使用dashboard查看k8s任务和资源使用

安装kubernetes-dashboard

第一步:准备需要的镜像和配置文件

按官方建议的k8s与dashboard兼容的版本下载对应的文件:
在这里插入图片描述
在这里插入图片描述
由于我使用的k8s是1.14.1版本,所以将dashboard对应版本的yaml文件下载到服务器root路径下:
执行安装命令:

kubectl apply -f recommended-v2.0.0-beta1.yaml

查看Deployment和Pod的运行状态:
在这里插入图片描述在这里插入图片描述
如果已经是running状态,接下来将dashboard的service端口暴露。

第二步:暴露dashboard service端口为NodePort模式

kubectl edit service kubernetes-dashboard -n kubernetes-dashboard

在这里插入图片描述
指定nodeport即可通过访问master机器得到实现访问dashboard ui

第三步:创建Service Account与集群管理员用户绑定

admin.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user

生效service account

kubectl apply -f admin.yaml

此时输入https://masterip:nodeport访问ui会得到类似如下证书问题:
在这里插入图片描述
证书过期,所以需要生成自签名证书

第四步:生成自签名证书

在master机器上执行如下操作,步骤如下:

mkdir /root/keys
cd /root/keys
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=10.238.5.37'
# 证书过期时间设置为1年
openssl x509 -req -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

查询到kubernetes-dashboard容器位于vm-vmw63586-app节点
在这里插入图片描述
在vm-vmw63586-app节点上查询kubernetes-dashboard容器ID
在这里插入图片描述
在vm-vmw63586-app节点上查询kubernetes-dashboard容器挂载目录

在这里插入图片描述
从master机器将证书文件拷贝到vm-vmw63586-app节点上kubernetes-dashboard容器挂载目录
在这里插入图片描述
在vm-vmw63586-app节点重启kubernetes-dashboard容器
在这里插入图片描述
从master节点获取token输入即可正常查看ui:
在这里插入图片描述
在这里插入图片描述

第五步:添加访问用户和密码

https://www.jianshu.com/p/5dca6b639e62
添加不同权限的访问账号
首先建一个定制权限的集群用户,例如我新建了一个访问范围与管理员用户相同,但是是只有查看权限的集群用户:
cluster-guest.yaml

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cluster-guest
rules:
- apiGroups: [""]
  resources: ["namespaces"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["pods/portforward", "pods/proxy"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["extensions", "apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["apps", "extensions"]
  resources: ["replicasets"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["services"]
  verbs: ["get", "watch", "list", "create"]
- apiGroups: ["extensions"]
  resources: ["ingresses"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["apps"]
  resources: ["daemonsets"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["batch"]
  resources: ["jobs"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["batch"]
  resources: ["cronjobs"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["replicationcontrollers"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["apps"]
  resources: ["statefulsets"]
  verbs: ["get", "watch", "list"]
- apiGroups: [""]
  resources: ["endpoints"]
  verbs: ["get", "watch", "list"]

生效新建集群用户:

kubectl create -f cluster-guest.yaml

然后新建 kubernetes-dashboard的ServiceAccount,并将这个ServiceAccount与刚才新建的集群账号绑定:
guest.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: guest-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: guest-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-guest
subjects:
- kind: ServiceAccount
  name: guest-user
  namespace: kubernetes-dashboard

生效新建ServiceAccount,并将其与新建集群用户绑定:

kubectl create -f guest.yaml

最后,将新建的集群用户与dashboard ui的登入账号绑定,即可:

kubectl create clusterrolebinding  login-on-dashboard-with-cluster-guest  --clusterrole=cluster-guest --user=guest

安装metrics-server

metric server简易pod监控,效果如下:
在这里插入图片描述

配置参考链接:
https://www.cnblogs.com/ding2016/p/10786252.html

©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页