一 Metrics部署
1.1 Metrics介紹
Kubernetes的早期版本依靠Heapster來實作完整的性能資料采集和監控功能,Kubernetes從1.8版本開始,性能資料開始以Metrics API的方式提供標準化介面,并且從1.10版本開始將Heapster替換為Metrics Server,在Kubernetes新的監控體系中,Metrics Server用于提供核心指標(Core Metrics),包括Node、Pod的CPU和記憶體使用指標,
對其他自定義指標(Custom Metrics)的監控則由Prometheus等組件來完成,
1.2 開啟聚合層
有關聚合層知識參考:https://blog.csdn.net/liukuan73/article/details/81352637
本實驗前置步驟已開啟,
1.3 獲取部署檔案
1 [root@master01 ~]# cd /opt/k8s/work/ 2 [root@master01 work]# mkdir metrics 3 [root@master01 work]# cd metrics/ 4 [root@master01 metrics]# wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml 5 [root@master01 metrics]# vi components.yaml
1 …… 2 apiVersion: apps/v1 3 kind: Deployment 4 …… 5 spec: 6 replicas: 3 #根據集群規模調整副本數 7 …… 8 spec: 9 hostNetwork: true 10 …… 11 - name: metrics-server 12 image: k8s.gcr.io/metrics-server-amd64:v0.3.6 13 imagePullPolicy: IfNotPresent 14 args: 15 - --cert-dir=/tmp 16 - --secure-port=4443 17 - --kubelet-insecure-tls 18 - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP #追加此args 19 ……
提示:本步驟操作僅需要在master01節點操作,
1.4 正式部署
1 [root@master01 metrics]# kubectl apply -f components.yaml 2 [root@master01 metrics]# kubectl -n kube-system get pods -l k8s-app=metrics-server 3 NAME READY STATUS RESTARTS AGE 4 metrics-server-7b97647899-gm7j2 1/1 Running 0 9s 5 metrics-server-7b97647899-lqwwg 1/1 Running 0 9s 6 metrics-server-7b97647899-mrd84 1/1 Running 0 9s
提示:本步驟操作僅需要在master01節點操作,
1.5 查看資源監控
1 [root@master01 metrics]# kubectl top nodes 2 [root@master01 metrics]# kubectl top pods --all-namespaces
提示:Metrics Server提供的資料也可以供HPA控制器使用,以實作基于CPU使用率或記憶體使用值的Pod自動擴縮容功能,
二 Nginx ingress部署
為了便于訪問,本實驗建議采用域名訪問dashboard,域名由ingress進行暴露,因此建議提前部署ingress,具體部署參考《附020.Nginx-ingress部署及使用》,建議采用社區版,
三 dashboard部署
3.1 設定標簽
1 [root@master01 ~]# cd /opt/k8s/work/dashboard 2 [root@master01 dashboard]# kubectl label nodes master01 dashboard=yes 3 [root@master01 dashboard]# kubectl label nodes master02 dashboard=yes 4 [root@master01 dashboard]# kubectl label nodes master03 dashboard=yes
提示:本步驟操作僅需要在master01節點操作,
3.2 創建證書
本實驗已獲取免費一年的證書,免費證書獲取可參考:https://freessl.cn,
1 [root@master01 ~]# mkdir -p /opt/k8s/work/dashboard/certs 2 [root@master01 work]# cd /opt/k8s/work/dashboard/certs 3 [root@master01 certs]# mv k8s.odocker.com tls.crt 4 [root@master01 certs]# mv k8s.odocker.com tls.crt 5 [root@master01 certs]# ll 6 total 8.0K 7 -rw-r--r-- 1 root root 1.9K Jun 8 11:46 tls.crt 8 -rw-r--r-- 1 root root 1.7K Jun 8 11:46 tls.ke
提示:也可手動如下操作創建自簽證書:
1 [root@master01 ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/C=CN/ST=ZheJiang/L=HangZhou/O=Xianghy/OU=Xianghy/CN=k8s.odocker.com"
3.3 手動創建secret
1 [root@master01 ~]# kubectl create ns kubernetes-dashboard #v2版本dashboard獨立ns 2 [root@master01 ~]# kubectl create secret generic kubernetes-dashboard-certs --from-file=/opt/k8s/work/dashboard/certs -n kubernetes-dashboard 3 [root@master01 ~]# kubectl get secret kubernetes-dashboard-certs -n kubernetes-dashboard -o yaml #查看新證書
提示:本步驟操作僅需要在master01節點操作,
3.4 下載yaml
1 [root@master01 ~]# cd /opt/k8s/work/dashboard/ 2 [root@master01 dashboard]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
提示:本步驟操作僅需要在master01節點操作,
3.5 修改yaml
1 [root@master01 dashboard]# vi recommended.yaml
1 …… 2 kind: Service 3 apiVersion: v1 4 metadata: 5 labels: 6 k8s-app: kubernetes-dashboard 7 name: kubernetes-dashboard 8 namespace: kubernetes-dashboard 9 spec: 10 type: NodePort #新增 11 ports: 12 - port: 443 13 targetPort: 8443 14 nodePort: 30001 #新增 15 selector: 16 k8s-app: kubernetes-dashboard 17 --- 18 …… #如下全部注釋 19 #apiVersion: v1 20 #kind: Secret 21 #metadata: 22 # labels: 23 # k8s-app: kubernetes-dashboard 24 # name: kubernetes-dashboard-certs 25 # namespace: kubernetes-dashboard 26 #type: Opaque 27 …… 28 kind: Deployment 29 …… 30 replicas: 3 #適當調整為3副本 31 …… 32 imagePullPolicy: IfNotPresent #修改鏡像下載策略 33 ports: 34 - containerPort: 8443 35 protocol: TCP 36 args: 37 - --auto-generate-certificates 38 - --namespace=kubernetes-dashboard 39 - --tls-key-file=tls.key 40 - --tls-cert-file=tls.crt 41 - --token-ttl=3600 #追加如上args 42 …… 43 nodeSelector: 44 "beta.kubernetes.io/os": linux 45 "dashboard": "yes" #部署在master節點 46 …… 47 kind: Service 48 apiVersion: v1 49 metadata: 50 labels: 51 k8s-app: dashboard-metrics-scraper 52 name: dashboard-metrics-scraper 53 namespace: kubernetes-dashboard 54 spec: 55 type: NodePort #新增 56 ports: 57 - port: 8000 58 targetPort: 8000 59 nodePort: 30000 #新增 60 selector: 61 k8s-app: dashboard-metrics-scraper 62 …… 63 replicas: 3 #適當調整為3副本 64 …… 65 nodeSelector: 66 "beta.kubernetes.io/os": linux 67 "dashboard": "yes" #部署在master節點 68 ……
提示:本步驟操作僅需要在master01節點操作,
3.6 正式部署
1 [root@master01 dashboard]# kubectl apply -f recommended.yaml 2 [root@master01 dashboard]# kubectl get deployment kubernetes-dashboard -n kubernetes-dashboard 3 [root@master01 dashboard]# kubectl get services -n kubernetes-dashboard 4 [root@master01 dashboard]# kubectl get pods -o wide -n kubernetes-dashboard
提示:master01 NodePort 30001/TCP映射到 dashboard pod 443 埠,
提示:本步驟操作僅需要在master01節點操作,
3.7 創建管理員賬戶
提示:dashboard v2版本默認沒有創建具有管理員權限的賬戶,可如下操作創建,
1 [root@master01 dashboard]# vi dashboard-admin.yaml
1 --- 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: admin-user 6 namespace: kubernetes-dashboard 7 8 --- 9 apiVersion: rbac.authorization.k8s.io/v1 10 kind: ClusterRoleBinding 11 metadata: 12 name: admin-user 13 roleRef: 14 apiGroup: rbac.authorization.k8s.io 15 kind: ClusterRole 16 name: cluster-admin 17 subjects: 18 - kind: ServiceAccount 19 name: admin-user 20 namespace: kubernetes-dashboard
1 [root@master01 dashboard]# kubectl apply -f dashboard-admin.yaml
提示:本步驟操作僅需要在master01節點操作,
四 ingress暴露dashboard
4.1 創建ingress tls
1 [root@master01 ~]# cd /opt/k8s/work/dashboard/certs 2 [root@master01 certs]# kubectl -n kubernetes-dashboard create secret tls kubernetes-dashboard-tls --cert=tls.crt --key=tls.key 3 [root@master01 certs]# kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-tls
提示:本步驟操作僅需要在master01節點操作,
4.2 創建ingress策略
1 [root@master01 ~]# cd /opt/k8s/work/dashboard/ 2 [root@master01 dashboard]# vi dashboard-ingress.yaml
1 apiVersion: networking.k8s.io/v1beta1 2 kind: Ingress 3 metadata: 4 name: kubernetes-dashboard-ingress 5 namespace: kubernetes-dashboard 6 annotations: 7 kubernetes.io/ingress.class: "nginx" 8 nginx.ingress.kubernetes.io/use-regex: "true" 9 nginx.ingress.kubernetes.io/ssl-passthrough: "true" 10 nginx.ingress.kubernetes.io/rewrite-target: / 11 nginx.ingress.kubernetes.io/ssl-redirect: "true" 12 #nginx.ingress.kubernetes.io/secure-backends: "true" 13 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 14 nginx.ingress.kubernetes.io/proxy-connect-timeout: "600" 15 nginx.ingress.kubernetes.io/proxy-read-timeout: "600" 16 nginx.ingress.kubernetes.io/proxy-send-timeout: "600" 17 nginx.ingress.kubernetes.io/configuration-snippet: | 18 proxy_ssl_session_reuse off; 19 spec: 20 rules: 21 - host: k8s.odocker.com 22 http: 23 paths: 24 - path: / 25 backend: 26 serviceName: kubernetes-dashboard 27 servicePort: 443 28 tls: 29 - hosts: 30 - k8s.odocker.com 31 secretName: kubernetes-dashboard-tls
1 [root@master01 dashboard]# kubectl apply -f dashboard-ingress.yaml 2 [root@master01 dashboard]# kubectl -n kubernetes-dashboard get ingress
提示:本步驟操作僅需要在master01節點操作,
五 訪問Dashboard
5.1 匯入證書
將k8s.odocker.com匯入瀏覽器,并設定為信任,匯入操作略,
5.2 創建kubeconfig檔案
使用token相對復雜,可將token添加至kubeconfig檔案中,使用KubeConfig檔案訪問dashboard,
1 [root@master01 dashboard]# ADMIN_SECRET=$(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') 2 [root@master01 dashboard]# DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kubernetes-dashboard ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}') 3 4 [root@master01 dashboard]# kubectl config set-cluster kubernetes \ 5 --certificate-authority=/etc/kubernetes/cert/ca.pem \ 6 --embed-certs=true \ 7 --server=172.24.8.100:16443 \ 8 --kubeconfig=local-binkek8s-dashboard-admin.kubeconfig # 設定集群引數 9 [root@master01 dashboard]# kubectl config set-credentials dashboard_user \ 10 --token=${DASHBOARD_LOGIN_TOKEN} \ 11 --kubeconfig=local-binkek8s-dashboard-admin.kubeconfig # 設定客戶端認證引數,使用上面創建的 Token 12 [root@master01 dashboard]# kubectl config set-context default \ 13 --cluster=kubernetes \ 14 --user=dashboard_user \ 15 --kubeconfig=local-binkek8s-dashboard-admin.kubeconfig # 設定背景關系引數 16 [root@master01 dashboard]# kubectl config use-context default --kubeconfig=local-binkek8s-dashboard-admin.kubeconfig # 設定默認背景關系
提示:本步驟操作僅需要在master01節點操作,
將local-binkek8s-dashboard-admin.kubeconfig檔案匯入,以便于瀏覽器使用該檔案登錄,
5.3 測驗訪問Dashboard
本實驗采用ingress所暴露的域名:https://k8s.odocker.com 方式訪問,
使用local-hakek8s-dashboard-admin.kubeconfig檔案訪問:
提示:
更多dashboard訪問方式及認證可參考《附004.Kubernetes Dashboard簡介及使用》,
dashboard登錄整個流程可參考:https://www.cnadn.net/post/2613.html
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/155271.html
標籤:Linux
上一篇:"echo 0 /proc/sys/kernel/hung_task_timeout_secs" disable this message
下一篇:打開Autodock tool出現SyntaxError: 'import *' not allowed with 'from .'