Kubernetes监控:Dashbaord 2.0.0部署方式

2024-01-05 10:49:28

Kubernetes监控:Dashbaord 2.0.0部署方式

Kubernetes的Dashboard目前版本已经升至2.0.0-rc3,这篇文章介绍一下如何在Kubernetes 1.17.2中安装此版本的Dashboard。
Dashboard

    Github地址
    https://github.com/kubernetes/dashboard

    目前版本:2.0.0-rc3 (2020/1/31)

配置文件

Dashboard的配置文件可以在如下链接中获得:

    https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc3/aio/deploy/recommended.yaml

获取此文件内容,并将其保存为名为dashboard.yml
所需镜像

使用此版本的Dashboard,会用到如下两个镜像:

[root@host131 dashboard]# grep image: dashboard.yml
          image: kubernetesui/dashboard:v2.0.0-rc3
          image: kubernetesui/metrics-scraper:v1.0.3
[root@host131 dashboard]#

    Dashboard镜像:kubernetesui/dashboard:v2.0.0-rc3
    kubernetesui/metrics-scraper:v1.0.3

环境准备

本文使用Kubernetes 1.17.2,可参看下文进行快速环境搭建:

    单机版本或者集群版本环境搭建

[root@host131 ansible]# kubectl get node -o wide
NAME              STATUS   ROLES    AGE     VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
192.168.163.131   Ready    <none>   3m49s   v1.17.2   192.168.163.131   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://19.3.5
[root@host131 ansible]#

事先下载如下两个镜像,可以加快速度

[root@host131 dashboard]# docker images |grep dashboard
kubernetesui/dashboard                  v2.0.0-rc3          4a0a1cf1b459        29 hours ago        126MB
k8s.gcr.io/kubernetes-dashboard-amd64   v1.10.1             f9aed6605b81        13 months ago       122MB
[root@host131 dashboard]#

修改配置文件:设定NodePort方式,端口设定为33307

kind: Service
apiVersion: v1
metadata:
   labels:
     k8s-app: kubernetes-dashboard
   name: kubernetes-dashboard
   namespace: kubernetes-dashboard
spec:
   type: NodePort
   ports:
     - port: 443
       targetPort: 8443
       nodePort: 33307
   selector:
       k8s-app: kubernetes-dashboard

修改配置文件:修改imagePullPolicy为IfNotPresent

imagePullPolicy: IfNotPresent

创建Dashboard服务

[root@host131 dashboard]# kubectl create -f .
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@host131 dashboard]#

结果确认

[root@host131 dashboard]# kubectl get service -A |grep dashboard
kubernetes-dashboard   dashboard-metrics-scraper   ClusterIP   10.254.80.105    <none>        8000/TCP        48s
kubernetes-dashboard   kubernetes-dashboard        NodePort    10.254.254.214   <none>        443:33307/TCP   48s
[root@host131 dashboard]#
[root@host131 dashboard]# kubectl get pod -A |grep dashboard
kubernetes-dashboard   dashboard-metrics-scraper-7b8b58dc8b-dmvqj   1/1     Running   0          59s
kubernetes-dashboard   kubernetes-dashboard-98d9ff664-s27v9         1/1     Running   0          59s
[root@host131 dashboard]#

浏览器确认
Chrome浏览器

由于Chrome浏览器在58+之后对于自签名的证书需要在subjectAltName中设定DNS.1,所以缺省下会有如下错误信息提示,注意此种状态下无法继续打开页面了
Kubernetes监控:Dashbaord 2.0.0部署方式
具体原因和对应方式可参看这篇SSL的基础内容:https://blog.csdn.net/liumiaocn/article/details/103562650
Firefox

使用Firefox还可以继续确认
Kubernetes监控:Dashbaord 2.0.0部署方式
点击View Certificate可以确认到证书的内容
Kubernetes监控:Dashbaord 2.0.0部署方式
这里点击Accept Risk and Continue按钮即可看到Dashboard的登录界面
Kubernetes监控:Dashbaord 2.0.0部署方式
选择token的方式进行登录,具体获得token详细信息的方式可以使用如下两行命令来完成:
步骤1: 获取secret

[root@host131 dashboard]# kubectl -n kubernetes-dashboard get secret
NAME                               TYPE                                  DATA   AGE
default-token-9g8fb                kubernetes.io/service-account-token   3      23m
kubernetes-dashboard-certs         Opaque                                0      23m
kubernetes-dashboard-csrf          Opaque                                1      23m
kubernetes-dashboard-key-holder    Opaque                                2      23m
kubernetes-dashboard-token-cvjhq   kubernetes.io/service-account-token   3      23m
[root@host131 dashboard]#

步骤2: 获取toekn信息

[root@host131 dashboard]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-cvjhq
Name:         kubernetes-dashboard-token-cvjhq
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 5d344a06-2efe-4c03-a5b4-cd0c90d4f463

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1359 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikt5aFRwRXR6M1hMLU5GTjg0M0R1LTNfNTZLOVNhVUxZd1BSZW9HNGJrMVEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1jdmpocSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjVkMzQ0YTA2LTJlZmUtNGMwMy1hNWI0LWNkMGM5MGQ0ZjQ2MyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.gDRilxWVTYQmVh7MyvgLHpFOIYC8fU2qzscfJnqdPiioGjPeGZ3nE-V7BC7xQN5Ic6eiIe8aG7kFokerm6Y4JHJ9Mmd9E-0ny30Q32csqZePc4WX3_Odc9WqD4bAbaRIwJXeKxKS6MQfcDjaaA_7ziVVtmxgxkyK9i1htrfh62tKuLsPHmh7jrp5yUk3W7I50pUPKQejAXCvz5XQ2KlKwIIGDMonadcgsTaR6T5qcDqB3Q2WS2BA8ZPoEirCWh40WN_RbJxbJcIhb5Ct2UEMp3m2UXn2M9xOoloBemITIlnONH63PlrtHZ_X7R68HlkuQ1qyB6EXxDcr7iQZ9ZVXcg
[root@host131 dashboard]#

然后使用此token信息
Kubernetes监控:Dashbaord 2.0.0部署方式
可以看到已经登录进来了
Kubernetes监控:Dashbaord 2.0.0部署方式
但是实际上还是有问题的,在后续的文章中将会进一步展开说明

上一篇:Kubernetes之Ingress自动化https


下一篇:生命周期中mounted和created的区别。