Kubernetes之Dashboard
- 1 安装步骤
-
- 1.1 安装说明
- 1.2 安装步骤
- 1.3 创建令牌
- 2 功能总览
-
- 2.1 查看集群信息
- 2.2 查看名称空间
- 2.3 定义自定义资源
- 2.4 Dashboard设置
- 3 常用功能
-
- 3.1 Pod的规模缩放
- 3.2 Pod的版本修改
- 3.3 Pod的执行日志
- 3.4 Pod的内部执行
- 3.5 Service的配置修改
1 安装步骤
1.1 安装说明
- 集群说明:博主在 基于CentOS 7.6安装Kubernetes 1.18.0单Master节点集群 这篇文章中部署了一个由单个Master节点和两个Worker节点组成的K8S集群,本文就是在该集群中安装和使用Dashboard。需要注意的是:Dashboard的安装操作需要在Master节点上完成,本文使用的集群的 Master节点的IP地址是 192.168.1.169。
- 版本说明:
软件 版本 CentOS 7.6.1810 Kubernetes 1.18.0 Dashboard 2.0.0-rc7
1.2 安装步骤
- 官方文档:本文参考了 Dashboard的官网文档 ,并在官方文档的基础之上进行了细微的修改(本文中会指出修改的地方)。
- 部署文件:Dashboard的安装是基于部署yaml文件来完成的,所以用户需要先在Master节点中创建一个名称为 dashboard.yaml 的部署文件(文件名称可以自定),文件内容如下所示:
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Namespace metadata: name: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 32100 selector: k8s-app: kubernetes-dashboard --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kubernetes-dashboard type: Opaque --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-csrf namespace: kubernetes-dashboard type: Opaque data: csrf: "" --- apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-key-holder namespace: kubernetes-dashboard type: Opaque --- kind: ConfigMap apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-settings namespace: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard rules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster", "dashboard-metrics-scraper"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard rules: # Allow Metrics Scraper to get metrics from the Metrics server - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubernetes-dashboard subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: kubernetesui/dashboard:v2.0.0-rc7 imagePullPolicy: Always ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates - --namespace=kubernetes-dashboard # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- kind: Service apiVersion: v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: ports: - port: 8000 targetPort: 8000 selector: k8s-app: dashboard-metrics-scraper --- kind: Deployment apiVersion: apps/v1 metadata: labels: k8s-app: dashboard-metrics-scraper name: dashboard-metrics-scraper namespace: kubernetes-dashboard spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: dashboard-metrics-scraper template: metadata: labels: k8s-app: dashboard-metrics-scraper annotations: seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' spec: containers: - name: dashboard-metrics-scraper image: kubernetesui/metrics-scraper:v1.0.4 ports: - containerPort: 8000 protocol: TCP livenessProbe: httpGet: scheme: HTTP path: / port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - mountPath: /tmp name: tmp-volume securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 serviceAccountName: kubernetes-dashboard nodeSelector: "kubernetes.io/os": linux # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule volumes: - name: tmp-volume emptyDir: {}
- 修改说明:上述部署文件的内容与 Dashboard官网的部署参考文件 的内容基本上是一致的,只是对名称为 kubernetes-dashboard 的这个Service的配置进行了修改:增加了type: NodePort 的配置,指定了基于NodePort的服务发现方式,增加了 nodePort: 32100的配置,指定了通过主机的32100端口号来访问Dashboard服务。 之所以要进行这样的修改,是为了后面能够基于端口号来方便的访问Dashboard服务。注意:上面的 dashboard.ymal 文件中的内容已经是修改后的内容了。
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort # 指定服务发现方式 ports: - port: 443 targetPort: 8443 nodePort: 32100 # 指定通过主机的32100端口来访问Dashboard selector: k8s-app: kubernetes-dashboard
- 执行部署:在Master节点的kubectl命令行工具中执行以下命令,即可部署Dashboard,执行结果如下图所示。
kubectl apply -f dashboard.yaml
- 访问Dashboard:Dashboard部署成功之后,就可以访问Dashboard了,因为本文是基于NodePort的方式来访问Dashboard服务的,所以用户可以直接在宿主机的浏览器中访问 https://Master主机IP地址:32100 ,如果访问结果如下图所示,显示出了Dashboard的用户认证页面,则表示Dashboard部署成功。注意:一定要使用https协议。
https://192.168.1.169:32100 # 注意把 192.168.1.169 换成读者自己的Master节点的IP地址
- 用户认证方式:从上面的Dashboard用户认证页面可以看出,Dashboard支持基于 Token(即令牌)的认证方式和基于 Kubeconfig 的认证方式,我们这里选择基于 Token 的认证方式,所以需要先创建 Token (见1.3小节),然后再使用创建的 Token 来进行用户认证。
1.3 创建令牌
- 部署文件:创建令牌之前,需要先创建一个Dashboard登录账户,并且指定这个登录账户的角色,所以,需要先在Master节点中创建一个名称为 dashboard-account.yaml 的部署文件(文件名称可以自定),该部署文件用于定义登录账户和指定该登录账户的角色,文件内容如下所示:
apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dashboard-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kubernetes-dashboard
- 执行部署:在Master节点的kubectl命令行工具中执行以下命令,执行成功即可创建一个名称为dashboard-admin的登录账户,并指定该登录用户的角色,执行结果如下图所示:
kubectl apply -f dashboard-account.yaml
- 获取令牌:登录账户创建成功之后,即可以获取该登录账户的登录令牌了,在Master节点的kubectl命令行工具中执行以下命令即可获取令牌,执行结果如下图所示。注意:请保存好创建的令牌,以后每次登录Dashboard时,都需要使用该令牌。
- 登录Dashboard:把上一步中生成的 Token 的值粘贴到 Dashboard 用户认证页面的 token 输入框中,即可登录到 Dashboard 主页,结果如下图所示。
2 功能总览
2.1 查看集群信息
- 查看集群信息:在Dashboard中可以查看集群的详情信息,包括集群的角色信息、名称空间信息、节点信息、持久化卷的信息、存储类信息,还可以对这些资源信息执行编辑和删除的操作。
2.2 查看名称空间
- 查看名称空间:一个K8S集群中可能会被分为多个不同的名称空间,而不同的名称空间下的各种资源会相互隔离,在Dashboard中可以查看各个名称空间下的各种资源和作业的信息,包括作业信息、服务发现和负载均衡信息、配置和存储信息,还可以对这些资源信息执行规模、执行、编辑、删除等操作。
2.3 定义自定义资源
- 定义自定义资源:在Dashboard中可以自定义K8S集群的自定义资源信息,以及对这些资源信息执行固定、编辑、删除等操作。
2.4 Dashboard设置
- Dashboard设置:在Dashboard中还可以对Dashboard进行相应的设置。
3 常用功能
3.1 Pod的规模缩放
- Pod的规模缩放:用户可以直接在Dashboard中Deployment创建的Pod的数量进入缩放操作,从而可以方便的对应用服务进行扩大规模或减少规模。
3.2 Pod的版本修改
- Pod的版本修改:用户可以在Dashboard中对Deploymnet指定的镜像版本进行修改,从而方便地对Pod的版本进行升级或回退。
3.3 Pod的执行日志
- Pod的执行日志:用户可以在Dashboard中直接查看某个Pod的执行日志,从而方便排查问题。
3.4 Pod的内部执行
- Pod的内部执行:用户可以在Dashboard中直接进入到Pod的内部,并在Pod的内部执行各种Shell命令操作。
3.5 Service的配置修改
- Service的配置修改:用户可以在Dashboard中直接对Service的配置进行修改,从而实现服务发现的更新。