k8s部署Kubernetes-Dashboard v2.0

k8s部署Kubernetes-Dashboard v2.0

Scroll Down

简介

Kubernetes Dashboard 是 Kubernetes 集群的基于 Web 的通用 UI,它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身,这个项目在 Github 已经有半年多不更新了,最近推出了 v2.0.0 版本,这里在 Kubernetes 中部署一下

部署 Kubernetes Dashboard

Dashboard RBAC

[root@k8s01 dashboard]# vim k8s-dashboard-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system
    
[root@k8s01 dashboard]# kubectl apply -f k8s-dashboard-rbac.yaml

创建 ConfigMap、Secret

[root@k8s01 dashboard]# vim k8s-dashboard-configmap-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kube-system
type: Opaque
data:
  csrf: ""
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kube-system
type: Opaque
---
kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kube-system

[root@k8s01 dashboard]# kubectl apply -f k8s-dashboard-configmap-secret.yaml
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created

kubernetes-dashboard

[root@k8s01 dashboard]# vim k8s-dashboard-deploy.yaml
## Dashboard Service
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      nodePort: 30001
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
---
## Dashboard Deployment
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      serviceAccountName: kubernetes-dashboard
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.0.3
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kube-system          #设置为当前部署的Namespace
          resources:
            limits:
              cpu: 1000m
              memory: 512Mi
            requests:
              cpu: 1000m
              memory: 512Mi
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
            - name: tmp-volume
              mountPath: /tmp
            - name: localtime
              readOnly: true
              mountPath: /etc/localtime
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
        - name: localtime
          hostPath:
            type: File
            path: /etc/localtime
            
[root@k8s01 dashboard]# kubectl apply -f k8s-dashboard-deploy.yaml
service/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created 

创建 kubernetes-metrics-scraper

[root@k8s01 dashboard]# vim k8s-dashboard-metrics.yaml
## Dashboard Metrics Service
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kube-system
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper
---
## Dashboard Metrics Deployment
kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      serviceAccountName: kubernetes-dashboard
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.4
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
          ports:
            - containerPort: 8000
              protocol: TCP
          resources:
            limits:
              cpu: 1000m
              memory: 512Mi
            requests:
              cpu: 1000m
              memory: 512Mi
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          - name: localtime
            readOnly: true
            mountPath: /etc/localtime
      volumes:
        - name: tmp-volume
          emptyDir: {}
        - name: localtime
          hostPath:
            type: File
            path: /etc/localtime
            
[root@k8s01 dashboard]# kubectl apply -f k8s-dashboard-metrics.yaml
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created 

创建访问的 ServiceAccount

创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板

[root@k8s01 dashboard]# vim k8s-dashboard-token.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
    
[root@k8s01 dashboard]# kubectl apply -f k8s-dashboard-token.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin created
serviceaccount/admin created    

#获取token
kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system

登录新版本 Dashboard 查看

Kubernetes 集群地址为”192.168.200.x”并且在 Service 中设置了 NodePort 端口为 30001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址https://192.168.200.x:30001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard
dashbord1.png
跟上一个版本比较,整体风格更加简洁,并且,可以感受到的是这个页面比以前访问速度更加快速(估计是加了缓存),除了之外还增加了:

  • 新增黑色主题
  • 新增对CRD的管理
  • 新增对集群角色的编辑
  • 新增对 kubernetes 对象以 yaml 格式进行编辑
  • 修改集群资源指标的监控监控信息以及看板样式
    dashbord2.png

部署 Metrics Server 为 Dashboard 提供指标数据

Dashboard 已经部署完成,不过登录 Dashboard 后可以看到
dashbord3.png
这些栏数据显示都是空,这是由于 Dashboard 的指标部署需要从 Metrics Server 中获取,Dashboard 该版本另一个组件 kubernetes-metrics-scraper 就是用于从 Metrics Server 获取指标的适配器,之前我们已经部署 kubernetes-metrics-scraper 组件,接下来只要再部署 Metrics Server 组件就能获取系统指标数据,供 Dashboard 绘制图形,部署 Metrics Server 可以参考:

当按照上面部署完成后,等一段时间,再刷新 Dashboard 界面,可以观察到如下界面:
dashbord4.png
dashbord5.png