Kubernetes之Dashboard
- 1 安裝步驟
-
- 1.1 安裝說明
- 1.2 安裝步驟
- 1.3 建立令牌
- 2 功能總覽
-
- 2.1 檢視叢集資訊
- 2.2 檢視名稱空間
- 2.3 定義自定義資源
- 2.4 Dashboard設定
- 3 常用功能
-
- 3.1 Pod的規模縮放
- 3.2 Pod的版本修改
- 3.3 Pod的執行日志
- 3.4 Pod的内部執行
- 3.5 Service的配置修改
1 安裝步驟
1.1 安裝說明
- 叢集說明:部落客在 基于CentOS 7.6安裝Kubernetes 1.18.0單Master節點叢集 這篇文章中部署了一個由單個Master節點和兩個Worker節點組成的K8S叢集,本文就是在該叢集中安裝和使用Dashboard。需要注意的是:Dashboard的安裝操作需要在Master節點上完成,本文使用的叢集的 Master節點的IP位址是 192.168.1.169。
- 版本說明:
軟體 版本 CentOS 7.6.1810 Kubernetes 1.18.0 Dashboard 2.0.0-rc7
1.2 安裝步驟
- 官方文檔:本文參考了 Dashboard的官網文檔 ,并在官方文檔的基礎之上進行了細微的修改(本文中會指出修改的地方)。
- 部署檔案:Dashboard的安裝是基于部署yaml檔案來完成的,是以使用者需要先在Master節點中建立一個名稱為 dashboard.yaml 的部署檔案(檔案名稱可以自定),檔案内容如下所示:
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 32100 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kubernetes-dashboard type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboard type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard rules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard rules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-rc7 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.4 ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume emptyDir: {}
- 修改說明:上述部署檔案的内容與 Dashboard官網的部署參考檔案 的内容基本上是一緻的,隻是對名稱為 kubernetes-dashboard 的這個Service的配置進行了修改:增加了type: NodePort 的配置,指定了基于NodePort的服務發現方式,增加了 nodePort: 32100的配置,指定了通過主機的32100端口号來通路Dashboard服務。 之是以要進行這樣的修改,是為了後面能夠基于端口号來友善的通路Dashboard服務。注意:上面的 dashboard.ymal 檔案中的内容已經是修改後的内容了。
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort # 指定服務發現方式 ports: - port: 443 targetPort: 8443 nodePort: 32100 # 指定通過主機的32100端口來通路Dashboard selector: k8s-app: kubernetes-dashboard
- 執行部署:在Master節點的kubectl指令行工具中執行以下指令,即可部署Dashboard,執行結果如下圖所示。
kubectl apply -f dashboard.yaml
- 通路Dashboard:Dashboard部署成功之後,就可以通路Dashboard了,因為本文是基于NodePort的方式來通路Dashboard服務的,是以使用者可以直接在主控端的浏覽器中通路 https://Master主機IP位址:32100 ,如果通路結果如下圖所示,顯示出了Dashboard的使用者認證頁面,則表示Dashboard部署成功。注意:一定要使用https協定。
https://192.168.1.169:32100 # 注意把 192.168.1.169 換成讀者自己的Master節點的IP位址
- 使用者認證方式:從上面的Dashboard使用者認證頁面可以看出,Dashboard支援基于 Token(即令牌)的認證方式和基于 Kubeconfig 的認證方式,我們這裡選擇基于 Token 的認證方式,是以需要先建立 Token (見1.3小節),然後再使用建立的 Token 來進行使用者認證。
1.3 建立令牌
- 部署檔案:建立令牌之前,需要先建立一個Dashboard登入賬戶,并且指定這個登入賬戶的角色,是以,需要先在Master節點中建立一個名稱為 dashboard-account.yaml 的部署檔案(檔案名稱可以自定),該部署檔案用于定義登入賬戶和指定該登入賬戶的角色,檔案内容如下所示:
apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dashboard-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kubernetes-dashboard
- 執行部署:在Master節點的kubectl指令行工具中執行以下指令,執行成功即可建立一個名稱為dashboard-admin的登入賬戶,并指定該登入使用者的角色,執行結果如下圖所示:
kubectl apply -f dashboard-account.yaml
- 擷取令牌:登入賬戶建立成功之後,即可以擷取該登入賬戶的登入令牌了,在Master節點的kubectl指令行工具中執行以下指令即可擷取令牌,執行結果如下圖所示。注意:請儲存好建立的令牌,以後每次登入Dashboard時,都需要使用該令牌。
- 登入Dashboard:把上一步中生成的 Token 的值粘貼到 Dashboard 使用者認證頁面的 token 輸入框中,即可登入到 Dashboard 首頁,結果如下圖所示。
2 功能總覽
2.1 檢視叢集資訊
- 檢視叢集資訊:在Dashboard中可以檢視叢集的詳情資訊,包括叢集的角色資訊、名稱空間資訊、節點資訊、持久化卷的資訊、存儲類資訊,還可以對這些資源資訊執行編輯和删除的操作。
2.2 檢視名稱空間
- 檢視名稱空間:一個K8S叢集中可能會被分為多個不同的名稱空間,而不同的名稱空間下的各種資源會互相隔離,在Dashboard中可以檢視各個名稱空間下的各種資源和作業的資訊,包括作業資訊、服務發現和負載均衡資訊、配置和存儲資訊,還可以對這些資源資訊執行規模、執行、編輯、删除等操作。
2.3 定義自定義資源
- 定義自定義資源:在Dashboard中可以自定義K8S叢集的自定義資源資訊,以及對這些資源資訊執行固定、編輯、删除等操作。
2.4 Dashboard設定
- Dashboard設定:在Dashboard中還可以對Dashboard進行相應的設定。
3 常用功能
3.1 Pod的規模縮放
- Pod的規模縮放:使用者可以直接在Dashboard中Deployment建立的Pod的數量進入縮放操作,進而可以友善的對應用服務進行擴大規模或減少規模。
3.2 Pod的版本修改
- Pod的版本修改:使用者可以在Dashboard中對Deploymnet指定的鏡像版本進行修改,進而友善地對Pod的版本進行更新或回退。
3.3 Pod的執行日志
- Pod的執行日志:使用者可以在Dashboard中直接檢視某個Pod的執行日志,進而友善排查問題。
3.4 Pod的内部執行
- Pod的内部執行:使用者可以在Dashboard中直接進入到Pod的内部,并在Pod的内部執行各種Shell指令操作。
3.5 Service的配置修改
- Service的配置修改:使用者可以在Dashboard中直接對Service的配置進行修改,進而實作服務發現的更新。