king

Kubernetes Dashboard 2.10 尝鲜记

king 运维技术 2022-11-07 433浏览 0

Kubernetes Dashboard 2.10 尝鲜记

简介

Kubernetes Dashboard 是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身。最近推出了 v2.1.0 版本,这里在 Kubernetes 中部署一下,尝试看看新版本咋样。

兼容性

Kubernetes版本 1.17 1.18 1.19 1.20
兼容性
  • ✕ 不支持的版本范围。
  • ✓ 完全支持的版本范围。
  • ? 由于Kubernetes API 版本之间的重大更改,某些功能可能无法在仪表板中正常运行。

部署 Kubernetes Dashboard

注意:如果 "kube-system" 命名空间已经存在 Kubernetes-Dashboard 相关资源,请换成别的 Namespace。

系统环境

  • Kubernetes 版本:1.20.1
  • kubernetes-dashboard 版本:v2.1.0

部署文件

完整部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.1.0-deploy

1、Dashboard RBAC

创建 Dashboard RBAC 部署文件

k8s-dashboard-rbac.yaml

apiVersion:v1
kind:ServiceAccount
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard
namespace:kube-system
---
apiVersion:rbac.authorization.k8s.io/v1
kind:Role
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard
namespace:kube-system
rules:
-apiGroups:[""]
resources:["secrets"]
resourceNames:["kubernetes-dashboard-key-holder","kubernetes-dashboard-certs","kubernetes-dashboard-csrf"]
verbs:["get","update","delete"]
-apiGroups:[""]
resources:["configmaps"]
resourceNames:["kubernetes-dashboard-settings"]
verbs:["get","update"]
-apiGroups:[""]
resources:["services"]
resourceNames:["heapster","dashboard-metrics-scraper"]
verbs:["proxy"]
-apiGroups:[""]
resources:["services/proxy"]
resourceNames:["heapster","http:heapster:","https:heapster:","dashboard-metrics-scraper","http:dashboard-metrics-scraper"]
verbs:["get"]
---
apiVersion:rbac.authorization.k8s.io/v1
kind:ClusterRole
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard
rules:
-apiGroups:["metrics.k8s.io"]
resources:["pods","nodes"]
verbs:["get","list","watch"]
---
apiVersion:rbac.authorization.k8s.io/v1
kind:RoleBinding
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard
namespace:kube-system
roleRef:
apiGroup:rbac.authorization.k8s.io
kind:Role
name:kubernetes-dashboard
subjects:
-kind:ServiceAccount
name:kubernetes-dashboard
namespace:kube-system
---
apiVersion:rbac.authorization.k8s.io/v1
kind:ClusterRoleBinding
metadata:
name:kubernetes-dashboard
namespace:kube-system
roleRef:
apiGroup:rbac.authorization.k8s.io
kind:ClusterRole
name:kubernetes-dashboard
subjects:
-kind:ServiceAccount
name:kubernetes-dashboard
namespace:kube-system

部署 Dashboard RBAC

$kubectlapply-fk8s-dashboard-rbac.yaml

2、创建 ConfigMap、Secret

创建 Dashboard Config & Secret 部署文件

k8s-dashboard-configmap-secret.yaml

apiVersion:v1
kind:Secret
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard-certs
namespace:kube-system
type:Opaque
---
apiVersion:v1
kind:Secret
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard-csrf
namespace:kube-system
type:Opaque
data:
csrf:""
---
apiVersion:v1
kind:Secret
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard-key-holder
namespace:kube-system
type:Opaque
---
kind:ConfigMap
apiVersion:v1
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard-settings
namespace:kube-system

部署 Dashboard Config & Secret

$kubectlapply-fk8s-dashboard-configmap-secret.yaml

3、kubernetes-dashboard

创建 Dashboard Deploy 部署文件

k8s-dashboard-deploy.yaml

##DashboardService
kind:Service
apiVersion:v1
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard
namespace:kube-system
spec:
type:NodePort
ports:
-port:443
nodePort:30001
targetPort:8443
selector:
k8s-app:kubernetes-dashboard
---
##DashboardDeployment
kind:Deployment
apiVersion:apps/v1
metadata:
labels:
k8s-app:kubernetes-dashboard
name:kubernetes-dashboard
namespace:kube-system
spec:
replicas:1
revisionHistoryLimit:10
selector:
matchLabels:
k8s-app:kubernetes-dashboard
template:
metadata:
labels:
k8s-app:kubernetes-dashboard
spec:
serviceAccountName:kubernetes-dashboard
containers:
-name:kubernetes-dashboard
image:kubernetesui/dashboard:v2.1.0
securityContext:
allowPrivilegeEscalation:false
readOnlyRootFilesystem:true
runAsUser:1001
runAsGroup:2001
ports:
-containerPort:8443
protocol:TCP
args:
---auto-generate-certificates
---namespace=kube-system#设置为当前部署的Namespace
resources:
limits:
cpu:1000m
memory:512Mi
requests:
cpu:1000m
memory:512Mi
livenessProbe:
httpGet:
scheme:HTTPS
path:/
port:8443
initialDelaySeconds:30
timeoutSeconds:30
volumeMounts:
-name:kubernetes-dashboard-certs
mountPath:/certs
-name:tmp-volume
mountPath:/tmp
-name:localtime
readOnly:true
mountPath:/etc/localtime
volumes:
-name:kubernetes-dashboard-certs
secret:
secretName:kubernetes-dashboard-certs
-name:tmp-volume
emptyDir:{}
-name:localtime
hostPath:
type:File
path:/etc/localtime
tolerations:
-key:node-role.kubernetes.io/master
effect:NoSchedule

