号外号外,後面所有提升視訊都會更新到知乎和B站上去,不會直接發群裡了,哈哈,能看懂這句話的我都認識,大家可以先關注一下,我知乎上的所有文檔也會錄成視訊
更多視訊詳見 楊哥天雲:https://space.bilibili.com/514805677
我馬上就開B站賬号,錄制點兒走心的視訊,呼呼
開始正題
注:因為本次部署在Centos8.1上,Dashboard必須使用2.0-rc6以上版本,rc6以下測試部署不成功
一、Dashboard介紹
Dashboard 是基于網頁的 Kubernetes 使用者界面。您可以使用 Dashboard 将容器應用部署到 Kubernetes 叢集中,也可以對容器應用排錯,還能管理叢集資源。您可以使用 Dashboard 擷取運作在叢集中的應用的概覽資訊,也可以建立或者修改 Kubernetes 資源(如 Deployment,Job,DaemonSet 等等)。例如,您可以對 Deployment 實作彈性伸縮、發起滾動更新、重新開機 Pod 或者使用向導建立新的應用。
二、擷取并修改Yaml檔案
GitHub上目前最新版本是dashboard v2.0.0-rc6
項目位址 https://github.com/kubernetes/dashboard/releases
# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
修改service通過NodePort方式通路K8S Dashboard
# vim recommended.yaml
應用配置檔案
# kubectl apply -f recommended.yaml
檢視pod和service
[[email protected] dashboard1]# kubectl get pod -o wide -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dashboard-metrics-scraper-7b8b58dc8b-29wxq 1/1 Running 0 19m 10.244.2.18 node2 <none> <none>
kubernetes-dashboard-755dcb9575-fj8jl 1/1 Running 0 19m 10.244.1.28 node1 <none> <none>
[[email protected] dashboard1]# kubectl get svc -o wide -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
dashboard-metrics-scraper ClusterIP 10.98.53.94 <none> 8000/TCP 19m k8s-app=dashboard-metrics-scraper
kubernetes-dashboard NodePort 10.109.85.22 <none> 443:30001/TCP 19m k8s-app=kubernetes-dashboard
通路Dashboard 注:通過Chrome、IE、Safari可能無法通路這個頁面,這裡使用火狐通路
火狐浏覽器通路
建立一個dashboard使用者# vim create-admin.yaml
擷取Token
[[email protected] dashboard1]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-z4jp6
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 349285ce-741d-4dc1-a600-1843a6ec9751
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InY5M1pSc3RpejBVZ0x6LTNSbWlCc2t5b01ualNZWnpYMVB5YzUwNmZ3ZmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXo0anA2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIzNDkyODVjZS03NDFkLTRkYzEtYTYwMC0xODQzYTZlYzk3NTEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JtCa0VC7tYtIGLWlwSKUwqSL0T8eRvZ8jk_AUxB4Atmi5PjF9IjAHNNwGS3HaTL3Q86fCI8MvYGf3Eplk9X-n-g9WsrFIxXxa0wGJxZp0d8R78A6vuN7I7Zd5CeQm_O2ycTUuQhYnSZlNplF8X033QOfjOoFnKKevbn2094XXWWZuAsT9haGnZ8BX92DmYzsaMyLesfv7ZziJD80KgSQ8_jtb0n55zw5cedYTsRCZgofJ_o9U5SUW3I0AXG-vVhI28m0sMBjZkuMppfB4eMLnSDH-XAw3Gvwe_2NOLfS4hBTkYu7gJket-gif9Cs8Ybkzvf2qXdZW5fydZUuSylafg
ca.crt: 1025 bytes
namespace: 20 bytes
登入dashboard 登陸後界面 三、使用Dashboard
在Dashboard中,我們之前通過kubectl所做的操作大部分都可以可視化操作
比如
- 可以對Deployment做伸縮
2. 執行指令以及日志追蹤
3. 編輯資源的yaml檔案
4. 導入yaml檔案建立,更新資源等等
你都看到這裡了,不點個贊麼,不關注一下麼,不轉發一下麼
四、自己制作證書
1、删除上面建立的各種資源
# kubectl delete -f create-admin.yaml
# kubectl delete -f dashboard-admin-bind-cluster-role.yaml
# kubectl delete -f recommended.yaml
2、修改recommended.yaml檔案
#因為我們要手動建立名稱空間,把這裡的建立删除掉,不然如果出了錯用yaml删除ns的時候也會把裡面的資源全部删掉
#apiVersion: v1
#kind: Namespace
#metadata:
# name: kubernetes-dashboard
---
#增加直接通路端口
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #增加
ports:
- port: 443
targetPort: 8443
nodePort: 30008 #增加
selector:
k8s-app: kubernetes-dashboard
---
#注釋掉kubernetes-dashboard-certs對象聲明
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
---
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-rc6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
