一,k8s的UI访问界面-dashboard
搭建环境:
在dashboard中,虽然可以做到创建,删除,修改资源等操作,但通常情况下,我们会把它当作健康k8s集群的软件。
Kubernetes集群的通用Web UI
三台都需要:
[root@master ~]# docker pull kubernetesui/dashboard:v2.0.0-rc5
master下载.yaml文件:
[root@master dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
修改.yaml文件:
[root@master dashboard]# vim recommended.yaml
第40行添加:
type: NodePort
执行一下:
[root@master dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看是否生成:
查看端口:
访问:
https://192.168.1.10:30516
或者
https://192.168.1.10:30516/#/login
一,k8s的UI访问界面-dashboard
搭建环境:
在dashboard中,虽然可以做到创建,删除,修改资源等操作,但通常情况下,我们会把它当作健康k8s集群的软件。
Kubernetes集群的通用Web UI
三台都需要:
[root@master ~]# docker pull kubernetesui/dashboard:v2.0.0-rc5
master下载.yaml文件:
[root@master dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml
修改.yaml文件:
[root@master dashboard]# vim recommended.yaml
第40行添加:
type: NodePort
执行一下:
[root@master dashboard]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看是否生成:
查看端口:
[root@master dashboard]# kubectl get deployments. -n kubernetes-dashboard
NAME READY UP-TO-DATE AVAILABLE AGE
dashboard-metrics-scraper 1/1 1 1 41h
kubernetes-dashboard 1/1 1 1 41h
访问:
https://192.168.1.10:30516
或者
https://192.168.1.10:30516/#/login
基于token的方法登录dashboard
1、创建一个dashboard的管理用户。
[root@master dashboard]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
2、绑定用户为集群管理用户。
[root@master dashboard]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
3、获取token。
得到token名称:
[root@master dashboard]# kubectl get secrets -n kube-system | grep dashboard-admin
dashboard-admin-token-6rhg2 kubernetes.io/service-account-token 3 5m3s
查看token的详细信息
[root@master dashboard]# kubectl get secrets -n kube-system dashboard-admin-token-6rhg2
NAME TYPE DATA AGE
dashboard-admin-token-6rhg2 kubernetes.io/service-account-token 3 6m58s
查看上述得到的secret资源的详细信息,会得到token
[root@master dashboard]# kubectl describe secrets -n kube-system dashboard-admin-token-6rhg2
5、再浏览器上使用token登录
PS:如果时使用的旧版本的dashboard,使用谷歌浏览器登录,可能是不成功的,需要换成其他的浏览器,比如火狐
复制token到:
然后:
基于kuberconfig配置文件的方法登录dashboard
1、获取token:
[root@master dashboard]# kubectl get secrets -n kube-system | grep dashboard-admin
dashboard-admin-token-6rhg2 kubernetes.io/service-account-token 3 5m3s
[root@master dashboard]# kubectl get secrets -n kube-system dashboard-admin-token-6rhg2
NAME TYPE DATA AGE
dashboard-admin-token-6rhg2 kubernetes.io/service-account-token 3 6m58s
[root@master dashboard]# kubectl describe secrets -n kube-system dashboard-admin-token-6rhg2
2、生成kubeconfig配置文件。
通过环境变量生成一个Token:
[root@master dashboard]# DASH_TOKEN=$(kubectl get secrets -n kube-system dashboard-admin-token-6rhg2 -o jsonpath={.data.token} | base64 -d)
将k8s集群的配置文件写入kubernets中
[root@master dashboard]# kubectl config set-cluster kubernets --server=192.168.1.10:6443 --kubeconfig=/root/.dashboard-admin.conf
Cluster "kubernets" set.
[root@master dashboard]# kubectl config set-credentials dashboard-admin --token=$DASH_TOKEN --kubeconfig=/root/.dashboard-admin.conf
User "dashboard-admin" set.
[root@master dashboard]# kubectl config set-context dashboard-admin@kubernets --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/.dashboard-admin.conf
Context "dashboard-admin@kubernets" created.
[root@master dashboard]# kubectl config use-context dashboard-admin@kubernets --kubeconfig=/root/.dashboard-admin.conf
Switched to context "dashboard-admin@kubernets".
