目的

部署k8s dashboard

链接地址

https://github.com/kubernetes/dashboard

说明

本文主要阐述如何安装部署dashboard!

部署influxdb

文件名为:influxdb.yaml

  1. apiVersion: extensions/v1beta1
  2. kind: Deployment
  3. metadata:
  4.   name: monitoring-influxdb
  5.   namespace: kube-system
  6. spec:
  7.   replicas: 1
  8.   template:
  9.     metadata:
  10.       labels:
  11.         task: monitoring
  12.         k8s-app: influxdb
  13.     spec:
  14.       containers:
  15.       - name: influxdb
  16.         image: hub.k8s.com/apps/influxdb:latest
  17.         volumeMounts:
  18.         - mountPath: /data
  19.           name: influxdb-storage
  20.       volumes:
  21.       - name: influxdb-storage
  22.         emptyDir: {}
  23. ---
  24. apiVersion: v1
  25. kind: Service
  26. metadata:
  27.   labels:
  28.     task: monitoring
  29.     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
  30.     # If you are NOT using this as an addon, you should comment out this line.
  31.     kubernetes.io/cluster-service: 'true'
  32.     kubernetes.io/name: monitoring-influxdb
  33.   name: monitoring-influxdb
  34.   namespace: kube-system
  35. spec:
  36.   ports:
  37.   - port: 8086
  38.     targetPort: 8086
  39.   selector:
  40.     k8s-app: influxdb

部署heapster

  1. apiVersion: v1
  2. kind: ServiceAccount
  3. metadata:
  4.   name: heapster
  5.   namespace: kube-system
  6. ---
  7. kind: ClusterRoleBinding
  8. apiVersion: rbac.authorization.k8s.io/v1beta1
  9. metadata:
  10.   name: heapster
  11. roleRef:
  12.   apiGroup: rbac.authorization.k8s.io
  13.   kind: ClusterRole
  14.   name: system:heapster
  15. subjects:
  16. - kind: ServiceAccount
  17.   name: heapster
  18.   namespace: kube-system
  19. ---
  20. apiVersion: extensions/v1beta1
  21. kind: Deployment
  22. metadata:
  23.   name: heapster
  24.   namespace: kube-system
  25. spec:
  26.   replicas: 1
  27.   template:
  28.     metadata:
  29.       labels:
  30.         task: monitoring
  31.         k8s-app: heapster
  32.     spec:
  33.       serviceAccountName: heapster
  34.       dnsPolicy: ClusterFirst
  35.       containers:
  36.       - name: heapster
  37.         image: hub.k8s.com/google-containers/heapster:v1.4.3
  38.         imagePullPolicy: IfNotPresent
  39.         command:
  40.         - /heapster
  41.         - --source=kubernetes:https://10.10.10.21
  42.         - --sink=influxdb:http://monitoring-influxdb.kube-system.svc.cluster.local:8086
  43. ---
  44. apiVersion: v1
  45. kind: Service
  46. metadata:
  47.   labels:
  48.     task: monitoring
  49.     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
  50.     # If you are NOT using this as an addon, you should comment out this line.
  51.     kubernetes.io/cluster-service: 'true'
  52.     kubernetes.io/name: Heapster
  53.   name: heapster
  54.   namespace: kube-system
  55. spec:
  56.   ports:
  57.   - port: 80
  58.     targetPort: 8082
  59.   selector:
  60.     k8s-app: heapster

部署grafana (可选)