部署 Dashboard Deploy

$kubectlapply-fk8s-dashboard-deploy.yaml

4、创建 kubernetes-metrics-scraper

创建 Dashboard Metrics 部署文件

k8s-dashboard-metrics.yaml

##DashboardMetricsService
kind:Service
apiVersion:v1
metadata:
labels:
k8s-app:dashboard-metrics-scraper
name:dashboard-metrics-scraper
namespace:kube-system
spec:
ports:
-port:8000
targetPort:8000
selector:
k8s-app:dashboard-metrics-scraper
---
##DashboardMetricsDeployment
kind:Deployment
apiVersion:apps/v1
metadata:
labels:
k8s-app:dashboard-metrics-scraper
name:dashboard-metrics-scraper
namespace:kube-system
spec:
replicas:1
revisionHistoryLimit:10
selector:
matchLabels:
k8s-app:dashboard-metrics-scraper
template:
metadata:
labels:
k8s-app:dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod:'runtime/default'
spec:
serviceAccountName:kubernetes-dashboard
containers:
-name:dashboard-metrics-scraper
image:kubernetesui/metrics-scraper:v1.0.6
securityContext:
allowPrivilegeEscalation:false
readOnlyRootFilesystem:true
runAsUser:1001
runAsGroup:2001
ports:
-containerPort:8000
protocol:TCP
resources:
limits:
cpu:1000m
memory:512Mi
requests:
cpu:1000m
memory:512Mi
livenessProbe:
httpGet:
scheme:HTTP
path:/
port:8000
initialDelaySeconds:30
timeoutSeconds:30
volumeMounts:
-mountPath:/tmp
name:tmp-volume
-name:localtime
readOnly:true
mountPath:/etc/localtime
volumes:
-name:tmp-volume
emptyDir:{}
-name:localtime
hostPath:
type:File
path:/etc/localtime
nodeSelector:
"beta.kubernetes.io/os":linux
tolerations:
-key:node-role.kubernetes.io/master
effect:NoSchedule

部署 Dashboard Metrics

$kubectlapply-fk8s-dashboard-metrics.yaml

5、创建访问的 ServiceAccount

创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板。

创建 Dashboard ServiceAccount 部署文件

k8s-dashboard-token.yaml

kind:ClusterRoleBinding
apiVersion:rbac.authorization.k8s.io/v1
metadata:
name:admin
annotations:
rbac.authorization.kubernetes.io/autoupdate:"true"
roleRef:
kind:ClusterRole
name:cluster-admin
apiGroup:rbac.authorization.k8s.io
subjects:
-kind:ServiceAccount
name:admin
namespace:kube-system
---
apiVersion:v1
kind:ServiceAccount
metadata:
name:admin
namespace:kube-system
labels:
kubernetes.io/cluster-service:"true"
addonmanager.kubernetes.io/mode:Reconcile

部署访问的 ServiceAccount

$kubectlapply-fk8s-dashboard-token.yaml

获取 Token

$kubectldescribesecret/$(kubectlgetsecret-nkube-system|grepadmin|awk'{print$1}')-nkube-system

token:

Kubernetes Dashboard 2.10 尝鲜记

登录新版本 Dashboard 查看

本人的 Kubernetes 集群地址为”192.168.2.11”并且在 Service 中设置了 NodePort 端口为 30001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址:https://192.168.2.11:30001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard。

Kubernetes Dashboard 2.10 尝鲜记

跟上一个版本比较,整体资源的显示位置,增加对 1.20 版本的支持等:

Kubernetes Dashboard 2.10 尝鲜记

部署 Metrics Server 为 Dashboard 提供指标数据

Dashboard 已经部署完成,不过登录 Dashboard 后可以看到:

Kubernetes Dashboard 2.10 尝鲜记

这些栏数据显示都是空,这是由于 Dashboard 的指标部署需要从 Metrics Server 中获取,Dashboard 该版本另一个组件 kubernetes-metrics-scraper 就是用于从 Metrics Server 获取指标的适配器。之前我们已经部署 kubernetes-metrics-scraper 组件,接下来只要再部署 Metrics Server 组件就能获取系统指标数据,供 Dashboard 绘制图形,部署 Metrics Server 可以

转载请注明:IT运维空间 » 运维技术 » Kubernetes Dashboard 2.10 尝鲜记

你可能喜欢:
继续浏览有关 系统运维 的文章
发表评论
最新文章
热门文章
热评文章
Powered By Z-BlogPHP Theme By B5编程