简介
Kubernetes Dashboard 是 Kubernetes 集群的基于 Web 的通用 UI。它允许用户管理在群集中运行的应用程序并对其进行故障排除,以及管理群集本身。最近推出了 v2.1.0 版本,这里在 Kubernetes 中部署一下,尝试看看新版本咋样。
兼容性
| Kubernetes版本 | 1.17 | 1.18 | 1.19 | 1.20 | |
|---|---|---|---|---|---|
| 兼容性 | ? | ? | ? | ✓ |
- ✕ 不支持的版本范围。
- ✓ 完全支持的版本范围。
- ? 由于Kubernetes API 版本之间的重大更改,某些功能可能无法在仪表板中正常运行。
部署 Kubernetes Dashboard
注意:如果 "kube-system" 命名空间已经存在 Kubernetes-Dashboard 相关资源,请换成别的 Namespace。
系统环境
- Kubernetes 版本:1.20.1
- kubernetes-dashboard 版本:v2.1.0
部署文件
完整部署文件 Github 地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2.1.0-deploy
1、Dashboard RBAC
创建 Dashboard RBAC 部署文件
k8s-dashboard-rbac.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- rules:
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- rules:
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kube-system
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kubernetes-dashboard
- namespace: kube-system
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kube-system
部署 Dashboard RBAC
- $ kubectl apply -f k8s-dashboard-rbac.yaml
2、创建 ConfigMap、Secret
创建 Dashboard Config & Secret 部署文件
k8s-dashboard-configmap-secret.yaml
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-certs
- namespace: kube-system
- type: Opaque
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-csrf
- namespace: kube-system
- type: Opaque
- data:
- csrf: ""
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-key-holder
- namespace: kube-system
- type: Opaque
- ---
- kind: ConfigMap
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-settings
- namespace: kube-system
部署 Dashboard Config & Secret
- $ kubectl apply -f k8s-dashboard-configmap-secret.yaml
3、kubernetes-dashboard
创建 Dashboard Deploy 部署文件
k8s-dashboard-deploy.yaml
- ## Dashboard Service
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- spec:
- type: NodePort
- ports:
- - port: 443
- nodePort: 30001
- targetPort: 8443
- selector:
- k8s-app: kubernetes-dashboard
- ---
- ## Dashboard Deployment
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kube-system
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: kubernetes-dashboard
- template:
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- spec:
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: kubernetes-dashboard
- image: kubernetesui/dashboard:v2.1.0
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- ports:
- - containerPort: 8443
- protocol: TCP
- args:
- - --auto-generate-certificates
- - --namespace=kube-system #设置为当前部署的Namespace
- resources:
- limits:
- cpu: 1000m
- memory: 512Mi
- requests:
- cpu: 1000m
- memory: 512Mi
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- - name: tmp-volume
- mountPath: /tmp
- - name: localtime
- readOnly: true
- mountPath: /etc/localtime
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
- - name: localtime
- hostPath:
- type: File
- path: /etc/localtime
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
部署 Dashboard Deploy
- $ kubectl apply -f k8s-dashboard-deploy.yaml
4、创建 kubernetes-metrics-scraper
创建 Dashboard Metrics 部署文件
k8s-dashboard-metrics.yaml
- ## Dashboard Metrics Service
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kube-system
- spec:
- ports:
- - port: 8000
- targetPort: 8000
- selector:
- k8s-app: dashboard-metrics-scraper
- ---
- ## Dashboard Metrics Deployment
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kube-system
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: dashboard-metrics-scraper
- template:
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- annotations:
- seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
- spec:
- serviceAccountName: kubernetes-dashboard
- containers:
- - name: dashboard-metrics-scraper
- image: kubernetesui/metrics-scraper:v1.0.6
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- ports:
- - containerPort: 8000
- protocol: TCP
- resources:
- limits:
- cpu: 1000m
- memory: 512Mi
- requests:
- cpu: 1000m
- memory: 512Mi
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- - name: localtime
- readOnly: true
- mountPath: /etc/localtime
- volumes:
- - name: tmp-volume
- emptyDir: {}
- - name: localtime
- hostPath:
- type: File
- path: /etc/localtime
- nodeSelector:
- "beta.kubernetes.io/os": linux
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
部署 Dashboard Metrics
- $ kubectl apply -f k8s-dashboard-metrics.yaml
5、创建访问的 ServiceAccount
创建一个绑定 admin 权限的 ServiceAccount,获取其 Token 用于访问看板。
创建 Dashboard ServiceAccount 部署文件
k8s-dashboard-token.yaml
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: admin
- annotations:
- rbac.authorization.kubernetes.io/autoupdate: "true"
- roleRef:
- kind: ClusterRole
- name: cluster-admin
- apiGroup: rbac.authorization.k8s.io
- subjects:
- - kind: ServiceAccount
- name: admin
- namespace: kube-system
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: admin
- namespace: kube-system
- labels:
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
部署访问的 ServiceAccount
- $ kubectl apply -f k8s-dashboard-token.yaml
获取 Token
- $ kubectl describe secret/$(kubectl get secret -n kube-system |grep admin|awk '{print $1}') -n kube-system
token:
登录新版本 Dashboard 查看
本人的 Kubernetes 集群地址为”192.168.2.11”并且在 Service 中设置了 NodePort 端口为 30001 和类型为 NodePort 方式访问 Dashboard ,所以访问地址:https://192.168.2.11:30001 进入 Kubernetes Dashboard 页面,然后输入上一步中创建的 ServiceAccount 的 Token 进入 Dashboard,可以看到新的 Dashboard。
跟上一个版本比较,整体资源的显示位置,增加对 1.20 版本的支持等:
部署 Metrics Server 为 Dashboard 提供指标数据
Dashboard 已经部署完成,不过登录 Dashboard 后可以看到:
这些栏数据显示都是空,这是由于 Dashboard 的指标部署需要从 Metrics Server 中获取,Dashboard 该版本另一个组件 kubernetes-metrics-scraper 就是用于从 Metrics Server 获取指标的适配器。之前我们已经部署 kubernetes-metrics-scraper 组件,接下来只要再部署 Metrics Server 组件就能获取系统指标数据,供 Dashboard 绘制图形,部署 Metrics Server 可以参考:
- Kubernetes 部署 Metrics Server 获取集群指标数据
当按照上面部署完成后,等一段时间,再刷新 Dashboard 界面,可以观察到如下界面:
