50pUPKQejAXCvz5XQ2KlKwIIGDMonadcgsTaR6T5qcDqB3Q2WS2BA8ZPoEirCWh40WN_RbJxbJcIhb5Ct2UEMp3m2UXn2M9xOoloBemITIlnONH63PlrtHZ_X7R68HlkuQ1qyB6EXxDcr7iQZ9ZVXcg
[root@host131 dashboard]#
然后使用此token信息
可以看到已经登录进来了
但是实际上还是有问题的,在后续的文章中将会进一步展开说明
参考内容:Dashboard配置文件
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.apiVersion: v1
kind: Namespace
metadata:name: kubernetes-dashboard---apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard
type: Opaque---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard
type: Opaque
data:csrf: ""---apiVersion: v1
kind: Secret
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard
type: Opaque---kind: ConfigMap
apiVersion: v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard
rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard
subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.0.0-rc3imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"beta.kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service
apiVersion: v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment
apiVersion: apps/v1
metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard
spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.3ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"beta.kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
参考内容
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/README.md
https://github.com/kubernetes/dashboard
Kubernetes监控:Dashbaord 2.0.0部署方式相关推荐
- CC00255.CloudKubernetes——|KuberNetes中间件容器化及helm.V02|——|中间件.v02|redis.v5.0.4|ratel方式部署|
一.部署Redis到k8s上:通过资源管理创建 ### --- 下载官方redis.conf配置模板: ~~~ 官方地址:[root@k8s-master01 redis]# wget -c http ...
- Easypack: Ansible方式部署工具中升级Dashboard至2.0.0版
在Easypack中提供了多套Kubernetes快速部署的工具,基于Bash脚本和Ansible的,Ansible的方式也有基于K3S和普通的Kubernetes的两种.这篇文章介绍一下普通Kube ...
- 离线方式部署Ambari2.6.0.0
Hadoop生态圈-离线方式部署Ambari2.6.0.0 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 我现在所在的公司用的是CDH管理Hadoop集群,前端时间去面试时发现很多 ...
- Fluent Operator v2.0 发布:Fluent Bit 新的部署方式——Fluent Bit Collector
2019 年 1 月 21 日,KubeSphere 社区为了满足以云原生的方式管理 Fluent Bit 的需求开发了 FluentBit Operator.此后产品不断迭代,在 2021 年 8 ...
- Cat3.0.0监控本地部署+springboot接入cat例子
Cat监控本地部署 说明 目标 前提 cat.war和sql脚本 源码下载 编译 sql脚本----mysql这里就配置完了 部署cat springboot程序接入cat win10本地配置 my- ...
- Kubespray v2.21.0 离线部署 Kubernetes v1.25.6 集群
文章目录 1. 前言 2. 预备条件 3. 配置代理 4. 下载介质 5. 初始化配置 6. 安装部署工具 6.1 配置 venv 部署环境 6.2 配置容器部署环境 7. 配置互信 8. 编写 in ...
- 使用 Sealos + Longhorn 部署 KubeSphere v3.0.0
使用 Sealos + Longhorn 部署 KubeSphere v3.0.0 本文来自 KubeSphere 社区用户 Will,演示如何使用 Sealos + Longhorn 部署一个带有持 ...
- kubernetes(七)项目部署方式:蓝绿部署,灰度发布/金丝雀发布,滚动更新
在项目迭代的过程中,不可避免需要上线进行部署. 目前项目部署的方式有很多种:像重新部署,蓝绿部署,金丝雀部署(灰度部署),滚动更新.本文简单介绍下这些常见的部署方案以及使用k8s怎么进行对应部署 重新 ...
- Kubernetes集群的部署方式及详细步骤
一.部署环境架构以及方式 第一种部署方式 1.针对于 master 节点 将 API Server.etcd.controller-manager.schedule各组件进行 yum install. ...
- VMware VCSA6.0的部署及升级到6.5
VMware vCenter Server Appliance(VCSA) 6.0的部署和之前的版本略有不同,在5.5及之前的版本可以通过导入OVA文件的方式快速部署,但从6.0开始需要在Window ...
最新文章
- Spring Cloud Stream 学习小清单
- 用VC开发串口通信dll控件
- Linux platform总线(1):总体框架
- python—类和对象之浅拷贝和深拷贝详细讲解
- ffmpeg实现摄像头拉流_[FFmpeg] 如何通过实时摄像头帧图片生成 rtmp 直播流?
- 分享珍藏很久的Python学习知识手册
- mybatis获取表名——mybatis动态调用表名和字段名#{},${}
- TensorFlow推出命令式、可定义的运行接口Eager Execution
- 13数据库表空间回收
- Ubuntu下pdf乱码和rar解压后无效文件编码解决方案
- 教务管理系统数据字典mysql_数据库课程设计报告--教务管理系统设计
- 电商产品设计:后台商品管理设计
- windows共享时出现“指定网络名不再可用”解决办法
- 手写一个词云图生成器,可调形状,可调背景颜色,可调字体色系
- hnu 数字电路 实验1.1 异或门
- 背景色和背景图片共存,背景图片覆盖色
- 微信小程序wx:for 循环中item的keng
- python 图表制作及功能化_Python实现从excel读取数据绘制成精美图像
- 虚幻引擎与现代C++:转移语义和右值引用
- 钣金行业mes解决方案,缩短产品在制周期
热门文章
- murmur3 php,murmur: 更快更好的哈希函数
- Encoder-Decoder
- php guzzlehttp,使用Guzzle执行HTTP请求
- 无处安放 (此刻心情)
- C语言试题106之有一对兔子,从出生后第 3 个月起每个月都生一对兔子,小兔子长到第三个月 后每个月又生一对兔子,假如兔子都不死,问每个月的兔子总数为多少?
- PS怎么做抽象流彩油画丙烯画效果
- Java发送QQ邮件的3种形式(commons-email)
- FA-PEG-NHS 叶酸PEG活性酯
- opencv中 idft与 mathlab中 ifft2结果不对应的解决方案
- 4K60帧!RayLink远程控制软件如何帮助设计师远程办公?