- 学习K8s,整理记忆
- 博文内容涉及
- K8s面板工具dashboard和Kuboard.
- dashboard以及Kuboard部署Demo
- 部分地方使用了Ansible,只用了shell,copy模块
- 部分内容参考 dashboard K8s官方文档:https://Kubernetes.io/zh/docs/tasks/access-application-cluster/web-ui-dashboard/kuboard官网: http://press.demo.kuboard.cn/overview/share-coder.html
很多时候我们放弃,以为不过是一段感情,到了最后,才知道,原来那是一生。——匪我思存《佳期如梦》
一、环境准备
无论是dashboard还是Kuboard,为了在页面上显示系统资源的使用情况,需要部署K8s核心指标监控工具Metrics Server,所以我们先来安装metric-server
集群版本
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get nodes
NAME STATUS ROLES AGE VERSION
vms81.liruilongs.github.io Ready control-plane,master 68d v1.22.2
vms82.liruilongs.github.io Ready <none> 68d v1.22.2
vms83.liruilongs.github.io Ready <none> 68d v1.22.2
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
安装 metric-server
相关镜像资源文件下载
curl -Ls https://api.github.com/repos/kubernetes-sigs/metrics-server/tarball/v0.3.6 -o metrics-server-v0.3.6.tar.gz
docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
两种方式任选其一,我们这里已经下载了镜像,所以直接导入,使用ansible所以机器执行
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible all -m copy -a "src=./metrics-img.tar dest=/root/metrics-img.tar"
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible all -m shell -a "docker load -i /root/metrics-img.tar"
192.168.26.83 | CHANGED | rc=0 >>
Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6
192.168.26.81 | CHANGED | rc=0 >>
Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6
192.168.26.82 | CHANGED | rc=0 >>
Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
修改metrics-server-deployment.yaml,创建资源
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$mv kubernetes-sigs-metrics-server-d1f4f6f/ metrics
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cd metrics/
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics]
└─$ls
cmd deploy hack OWNERS README.md version
code-of-conduct.md Gopkg.lock LICENSE OWNERS_ALIASES SECURITY_CONTACTS
CONTRIBUTING.md Gopkg.toml Makefile pkg vendor
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics]
└─$cd deploy/1.8 /
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8 ]
└─$ls
aggregated-metrics-reader.yaml metrics-apiservice.yaml resource-reader.yaml
auth-delegator.yaml metrics-server-deployment.yaml
auth-reader.yaml metrics-server-service.yaml
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8 ]
└─$vim metrics-server-deployment.yaml
修改资源文件,获取镜像方式
31 - name: metrics-server
32 image: k8s.gcr.io/metrics-server-amd64:v0.3.6
33 #imagePullPolicy: Always
34 imagePullPolicy: IfNotPresent
35 command:
36 - /metrics-server
37 - --metric-resolution=30s
38 - --kubelet-insecure-tls
39 - --kubelet-preferred-address-types=InternalIP
40 volumeMounts:
部署 metrics-server
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8 ]
└─$kubectl apply -f .