  1. apiVersion: extensions/v1beta1
  2. kind: Deployment
  3. metadata:
  4.   name: monitoring-grafana
  5.   namespace: kube-system
  6. spec:
  7.   replicas: 1
  8.   template:
  9.     metadata:
  10.       labels:
  11.         task: monitoring
  12.         k8s-app: grafana
  13.     spec:
  14.       containers:
  15.       - name: grafana
  16.         image: hub.k8s.com/apps/heapster-grafana-amd64:v4.4.3
  17.         ports:
  18.         - containerPort: 3000
  19.           protocol: TCP
  20.         volumeMounts:
  21.         - mountPath: /etc/ssl/certs
  22.           name: ca-certificates
  23.           readOnly: true
  24.         - mountPath: /var
  25.           name: grafana-storage
  26.         env:
  27.         - name: INFLUXDB_HOST
  28.           value: monitoring-influxdb
  29.         - name: GF_SERVER_HTTP_PORT
  30.           value: "3000"
  31.           # The following env variables are required to make Grafana accessible via
  32.           # the kubernetes api-server proxy. On production clusters, we recommend
  33.           # removing these env variables, setup auth for grafana, and expose the grafana
  34.           # service using a LoadBalancer or a public IP.
  35.         - name: GF_AUTH_BASIC_ENABLED
  36.           value: "false"
  37.         - name: GF_AUTH_ANONYMOUS_ENABLED
  38.           value: "true"
  39.         - name: GF_AUTH_ANONYMOUS_ORG_ROLE
  40.           value: Admin
  41.         - name: GF_SERVER_ROOT_URL
  42.           # If you're only using the API Server proxy, set this value instead:
  43.           # value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
  44.           value: /
  45.       volumes:
  46.       - name: ca-certificates
  47.         hostPath:
  48.           path: /etc/ssl/certs
  49.       - name: grafana-storage
  50.         emptyDir: {}
  51. ---
  52. apiVersion: v1
  53. kind: Service
  54. metadata:
  55.   labels:
  56.     # For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
  57.     # If you are NOT using this as an addon, you should comment out this line.
  58.     kubernetes.io/cluster-service: 'true'
  59.     kubernetes.io/name: monitoring-grafana
  60.   name: monitoring-grafana
  61.   namespace: kube-system
  62. spec:
  63.   # In a production setup, we recommend accessing Grafana through an external Loadbalancer
  64.   # or through a public IP.
  65.   # type: LoadBalancer
  66.   # You could also use NodePort to expose the service at a randomly-generated port
  67.   # type: NodePort
  68.   ports:
  69.   - port: 80
  70.     targetPort: 3000
  71.   selector:
  72.     k8s-app: grafana

部署dashboard

注意

要直接访问dashboard(无kubectl proxy),应使用有效证书建立安全的HTTPS连接。我们使用自有的证书颁发机构生成dashboard证书。使用它们替换仪表板中的自动生成的证书。

生成保密字典

你有dashboard.crt和dashboard.key存储在./certs目录下的文件,你可以使用如下命令创建名称为“kubernetes-dashboard-certs”的保密字典

  1. shell># kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system

验证 

  1. shell># kubectl get secrets kubernetes-dashboard-certs  -n kube-system
  2. NAME                         TYPE      DATA      AGE
  3. kubernetes-dashboard-certs   Opaque    2         0d
  4. shell># kubectl describe secrets kubernetes-dashboard-certs  -n kube-system
  5. Name:         kubernetes-dashboard-certs
  6. Namespace:    kube-system
  7. Labels:       <none>
  8. Annotations:  <none>
  10. Type:  Opaque
  12. Data
  13. ====
  14. dashboard.crt:  1399 bytes
  15. dashboard.key:  1675 bytes

