Kubernetes集群中部署dashboard
来源:互联网 发布:sql存储过程详细教学 编辑:程序博客网 时间:2024/05/16 11:21
部署 dashboard 插件
下载k8s后的解压缩目录结构:kubernetes/cluster/addons/dashboard
使用的文件:
$ ls *.yamldashboard-controller.yaml dashboard-rbac.yaml dashboard-service.yaml
- 新加了
dashboard-rbac.yaml
文件,定义 dashboard 使用的 RoleBinding。
由于 kube-apiserver
启用了 RBAC
授权,而官方源码目录的 dashboard-controller.yaml
没有定义授权的 ServiceAccount,所以后续访问 kube-apiserver
的 API 时会被拒绝.
解决办法是:定义一个名为 dashboard 的 ServiceAccount,然后将它和 Cluster Role view 绑定。参考下面修改的文件。
dashboard-controller.yaml
apiVersion: extensions/v1beta1kind: Deploymentmetadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcilespec: selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: serviceAccountName: dashboard containers: - name: kubernetes-dashboard image: cokabug/kubernetes-dashboard-amd64:v1.6.0 resources: limits: cpu: 100m memory: 50Mi requests: cpu: 100m memory: 50Mi ports: - containerPort: 9090 livenessProbe: httpGet: path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 tolerations: - key: "CriticalAddonsOnly" operator: "Exists"
dashboard-service.yaml
apiVersion: v1kind: Servicemetadata: name: kubernetes-dashboard namespace: kube-system labels: k8s-app: kubernetes-dashboard kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcilespec: type: NodePort selector: k8s-app: kubernetes-dashboard ports: - port: 80 targetPort: 9090
dashboard-rbac.yaml
apiVersion: v1kind: ServiceAccountmetadata: name: dashboard namespace: kube-system---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1alpha1metadata: name: dashboardsubjects: - kind: ServiceAccount name: dashboard namespace: kube-systemroleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io
配置dashboard-service
$ diff dashboard-service.yaml.orig dashboard-service.yaml10a11> type: NodePort
- 指定端口类型为 NodePort,这样外界可以通过地址 nodeIP:nodePort 访问 dashboard;
配置dashboard-controller
20a21> serviceAccountName: dashboard23c24< image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.6.0---> image: cokabug/kubernetes-dashboard-amd64:v1.6.0
- 使用名为 dashboard 的自定义 ServiceAccount;
执行所有定义文件
$ pwd/home/app/kubernetes/cluster/addons/dashboard$ ls *.yamldashboard-controller.yaml dashboard-rbac.yaml dashboard-service.yaml$ kubectl create -f .$
检查执行结果
查看分配的 NodePort
$ kubectl get services kubernetes-dashboard -n kube-systemNAME CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes-dashboard 10.254.224.130 <nodes> 80:30312/TCP 25s
- NodePort 30312映射到 dashboard pod 80端口;
检查 controller
$ kubectl get deployment kubernetes-dashboard -n kube-systemNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEkubernetes-dashboard 1 1 1 1 3m$ kubectl get pods -n kube-system | grep dashboardkubernetes-dashboard-1339745653-pmn6z 1/1 Running 0 4m
访问dashboard
- kubernetes-dashboard 服务暴露了 NodePort,可以使用
http://NodeIP:nodePort
地址访问 dashboard; - 通过 kube-apiserver 访问 dashboard;
- 通过 kubectl proxy 访问 dashboard:
通过 kubectl proxy访问dashboard
启动代理
$ kubectl proxy --address='10.501.101.41' --port=8086 --accept-hosts='^*$'Starting to serve on 10.501.101.41:8086
- 需要指定
--accept-hosts
选项,否则浏览器访问 dashboard 页面时提示 “Unauthorized”;
浏览器访问 URL:http://10.501.101.41:8086/ui
自动跳转到:http://10.501.101.41:8086/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/#/workload?namespace=default
通过 kube-apiserver 访问dashboard
获取集群服务地址列表
$ kubectl cluster-infoKubernetes master is running at https://10.501.101.41:6443KubeDNS is running at https://10.501.101.41:6443/api/v1/proxy/namespaces/kube-system/services/kube-dnskubernetes-dashboard is running at https://10.501.101.41:6443/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
由于 kube-apiserver 开启了 RBAC 授权,而浏览器访问 kube-apiserver 的时候使用的是匿名证书,所以访问安全端口会导致授权失败。这里需要使用非安全端口访问 kube-apiserver:
浏览器访问 URL:http://10.501.101.41:8080/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard
由于缺少 Heapster 插件,当前 dashboard 不能展示 Pod、Nodes 的 CPU、内存等 metric 图形;
欢迎订阅微信公众号
- Kubernetes集群中部署dashboard
- Kubernetes 1.5部署安装dashboard
- kubernetes集群中部署kube-ui
- kubernetes集群中部署kube-ui
- <转>kubernetes集群中部署kube-ui
- Kubernetes集群中部署Node节点
- Kubernetes集群中部署私有库harbor
- China Azure中部署Kubernetes(K8S)集群
- 在Kubernetes集群中部署Heapster
- Ubuntu16.04多主机集群上手动部署Kubernetes,配置docker私有registry,配置Kubernetes-dashboard WEB ui
- docker kubernetes dashboard安装部署详细介绍
- kubernetes集群部署
- kubernetes-ubuntu集群部署
- 部署kubernetes集群
- Centos7部署Kubernetes集群
- Kubernetes集群部署
- Centos7部署Kubernetes集群
- Centos7部署Kubernetes集群
- 开发常用工具-RGB在线转换
- IRedMail个性化设置
- Python并行计算pp模块实践笔记
- 小猪的C语言快速入门系列(四)
- JSON数据格式学习
- Kubernetes集群中部署dashboard
- ArcGIS API for JavaScript 离线地图调用源码示例功能
- NOIP 模板 跪求大佬们指正错误
- 文章标题
- bootstrap 多重模态框 滚动条消失问题
- sdnu1039
- MP算法与OMP算法
- git命令行常用操作
- Spring Boot 使用 Thymeleaf模板