k8s dashboard pod方式部署
- 編寫yaml文件
- 創建pod
- 瀏覽器打開webui
編寫yaml文件
# cat dashboard.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
# Keep the name in sync with image version and
# gce/coreos/kube-manifests/addons/dashboard counterparts
name: kubernetes-dashboard-latest
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
version: latest
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: kubernetes-dashboard
image: huanwei/kubernetes-dashboard-amd64:latest
resources:
# keep request = limit to keep this container in guaranteed class
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi
ports:
- containerPort: 9090
args:
- --apiserver-host=http://192.168.6.150:8080
livenessProbe:
httpGet:
path: /
port: 9090
initialDelaySeconds: 30
timeoutSeconds: 30
---
kind: Service
metadata:
name: kubernetes-dashboard
namespace: kube-system
labels:
k8s-app: kubernetes-dashboard
kubernetes.io/cluster-service: "true"
spec:
type: NodePort
selector:
k8s-app: kubernetes-dashboard
ports:
- port: 80
targetPort: 9090
其中- –apiserver-host=http://192.168.6.45:8080 爲master的ip,此處不能使用主機名稱【如果非要用就要在所有的節點添加host,因爲部署pod的時候不知道會分配到哪一個node】
創建pod
# kubectl create -f dashboard.yaml
deployment "kubernetes-dashboard-latest" created
service "kubernetes-dashboard" created
如上代碼顯示則創建成功
瀏覽器打開webui
==,ip、端口 我都不知道怎麼知道webui的地址?so 命令查看pod是部署在哪一臺node上,
# kubectl get pods --namespace=kube-system
No resources found.
悲劇,創建pod 失敗了,
那怎麼查看kube日誌?
如果 kubernetes 的啓動參數中有 –logtostderr=true 表示使用 systemd 接管 kubernetes 的輸出,可以用 journalctl 查看
在Linux系統上systemd系統來管理kubernetes服務,並且journal系統會接管服務程序的輸出日誌,可以通過systemctl status 或journalctl -u -f來查看kubernetes服務的日誌。
其中kubernetes組件包括:
k8s組件 | 涉及日誌內容 |
---|---|
kube-apiserver | |
kube-controller-manager | Pod擴容相關或RC相關 |
kube-scheduler | Pod擴容相關或RC相關 |
kubelet | Pod生命週期相關:創建、停止等 |
etcd |
轉自博客 http://blog.csdn.net/huwh_/article/details/71308301
# journalctl -u kube-controller-manager | tail
FailedCreate' Error creating: No API token found for service account "default", retry after the token is automatically created and added to the service account
通過上面錯誤信息得知失敗原因 身份認證
解決的方法有兩種 跳過認證 和 添加認證,
參考博客 http://blog.csdn.net/jinzhencs/article/details/51435020
本次採用跳過認證來解決,修改/etc/kubernetes/apiserver
# cat /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# Add your own!
KUBE_API_ARGS=""
KUBE_ADMISSION_CONTROL 去掉 ServiceAccount 我前面一篇 搭建k8s集羣的博客中有提到過。
重啓master再執行一次第二步。
查看pod明細
# kubectl describe service/kubernetes-dashboard --namespace="kube-system"
Name: kubernetes-dashboard
Namespace: kube-system
Labels: k8s-app=kubernetes-dashboard
kubernetes.io/cluster-service=true
Selector: k8s-app=kubernetes-dashboard
Type: NodePort
IP: 10.254.235.156
Port: <unset> 80/TCP
NodePort: <unset> 31081/TCP
Endpoints: 172.17.26.2:9090
Session Affinity: None
No events.
在 node中執行docker ps,查看進程存在哪個node上
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
62630e335fc1 huanwei/kubernetes-dashboard-amd64:latest "/dashboard --port=90" About a minute ago Up About a minute k8s_kubernetes-dashboard.44479d71_kubernetes-dashboard-latest-2748740746-dj9m0_kube-system_a0cfa399-b218-11e7-a8b9-080027cd4201_90a07124
90f1a6ddaa03 registry.access.redhat.com/rhel7/pod-infrastructure:latest "/usr/bin/pod" About a minute ago Up About a minute k8s_POD.28c50bab_kubernetes-dashboard-latest-2748740746-dj9m0_kube-system_a0cfa399-b218-11e7-a8b9-080027cd4201_bd775cdb
故訪問地址爲:
http://node2:31081/#/workload?namespace=default
每次重啓 ip和端口都會改變,怎麼能用固定地址訪問?
在我的另外一篇博客使用ingress 暴露服務會提及