3.将新生成的/root/.dashboard的配置文件,导出并做保存
[root@master dashboard]# sz /root/.dashboard-admin.conf
Scope
[root@master ~]# mkdir scope
[root@master scope]# wget https://cloud.weave.works/k8s/scope.yaml
[root@master scope]# vim scope.yaml
213行添加:
下载镜像:
[root@node01 ~]# docker pull docker.io/weaveworks/scope:1.12.0
[root@node02 ~]# docker pull docker.io/weaveworks/scope:1.12.0
运行:
[root@master scope]# kubectl apply -f scope.yaml
namespace/weave created
serviceaccount/weave-scope created
clusterrole.rbac.authorization.k8s.io/weave-scope created
clusterrolebinding.rbac.authorization.k8s.io/weave-scope created
deployment.apps/weave-scope-app created
service/weave-scope-app created
deployment.apps/weave-scope-cluster-agent created
daemonset.apps/weave-scope-agent created
查看:
[root@master scope]# kubectl get deployments. -n weave
NAME READY UP-TO-DATE AVAILABLE AGE
weave-scope-app 1/1 1 1 36s
weave-scope-cluster-agent 1/1 1 1 36s
root@master scope]# kubectl get svc -n weave
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
weave-scope-app NodePort 10.110.225.77 <none> 80:31678/TCP 116s
浏览器访问:
Prometheus
PS:在这里部署prometheus,并不是Prometheus官网提供的,而是使用的coreos提供的promethus项目。
[root@master ~]# mkdir prometheus
[root@master ~]# cd prometheus/
[root@master prometheus]# yum -y install git
MetricsServer:是k8s集群资源使用情况的聚合器,手机数据给k8s集群内使用,如:kubectl,hpa,scheduler等。
Prometheus Operator:是一个系统检测和警报工具箱,用来存储监控数据。
Prometheus node-exproter:收集k8s集群资源的数据,指定告警规则。
Prometheus:手机apiserver,scheduler,controller-manager,kubelet组件的数据,通过http协议传输。
Grafana:可视化数据统计和监控平台。
1、克隆prometheus到本地
[root@master prometheus]# git clone https://github.com/coreos/kube-prometheus.git
2.修改grafana-service.yaml文件,更改为nodePort的暴露模式,暴露端口为31001
[root@master manifests]# pwd
/root/prometheus/kube-prometheus/manifests
[root@master manifests]# vim grafana-service.yaml
9行添加:
14行添加:
3、修改prometheus-service.yaml文件,更高为nodePort布鲁模式,暴露端口为31002
[root@master manifests]# vim prometheus-service.yaml
4、修改alertmanager-service.yaml文件,更高为nodePort布鲁模式,暴露端口为31003
[root@master manifests]# vim alertmanager-service.yaml
5、将这个目录中的yaml文件,全部运行,是运行以上yaml文件的基础环境配置
[root@master setup]# cd ..
[root@master manifests]# kubectl apply -f setup/
namespace/monitoring created
customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/podmonitors.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/prometheuses.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/prometheusrules.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/servicemonitors.monitoring.coreos.com created
customresourcedefinition.apiextensions.k8s.io/thanosrulers.monitoring.coreos.com created
clusterrole.rbac.authorization.k8s.io/prometheus-operator created
clusterrolebinding.rbac.authorization.k8s.io/prometheus-operator created
deployment.apps/prometheus-operator created
service/prometheus-operator created
serviceaccount/prometheus-operator created
6、运行主yaml文件
[root@master manifests]# cd ..
[root@master kube-prometheus]# pwd
/root/prometheus/kube-prometheus
[root@master kube-prometheus]# kubectl apply -f manifests/
部署成功之后,可以运行一条命令查看资源使用情况(MetricsServer必须部署成功)
kubectl top node
7、浏览器访问grafana
8、导入监控模板
从grafana官网搜索
8588
可以根据当前Pod资源的使用率,比如说CPU,磁盘,内存的等进行副本Pod的动态的扩容与缩容。
前提条件:系统应该能够获取当前Pod的资源使用情况。
//
heapster:这个组件之前是集成在k8s集群的,不过在1.12版本之后被移除了。
如果还想使用此功能,应该部署metricServer,这个k8s集群资源使用情况的聚合器。
这里,我们使用一个测试镜像,这个镜像基于php-apache制作的docker镜像,包含了一些可以运行cpu密集计算任务的代码。
[root@node01~]# docker pull mirrorgooglecontainers/hpa-example:latest
[root@node02~]# docker pull mirrorgooglecontainers/hpa-example:latest
[root@master yaml]# kubectl run php-apache --image=mirrorgooglecontainers/hpa-example:latest --requests=cpu=200m --expose --port=80
查看一下:
[root@master yaml]# kubectl get deployments.
NAME READY UP-TO-DATE AVAILABLE AGE
php-apache 1/1 1 1 5m36s
创建HPA控制器。
[root@master yaml]# kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=10
horizontalpodautoscaler.autoscaling/php-apache autoscaled
查看一下:
[root@master yaml]# kubectl get hpa
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
php-apache Deployment/php-apache <unknown>/50% 1 10 1 119s
[root@master yaml]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
php-apache-794cdd478f-ksqlj 1/1 Running 0 40m
复制会话:
[root@master ~]# kubectl run -i --tty load-generator --image=busybox /bin/sh
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
/ # while true; do wget -q -O- http://php-apache.default.svc.cluster.local;done
//创建一个应用,用来不停的访问我们刚刚创建的php-apache资源。
kubectl run -i --tty load-generator --image=busybox /bin/sh
进入Pod内,执行此命令, 用来模拟访问php-apache的svc资源
while true; do wget -q -O- http://php-apache.default.svc.cluster.local
; done
资源限制
基于Pod
[root@master ~]# vim cgroup-pod.yaml
requests: 要分配的资源,limits为最高请求的资源值。可以简单的理解为初始值和最大值。
基于名称空间
1) 计算资源配额
[root@master ~]# vim compute-resources.yaml
2)配置对象数量配额限制
[root@master ~]# vim object-counts.yaml
3) 配置CPU和内存的LimitRange
[root@master ~]# vim limitRange.yaml
default 即 limit的值。
done