简介KubernetesDashboard是Kubernetes集群的一个基于Web的通用UI。它允许用户管理集群中运行的应用程序并对其进行故障排除,以及管理集群本身。v2.1.0版本已于近期发布。让我们把它部署在Kubernetes中,并尝试看看新版本的样子。兼容性Kubernetes版本1.171.181.191.20兼容性?????不支持的版本范围。?完全支持的版本范围。?由于KubernetesAPI版本之间的重大更改,某些功能可能无法在仪表板中正常工作。部署KubernetesDashboard注意:如果“kube-system”命名空间已经有Kubernetes-Dashboard相关资源,请更换为其他Namespace。系统环境Kubernetes版本:1.20.1kubernetes-dashboard版本:v2.1.0部署文件完整部署文件Github地址:https://github.com/my-dlq/blog-example/tree/master/kubernetes/kubernetes-dashboard2。1.0-deploy1、DashboardRBAC创建DashboardRBAC部署文件k8s-dashboard-rbac.yamlapiVersion:v1kind:ServiceAccountmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-system---apiVersion:rbac.authorization.k8s.io/v1kind:Rolemetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-systemrules:-apiGroups:[""]resources:["secrets"]resourceNames:["kubernetes-dashboard-key-holder","kubernetes-dashboard-certs","kubernetes-dashboard-csrf"]verbs:["get","update","delete"]-apiGroups:[""]resources:["configmaps"]resourceNames:["kubernetes-dashboard-settings"]verbs:["get","update"]-apiGroups:[""]resources:["services"]resourceNames:["heapster","dashboard-metrics-scraper"]verbs:["proxy"]-apiGroups:[""]resources:["services/proxy"]resourceNames:["heapster","http:heapster:","https:heapster:","dashboard-metrics-scraper","http:dashboard-metrics-scraper"]verbs:["get"]---apiVersion:rbac.authorization.k8s.io/v1kind:ClusterRolemetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardrules:-apiGroups:["metrics.k8s.io"]资源:["pods","nodes"]verbs:["get","list","watch"]---apiVersion:rbac.authorization.k8s.io/v1kind:RoleBindingmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-systemroleRef:apiGroup:rbac.authorization.k8s.iokind:Rolename:kubernetes-dashboardsubjects:-kind:ServiceAccountname:kubernetes-dashboardnamespace:kube-system---apiVersion:rbac.authorization.k8s.io/v1kind:ClusterRoleBindingmetadata:name:kubernetes-dashboardnamespace:kube-systemroleRef:apiGroup:rbac.authorization.k8s.iokind:ClusterRolename:kubernetes-dashboardsubjects:-kind:ServiceAccountname:kubernetes-dashboardnamespace:kube-系统部分DashboardRBAC$kubectlapply-fk8s-dashboard-rbac.yaml2、创建ConfigMap、Secret创建DashboardConfig&Secret部分文件k8s-dashboard-configmap-secret.yamlapiVersion:v1kind:Secretmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboard-certsnamespace:kube-systemtype:Opaque---apiVersion:v1kind:Secretmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboard-csrfnamespace:kube-systemtype:Opaquedata:csrf:""---apiVersion:v1kind:Secretmetadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboard-key-holdernamespace:kube-systemtype:Opaque---kind:ConfigMapapiVersion:v1metadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboard-设置命名空间:kube-系统部分DashboardConfig&Secret$kubectlapply-fk8s-dashboard-configmap-secret.yaml3、kubernetes-dashboard创建DashboardDeploy部分文件k8s-dashboard-deploy.yaml##DashboardServicekind:ServiceapiVersion:v1metadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-systemspec:type:NodePortports:-port:443nodePort:30001targetPort:8443selector:k8s-app:kubernetes-dashboard---##DashboardDeploymentkind:DeploymentapiVersion:apps/v1metadata:labels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-systemspec:replicas:1revisionHistoryLimit:10selector:matchLabels:k8s-app:kubernetes-dashboardtemplate:metadata:labels:k8s-app:kubernetes-dashboardspec:serviceAccountName:kubernetes-dashboardcontainers:-name:kubernetes-dashboardimage:kubernetesui/dashboard:v2.1.0securityContext:allowPrivilegeEscalation:falsereadOnlyRootFilesystem:truerunAsUser:1001runAsGroup:2001ports:-containerPort:8443protocol:TCPargs:---auto-generate-certificates---namespace=kube-system#设置为当前部分的Namespaceresources:limits:cpu:1000mmemory:512Mirequests:cpu:1000mmemory:512MilivenessProbe:httpGet:scheme:HTTPSpath:/port:8443initialDelaySeconds:30timeoutSeconds:1000mmemory:512MilivenessProbe:httpGet:scheme:HTTPSpath:/port:8443initialDelaySeconds:30timeoutSeconds:1000mmemory:30volume--dashboard-certsmountPath:/certs-name:tmp-volumountPath:/tmp-name:localtimereadOnly:truemountPath:/etc/localtimevolumes:-name:kubernetes-dashboard-certssecret:secretName:kubernetes-dashboard-certs-name:tmp-volumemptyDir:{}-name:localtimehostPath:type:Filepath:/etc/localtimetolerations:-key:node-role.kubernetes.io/mastereffect:NoSchedule部分仪表板部署$kubectlapply-fk8s-dashboard-deploy.yaml4、创建kubernetes-metrics-scraper创建仪表板指标部分文件k8s-dashboard-metrics.yaml##DashboardMetricsServicekind:ServiceapiVersion:v1metadata:labels:k8s-app:dashboard-metrics-scrapername:dashboard-metrics-scrapernamespace:kube-systemspec:ports:-port:8000targetPort:8000selector:k8s-app:dashboard-metrics-scraper---##DashboardMetricsDeploymentkind:DeploymentapiVersion:apps/v1metadata:labels:k8s-app:dashboard-metrics-scrapername:dashboard-metrics-scrapernamespace:kube-systemspec:replicas:1revisionHistoryLimit:10selector:matchLabels:k8s-app:dashboard-metrics-scrapertemplate:metadata:标签:k8s-app:dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod:'runtime/default'spec:serviceAccountName:kubernetes-dashboardcontainers:-name:dashboard-metrics-scraperimage:kubernetesui/metrics-scraper:v1.0.6securityContext:allowPrivilegeEscalation:falsereadOnlyRootFilesystem:truerunAsUser:1001runAsGroup:2001ports:-containerPort:8000protocol:TCPresources:limits:cpu:1000mmemory:512Mirequests:cpu:1000mmemory:512MilivenessProbe:httpGet:scheme:HTTPpath:/port:8000initialDelaySeconds:30timeoutSeconds:30volumeMounts:-mountPath:/tmpname:tmp-volume-name:localtimereadOnly:truemountPath:/etc/localtimevolumes:-name:tmp-volumemptyDir:{}-name:localtimehostPath:type:Filepath:/etc/localtimenodeSelector:"beta.kubernetes.io/os":linuxtolerations:-key:node-role.kubernetes.io/mastereffect:NoScheduleDeploymentDashboardMetrics$kubectlapply-fk8s-dashboard-metrics.yaml5.创建一个ServiceAccount用于访问为ServiceAccount绑定admin权限,获取其Token访问看板创建DashboardServiceAccount部署文件k8s-dashboard-token.yamlkind:ClusterRoleBindingapiVersion:rbac.authorization.k8s.io/v1metadata:name:adminannotations:rbac.authorization.kubernetes.io/autoupdate:"true"roleRef:kind:ClusterRolename:cluster-adminapiGroup:rbac.authorization.k8s.iosubjects:-kind:ServiceAccountname:adminnamespace:kube-system---apiVersion:v1kind:ServiceAccountmetadata:name:adminnamespace:kube-systemlabels:kubernetes.io/cluster-service:"true"addonmanager.kubernetes.io/mode:Reconcile部署访问的ServiceAccount$kubectlapply-fk8s-dashboard-token.yaml获取令牌$kubectldescribesecret/$(kubectlgetsecret-nkube-system|grepadmin|awk'{print$1}')-nkube-systemtoken:login新版Dashboard查看我的Kubernetes集群地址为“192.168.2.11”,Service中设置NodePort端口为30001,类型为NodePort访问Dashboard,所以访问地址:https://192.168.2.11:30001进入KubernetesDashboard页面,然后输入上一步创建的ServiceAccountToken进入Dashboard,就可以看到新的Dashboard了。与上一版本相比,整体资源的展示位置,增加对1.20版本的支持等:部署MetricsServer,为Dashboard提供指标数据。因为Dashboard的指标部署需要从MetricsServer获取。此版本Dashboard的另一个组件kubernetes-metrics-scraper是一个适配器,用于从MetricsServer获取指标。我们之前已经部署了kubernetes-metrics-scraper组件,接下来只需要部署MetricsServer组件获取系统指标数据,供Dashboard绘制图形。部署MetricsServer可参考:在Kubernetes上部署MetricsServer获取集群指标数据当上述部署完成后,稍等片刻,再刷新Dashboard界面,可以观察到如下界面:
