Dashboard
Dashboard可以给用户提供一个可视化的 Web 界面来查看当前集群的各种信息。用户可以用 Kubernetes Dashboard 部署容器化的应用、监控应用的状态、执行故障排查任务以及管理 Kubernetes 各种资源。
上传镜像到仓库
- kubectl apply -f recommended.yaml
- kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml #部署应用文件
- kubectl -n kubernetes-dashboard get all
- kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard
修改service模式为NotePort模式,以便外部访问
[root@server1 mnt]# kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard
service/kubernetes-dashboard edited
[root@foundation33 mnt]# cat dashrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
[root@server1 mnt]# kubectl -n kubernetes-dashboard get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.101.62.88 <none> 8000/TCP 36m
kubernetes-dashboard NodePort 10.109.159.227 <none> 443:32662/TCP 36m
- kubectl -n kubernetes-dashboard get secrets #查看secrets
- kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-rrl27 #生成token
[root@server1 mnt]# kubectl -n kubernetes-dashboard get secrets
NAME TYPE DATA AGE
default-token-dnljf kubernetes.io/service-account-token 3 39m
kubernetes-dashboard-certs Opaque 0 39m
kubernetes-dashboard-csrf Opaque 1 39m
kubernetes-dashboard-key-holder Opaque 2 39m
kubernetes-dashboard-token-rrl27 kubernetes.io/service-account-token 3 39m
tls-secret kubernetes.io/tls 2 11m
[root@server1 mnt]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-rrl27
Name: kubernetes-dashboard-token-rrl27
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: c99943f9-88e0-41f8-acfe-7e3ab35f98d1
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjhWZ180SzE4emMzdkRiNkZqSWZ3cmZDWlFBQ1VLWVNDLTN5V1AxeWZUWDAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ycmwyNyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImM5OTk0M2Y5LTg4ZTAtNDFmOC1hY2ZlLTdlM2FiMzVmOThkMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.iqLmVfd5SBe1jGAO5-NRNf9CQYt_LX5ybCnx2ILs5xy2H1jmOIN7SrYOpwAZklm_4oCMtraD6klb2btsHtuMBp3oUOnJWRO7JZajm193aYFCe7t-t-nE5ntCV7DiOtF_I_d_XX2uI0A15eeS-MIMqiKQRcA9rEyFpGLAsdn2foVSMJWZpRPOZRghJW7Vo46g_NKT4kse9zF2rKo4IQ-qd5J7PJlZyQtDo00F5j4E5M61x60d7fD_opoDEPVso8P86NALvHylJz3_c8pXzIht8ftpMMRuu2OK4FhBPCMSMM-zLeQ8N-HptPNrIdKxGJzmSK-Td8g4Eeu_z4SDuNVwYA
将token输入认证,登陆网页;
HPA
HPA伸缩过程
- 收集HPA控制下所有Pod最近的cpu使用情况(CPU utilization)
- 对比在扩容条件里记录的cpu限额(CPUUtilization)
调整实例数(必须要满足不超过最大/最小实例数)
每隔30s做一次自动扩容的判断 - CPU utilization的计算方法是用cpu usage(最近一分钟的平均值,通过metrics可以直接获取到)除以cpu request(这里cpu request就是我们在创建容器时制定的cpu使用核心数)得到一个平均值,这个平均值可以理解为:平均每个Pod CPU核心的使用占比。
HPA进行伸缩算法
计算公式:TargetNumOfPods = ceil(sum(CurrentPodsCPUUtilization) / Target)
ceil()表示取大于或等于某数的最近一个整数
每次扩容后冷却3分钟才能再次进行扩容,而缩容则要等5分钟后。
当前Pod Cpu使用率与目标使用率接近时,不会触发扩容或缩容:
触发条件:avg(CurrentPodsConsumption) / Target >1.1 或 <0.9
单条资源限制
[root@server1 hpa]# cat hpa.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: php-apache
spec:
selector:
matchLabels:
run: php-apache
replicas: 1
template:
metadata:
labels:
run: php-apache
spec:
containers:
- name: php-apache
image: hpa-example
ports:
- containerPort: 80
resources:
limits:
cpu: 500m
requests:
cpu: 200m
---
apiVersion: v1
kind: Service
metadata:
name: php-apache
labels:
run: php-apache
spec:
ports:
- port: 80
selector:
run: php-apache
[root@server1 hpa]# kubectl apply -f hpa.yaml
deployment.apps/php-apache created
service/php-apache created
[root@server1 hpa]# kubectl describe svc php-apache
Name: php-apache
Namespace: default
Labels: run=php-apache
Annotations: <none>
Selector: run=php-apache
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.108.147.206
IPs: 10.108.147.206
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: <none>
Session Affinity: None
Events: <none>
[root@server1 hpa]# kubectl get pod
NAME READY STATUS RESTARTS AGE
demo 0/1 Pending 0 20h
memory-demo 0/1 CrashLoopBackOff 85 20h
myapp-deployment-59dff4cf5d-dd87l 1/1 Running 1 26h
myapp-deployment-59dff4cf5d-tnrs7 1/1 Running 1 26h
myapp-deployment-59dff4cf5d-wdv2f 1/1 Running 1 26h
mynginx-deployment-55f464cc48-djvc9 1/1 Running 1 26h
mynginx-deployment-55f464cc48-phh85 1/1 Running 1 26h
mynginx-deployment-55f464cc48-sfwmr 1/1 Running 1 26h
php-apache-6cc67f7957-hrc9z 1/1 Running 0 6m10s
web-0 1/1 Running 1 19h
web-1 1/1 Running 1 19h
[root@server1 hpa]# kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=10
horizontalpodautoscaler.autoscaling/php-apache autoscaled
[root@server1 hpa]# kubectl get hpa
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
php-apache Deployment/php-apache 0%/50% 1 10 1 19s
压力测试,新开容器持续访问测试容器的http服务
等待几分钟后,cpu使用率升高,rs控制副本扩容
终止压力测试,cpu使用率降低