protocol: TCP
args:
#- --auto-generate-certificates ##注釋掉自動生成證書
- --namespace=kubernetes-dashboard
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
# 添加我們自己生成的證書名稱
- --tls-cert-file=/dashboard.crt
- --tls-key-file=/dashboard.key
- --token-ttl=3600
3、建立證書
# mkdir /root/certs
# cd /root/certs/
建立key檔案
# openssl genrsa -out dashboard.key 2048
證書請求
# openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=192.168.1.201'
自簽證書
# openssl x509 -req -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
建立命名空間
# kubectl create namespace kubernetes-dashboard
建立kubernetes-dashboard-certs對象
# kubectl create secret generic kubernetes-dashboard-certs --from-file=/root/certs/dashboard.key --from-file=/root/certs/dashboard.crt -n kubernetes-dashboard
4、安裝 Dashboard
建立賬号綁定權限
# vim create-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
安裝Dashboard
# kubectl create -f ~/recommended.yaml
檢查結果
# kubectl get pods -A -o wide
# kubectl get service -n kubernetes-dashboard -o wide
5、檢視使用者Token
# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
6、通路
五、安裝 metrics-server 插件
1、簡單介紹
Heapster已經被Metrics-Server取代,如果使用Kubernetes的自動擴容功能的話,那首先得有一個插件,然後該插件将收集到的資訊(cpu、memory..)與自動擴容的設定的值進行比對,自動調整pod數量。關于該插件,在kubernetes的早些版本中采用的是heapster,1.13版本正式釋出後,丢棄了heapster,官方推薦采用metrics-sever。
2、下載下傳相關yaml檔案
https://github.com/kubernetes-incubator/metrics-server
[[email protected] ~]# git clone https://github.com/kubernetes-incubator/metrics-server.git
[[email protected] ~]# cd metrics-server/deploy/1.8+/
[[email protected] 1.8+]# ll
總用量 28
-rw-r--r-- 1 root root 384 4月 28 09:46 aggregated-metrics-reader.yaml
-rw-r--r-- 1 root root 308 4月 28 09:46 auth-delegator.yaml
-rw-r--r-- 1 root root 329 4月 28 09:46 auth-reader.yaml
-rw-r--r-- 1 root root 298 4月 28 09:46 metrics-apiservice.yaml
-rw-r--r-- 1 root root 815 4月 28 09:46 metrics-server-deployment.yaml
-rw-r--r-- 1 root root 291 4月 28 09:46 metrics-server-service.yaml
-rw-r--r-- 1 root root 502 4月 28 09:46 resource-reader.yaml
3、修改安裝腳本
vim metrics-server-deployment.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: metrics-server
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: metrics-server
namespace: kube-system
labels:
k8s-app: metrics-server
spec:
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
name: metrics-server
labels:
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: mirrorgooglecontainers/metrics-server-amd64:v0.3.6 # 修改鏡像下載下傳位址
args: # 添加以下内容
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
ports:
- name: main-port
containerPort: 4443
protocol: TCP
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
imagePullPolicy: Always
volumeMounts:
- name: tmp-dir
mountPath: /tmp
5、執行安裝腳本并産看結果
#安裝
[[email protected] 1.8+]# kubectl create -f 。
#1-2分鐘後檢視結果
[[email protected] 1.8+]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master 256m 12% 2002Mi 52%
k8s-node1 103m 5% 1334Mi 34%
k8s-node2 144m 7% 1321Mi 34%
再回到dashboard界面可以看到CPU和記憶體使用情況了
你都看完了,不點個贊麼,不關注一下麼,不轉發一下麼
【大強哥-k8s從入門到放棄01】Kubernetes容器編排入門 - 雲計算大強哥的文章 - 知乎 https://zhuanlan.zhihu.com/p/112963721
Centos8.1部署kubernetes1.17 - 雲計算大強哥的文章 - 知乎 https://zhuanlan.zhihu.com/p/112834020