部署dashboard

创建Kubernetes-dashboard.yaml

  1. # Copyright 2017 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. #     http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  15. # Configuration to deploy release version of the Dashboard UI compatible with
  16. # Kubernetes 1.8.
  17. #
  18. # Example usage: kubectl create -f <this_file>
  20. # ------------------- Dashboard Secret ------------------- #
  22. #apiVersion: v1
  23. #kind: Secret
  24. #metadata:
  25. #  labels:
  26. #    k8s-app: kubernetes-dashboard
  27. #  name: kubernetes-dashboard-certs
  28. #  namespace: kube-system
  29. #type: Opaque
  31. ---
  32. # ------------------- Dashboard Service Account ------------------- #
  34. apiVersion: v1
  35. kind: ServiceAccount
  36. metadata:
  37.   labels:
  38.     k8s-app: kubernetes-dashboard
  39.   name: kubernetes-dashboard
  40.   namespace: kube-system
  42. ---
  43. # ------------------- Dashboard Role & Role Binding ------------------- #
  45. kind: Role
  46. apiVersion: rbac.authorization.k8s.io/v1
  47. metadata:
  48.   name: kubernetes-dashboard-minimal
  49.   namespace: kube-system
  50. rules:
  51.   # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
  52. - apiGroups: [""]
  53.   resources: ["secrets"]
  54.   verbs: ["create"]
  55.   # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
  56. - apiGroups: [""]
  57.   resources: ["configmaps"]
  58.   verbs: ["create"]
  59.   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  60. - apiGroups: [""]
  61.   resources: ["secrets"]
  62.   resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  63.   verbs: ["get", "update", "delete"]
  64.   # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  65. - apiGroups: [""]
  66.   resources: ["configmaps"]
  67.   resourceNames: ["kubernetes-dashboard-settings"]
  68.   verbs: ["get", "update"]
  69.   # Allow Dashboard to get metrics from heapster.
  70. - apiGroups: [""]
  71.   resources: ["services"]
  72.   resourceNames: ["heapster"]
  73.   verbs: ["proxy"]
  74. - apiGroups: [""]
  75.   resources: ["services/proxy"]
  76.   resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  77.   verbs: ["get"]
  79. ---
  80. apiVersion: rbac.authorization.k8s.io/v1
  81. kind: RoleBinding
  82. metadata:
  83.   name: kubernetes-dashboard-minimal
  84.   namespace: kube-system
  85. roleRef:
  86.   apiGroup: rbac.authorization.k8s.io
  87.   kind: Role
  88.   name: kubernetes-dashboard-minimal
  89. subjects:
  90. - kind: ServiceAccount
  91.   name: kubernetes-dashboard
  92.   namespace: kube-system
  94. ---
  95. # ------------------- Dashboard Deployment ------------------- #
  97. kind: Deployment
  98. apiVersion: apps/v1beta2
  99. metadata:
  100.   labels:
  101.     k8s-app: kubernetes-dashboard
  102.   name: kubernetes-dashboard
  103.   namespace: kube-system
  104. spec:
  105.   replicas: 1
  106.   revisionHistoryLimit: 10
  107.   selector:
  108.     matchLabels:
  109.       k8s-app: kubernetes-dashboard
  110.   template:
  111.     metadata:
  112.       labels:
  113.         k8s-app: kubernetes-dashboard
  114.     spec:
  115.       containers:
  116.       - name: kubernetes-dashboard
  117.         image: hub.k8s.com/google-containers/kubernetes-dashboard:v1.8.1
  118.         ports:
  119.         - containerPort: 8443
  120.           protocol: TCP
  121.         args:
  122.           - --auto-generate-certificates
  123.           # Uncomment the following line to manually specify Kubernetes API server Host
  124.           # If not specified, Dashboard will attempt to auto discover the API server and connect
  125.           # to it. Uncomment only if the default does not work.
  126.           - --apiserver-host=http://10.10.1.21:8080
  127.           - --authentication-mode=kubeconfig
  128.         volumeMounts:
  129.         - name: kubernetes-dashboard-certs
  130.           mountPath: /certs
  131.           # Create on-disk volume to store exec logs
  132.         - mountPath: /tmp
  133.           name: tmp-volume
  134.         livenessProbe:
  135.           httpGet:
  136.             scheme: HTTPS
  137.             path: /
  138.             port: 8443
  139.           initialDelaySeconds: 30
  140.           timeoutSeconds: 30
  141.       volumes:
  142.       - name: kubernetes-dashboard-certs
  143.         secret:
  144.           secretName: kubernetes-dashboard-certs
  145.       - name: tmp-volume
  146.         emptyDir: {}
  147.       serviceAccountName: kubernetes-dashboard
  148.       # Comment the following tolerations if Dashboard must not be deployed on master
  149.       tolerations:
  150.       - key: node-role.kubernetes.io/master
  151.         effect: NoSchedule
  153. ---
  154. # ------------------- Dashboard Service ------------------- #
  156. kind: Service
  157. apiVersion: v1
  158. metadata:
  159.   labels:
  160.     k8s-app: kubernetes-dashboard
  161.   name: kubernetes-dashboard
  162.   namespace: kube-system
  163. spec:
  164.   type: NodePort
  165.   ports:
  166.     - port: 443
  167.       targetPort: 8443
  168.       nodePort: 30001
  169.   selector:
  170.     k8s-app: kubernetes-dashboard

验证

访问http://master.k8s.com:8080/ui