确认是否成功安装kube-system空间
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8 ]
└─$kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-78d6f96c7b-79xx4 1/1 Running 2 3h15m
calico-node-ntm7v 1/1 Running 1 12h
calico-node-skzjp 1/1 Running 4 12h
calico-node-v7pj5 1/1 Running 1 12h
coredns-545d6fc579-9h2z4 1/1 Running 2 3h15m
coredns-545d6fc579-xgn8x 1/1 Running 2 3h16m
etcd-vms81.liruilongs.github.io 1/1 Running 1 13h
kube-apiserver-vms81.liruilongs.github.io 1/1 Running 2 13h
kube-controller-manager-vms81.liruilongs.github.io 1/1 Running 4 13h
kube-proxy-rbhgf 1/1 Running 1 13h
kube-proxy-vm2sf 1/1 Running 1 13h
kube-proxy-zzbh9 1/1 Running 1 13h
kube-scheduler-vms81.liruilongs.github.io 1/1 Running 5 13h
metrics-server-bcfb98c76-gttkh 1/1 Running 0 70m
简单测试
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8 ]
└─$kubectl top nodes
W1007 14:23:06.102605 102831 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
vms81.liruilongs.github.io 555m 27% 2025Mi 52%
vms82.liruilongs.github.io 204m 10% 595Mi 15%
vms83.liruilongs.github.io 214m 10% 553Mi 14%
┌──[root@vms81.liruilongs.github.io]-[~/ansible/metrics/deploy/1.8 ]
└─$
二、dashboard安装简单介绍
kubernetes-dashboard是 Kubernetes的Web UI网页管理工具,可提供部署应用、资源对象管理、容器日志查询、系统监控等常用的集群管理功能。为了在页面上显示系统资源的使用情况,需要部署K8s核心指标监控工具Metrics Server
Github主页: https://github.com/kubernetes/dashboard
安装步骤资源文件(需要科学上网):https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
这里如果可以科学上网的小伙伴可以用这个,如果不行的话,用我的那个,yaml文件太大了,我放到了文末。
环境准备,工作节点push相关的镜像,这里因为有些镜像push不下来,所以替换为可以访问的镜像仓库来处理。
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat recommended.yaml | grep -i image
#image: kubernetesui/dashboard:v2.0.0-beta8
image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/dashboard:v2.0.0-beta8
#imagePullPolicy: Always
imagePullPolicy: IfNotPresent
#image: kubernetesui/metrics-scraper:v1.0.1
image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/metrics-scraper:v1.0.1
imagePullPolicy: IfNotPresent
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a "docker pull registry.cn-hangzhou.aliyuncs.com/kube-iamges/dashboard:v2.0.0-beta8"
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible node -m shell -a "docker pull registry.cn-hangzhou.aliyuncs.com/kube-iamges/metrics-scraper:v1.0.1"
安装 dashboard
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
安装完成,查看相关的资源是否准备好.
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-669c88c9d9-c6jc7 1/1 Running 0 119s
kubernetes-dashboard-5d66bcd8fd-87hlx 1/1 Running 0 2m
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get SVC -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.103.114.121 <none> 8000/TCP 2m11s
kubernetes-dashboard ClusterIP 10.98.100.249 <none> 443/TCP 2m12s
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get sa -n kubernetes-dashboard
NAME SECRETS AGE
default 1 2m21s
kubernetes-dashboard 1 2m21s
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get deploy -n kubernetes-dashboard
NAME READY UP-TO-DATE AVAILABLE AGE
dashboard-metrics-scraper 1/1 1 1 2m50s
kubernetes-dashboard 1/1 1 1 2m51s
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
修改SVC类型为NodePort,允许机器外部提供访问能力
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
service/kubernetes-dashboard edited
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
查看修改是否正确
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.103.114.121 <none> 8000/TCP 6m33s
kubernetes-dashboard NodePort 10.98.100.249 <none> 443:32329/TCP 6m34s
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
这里切换了一下命名空间,不是必要操作
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl config set-context $(kubectl config current-context) --namespace=kubernetes-dashboard
Context "kubernetes-admin@kubernetes" modified.
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$
创建sa,为其绑定一个类似root的K8s角色,提供访问能力。更多可以参考:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
资源文件
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
获取sa的token,通过token的方式登录部署好的dashboard
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6ImF2MmJVZ3d6M21JRC1BZUwwaHlDdzZHSGNyaVJON1BkUHF6MlhPV2NfX00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXF3bWdtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1MWE0ZTU5Ni00OThiLTRhOGMtOTBjOC00YTExZGYxZDk3NzYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.epjeFx7jvYG6v0zf0RuMjpY7RisrzBxrNdYdfszCwXS2_AauHM9a6dLUSx1oLUimiUdbCZvX0tElC99u8f5YQS4xGL-8gNSIUpe3JvWjgTlYB-6I5BqRxKrckqkHrs0juzw0K2d4HdDwUe79AyS7pJwqrD4LTQKzAfOmpWbwzHbPI4WKJ7FKyYGcW76HOdTYTdXVb_Rr0ucdOIRQdEwbFceT9atiImqQhb1Kv9ByoFDxSx2YP6PXPo8zGMUwmXXtlimzv0IdghcPOrwe6gk96LoD3pV-Q2kGL3OPhnxVusfOJh-bdRznSGorvtXc_IGJh8gwhF1zluRmQ4tECCu1sw
访问测试
