K8s dashboard

 

修改權限kubernetes-dashboard.yaml 中的權限設置：

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding #1RoleBinding修改爲ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io  
  kind: ClusterRole   # 替換爲 ClusterRole   
  name: cluster-admin # 替換爲 cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

獲取token

在master節點下執行命令

kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token

訪問地址

 必須https:// IP:端口    同時必須是在firefox瀏覽器下才支持的

認證有兩種方式：

• 通過我們剛剛獲取的token直接認證

• 通過Kubeconfig文件認證
  只需要在kubeadm生成的admin.conf文件末尾加上剛剛獲取的token就好了。

  - name: kubernetes-admin
    user:
      client-certificate-data: xxxxxxxx
      client-key-data: xxxxxx
      token: "在這裏加上token"

監控組件Heapster的安裝

1.下載官方提供的yaml文件

# 新建文件夾，用於存放 Heapster 部署所需的 yaml 文件mkdir heapster


cd heapster# 獲取相關 yaml 文件wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml

注意需要修改yaml文件中的鏡像的地址

2.修改 heaspster.yaml的文件

spec:
  replicas: 1
  selector:
      matchLabels:
        k8s-app: heapster
  template:
    metadata:
      labels:
        task: monitoring
        k8s-app: heapster
    spec:
      serviceAccountName: heapster
      containers:
      - name: heapster
        # image: k8s.gcr.io/heapster-amd64:v1.5.4 將默認google的官方鏡像替換爲阿里雲鏡像，否則你懂得
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/heapster-amd64:v1.5.4
        command:
        - /heapster
        - --source=kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true ## 此處 如果使用kubeadmn 安裝一定要改一下端口

####################
heapster 啓動參數說明：
    inClusterConfig - Use kube config in service accounts associated with Heapster's namespace. (default: true)
    kubeletPort - kubelet port to use (default: 10255)
    kubeletHttps - whether to use https to connect to kubelets (default: false)
    insecure - whether to trust Kubernetes certificates (default: false)
    auth - client auth file to use. Set auth if the service accounts are not usable.
    useServiceAccount - whether to use the service account token if one is mounted at /var/run/secrets/kubernetes.io/serviceaccount/token (default: false)

3. 直接部署yaml

kubectl create -f .

4. 可能出現heapster的收集不到數據的過程 此處是權限不足的問題

修改ClusterRole: system:heapster的權限:

1. 查看system:heapster yaml格式, 保存爲 heapster-clusterrole.yaml

yaml

 

[root@node01 heapster-yaml]# kubectl get clusterrole system:heapster -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"rbac.authorization.kubernetes.io/autoupdate":"true"},"labels":{"kubernetes.io/bootstrapping":"rbac-defaults"},"name":"system:heapster","namespace":""},"rules":[{"apiGroups":[""],"resources":["events","namespaces","nodes","pods","nodes/stats"],"verbs":["create","get","list","watch"]},{"apiGroups":["extensions"],"resources":["deployments"],"verbs":["get","list","watch"]}]}
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: 2018-08-26T02:26:14Z
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:heapster
  resourceVersion: "139000"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/system%3Aheapster
  uid: 67ef3689-a8d7-11e8-a891-000c29b52823
rules:
- apiGroups:
  - ""
  resources:
  - events
  - namespaces
  - nodes
  - pods
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - deployments
  verbs:
  - get
  - list
  - watch

 

2. 添加Resource: nodes/stats的create權限，並執行 kubectl apply -f heapster-clusterrole.yaml

yaml

 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:heapster
rules:
- apiGroups:
  - ""
  resources:
  - events
  - namespaces
  - nodes
  - pods
  - nodes/stats
  verbs:
  - create
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - deployments
  verbs:
  - get
  - list
  - watch

3. 刪除heapster重新部署

　　kubectl delete -f heapster.yaml

　　kubectl apply -f heapster.yaml

可視化 - Gafana 面板

修改
 前面省略，最後幾行改爲如下內容
  ports:
  - port: 80
    targetPort: 3000
    nodePort: 31112
  selector:
    k8s-app: grafana  
  type: NodePort

#######################
2、訪問 Grafana

地址：http://<Your-IP>:31112/
注意：此處是 http 不是 https