Dashboard v2.0.0 部署與使用
一、Dashboard的介紹與部署
Dashboard可以給用戶提供一個可視化的 Web 界面來查看當前集羣的各種信息。用戶可以用 Kubernetes Dashboard 部署容器化的應用、監控應用的狀態、執行故障排查任務以及管理 Kubernetes 各種資源。
網址:https://github.com/kubernetes/dashboard
下載部署文件:
[root@server1 limit]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
修改部署文件:
[root@server1 limit]# vim recommended.yaml
需要的鏡像:kubernetesui/metrics-scraper:v1.0.4
,kubernetesui/dashboard:v2.0.0
,可以先下載放到私有倉庫。
應用部署文件:
[root@server1 limit]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看狀態:
[root@server1 limit]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.95.150 <none> 8000/TCP 84s
kubernetes-dashboard ClusterIP 10.99.200.200 <none> 443/TCP 85s
[root@server1 limit]# kubectl describe svc kubernetes-dashboard -n kubernetes-dashboard
Name: kubernetes-dashboard
Namespace: kubernetes-dashboard
Labels: k8s-app=kubernetes-dashboard
Annotations: Selector: k8s-app=kubernetes-dashboard
Type: ClusterIP
IP: 10.99.200.200
Port: <unset> 443/TCP
TargetPort: 8443/TCP
Endpoints: 10.244.0.53:8443
Session Affinity: None
Events: <none>
可以看出service的類型是ClusterIP只能在集羣內部訪問,我們需要將類型修改爲NodePort以便外部訪問:
[root@server1 limit]# kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
service/kubernetes-dashboard edited
更改後再次查看狀態:
[root@server1 limit]# kubectl describe svc kubernetes-dashboard -n kubernetes-dashboard Name: kubernetes-dashboard
Namespace: kubernetes-dashboard
Labels: k8s-app=kubernetes-dashboard
Annotations: Selector: k8s-app=kubernetes-dashboard
Type: NodePort
IP: 10.110.242.11
Port: <unset> 443/TCP
TargetPort: 8443/TCP
NodePort: <unset> 30273/TCP
Endpoints: 10.244.0.53:8443
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
查看這個service的端口:
[root@server1 limit]# kubectl get pod -o wide -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-6b4884c9d5-qmmhd 1/1 Running 0 38s 10.244.0.54 server1 <none> <none>
kubernetes-dashboard-7b544877d5-gm5lx 1/1 Running 0 39s 10.244.0.53 server1 <none>
[root@server1 limit]# kubectl get svc -o wide -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.108.81.73 <none> 8000/TCP 3m28s k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.110.242.11 <none> 443:30273/TCP 3m29s k8s-app=kubernetes-dashboard
可以看出pod運行在server1上,端口爲30273.
在物理機瀏覽器訪問 : https://172.25.63.1:30273
登陸dashboard需要認證,需要獲取dashboard pod的token,查看用於登陸的token:
[root@server1 limit]# kubectl -n kubernetes-dashboard get secrets
NAME TYPE DATA AGE
default-token-k9fbp kubernetes.io/service-account-token 3 5m16s
kubernetes-dashboard-certs Opaque 0 5m15s
kubernetes-dashboard-csrf Opaque 1 5m15s
kubernetes-dashboard-key-holder Opaque 2 5m15s
kubernetes-dashboard-token-stw28 kubernetes.io/service-account-token 3 5m16s
[root@server1 limit]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-stw28
Name: kubernetes-dashboard-token-stw28
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 8bf16bb6-55d0-44ae-a5c6-a1dd561757f7
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ilp5SmtWcG42LUZiMGhaR3Rac3dUT01HQ0RkdFpvaE00ZkNGNnJuend6dmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1zdHcyOCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjhiZjE2YmI2LTU1ZDAtNDRhZS1hNWM2LWExZGQ1NjE3NTdmNyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.d4I9DsC5YV3DC1fG5CtetJB6hUeS2rRAtTXH2W8TvBvhXUe8Ybpvp9kzaBaD2P_G7XC6uDHFiPBVfwQzAuRS5cEVZlV6lVzrDRp20KaFW9IUSOyvj8XPtA99Smbughdc06K9_rLcsaraga02og2tyGXgkdjoSJKlEIVoeFh_ZAkoUJlOkm_p2G5MuW-kM80sqKd1hl0bAXi1vWHdKqgSsS_QONOOFfTM3SQmoReI_3VNPNdppmi58T-C4QxL_lRlFYLOn5IglZLHxG-pl_EqFKEhKNggahIOiuXl5KAz31_jZDK3i1R2VHZO7Vr4yZMMUMn9gH6017isxIwbJUOEiQ
將token複製進去登陸:
登陸進去後發現沒有信息顯示:
默認dashboard對集羣沒有操作權限,需要授權,由於該namespace下面已經有service account了,我們直接進行授權即可:
[root@server1 limit]# kubectl -n kubernetes-dashboard get sa
NAME SECRETS AGE
default 1 8m20s
kubernetes-dashboard 1 8m20s
[root@server1 limit]# vim dashboard-rbac.yaml
[root@server1 limit]# cat dashboard-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin #綁定的是內置的權限最大的集羣角色cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
[root@server1 limit]# kubectl apply -f dashboard-rbac.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
應用後在查看網頁端:
網頁的左側可以選擇namespace,或者pod、node等的狀態。
到此,Dashboard 部署完成。
二、Dashboard的簡單使用
網頁端創建pod
我們來創建一個簡單的pod:
當然也可以使用yaml文件創建。
創建後查看:
[root@server1 limit]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-6b66ddf664-2qf7m 1/1 Running 0 150m
nginx-64bc6d46b9-q62pk 1/1 Running 0 30s
網頁端刪除pod
我們來刪除剛剛創建的pod,由於pod默認由deployment控制器維護,因此我們需要刪除這個控制器以刪除pod:
在主節點查看:
[root@server1 limit]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nfs-client-provisioner-6b66ddf664-2qf7m 1/1 Running 0 152m
可以看出已經被刪除。