Kubernetes 部署 Dashboard

一、下载并修改 Dashboard 安装脚本

• github 下载最新脚本的 recommended.yaml

  wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml
  

• 修改 recommended.yaml 的文件内容

  #apiVersion: v1
  #kind: Namespace
  #metadata:
  #	name: kubernetes-dashboard
  
  ---
  #增加直接访问端口
  kind: Service
  apiVersion: v1
  metadata:
    labels:
      k8s-app: kubernetes-dashboard
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard
  spec:
    type: NodePort #增加
    ports:
      - port: 443
        targetPort: 8443
        nodePort: 30001 #增加
    selector:
      k8s-app: kubernetes-dashboard
  
  ---
  #因为自动生成的证书很多浏览器无法使用，所以我们自己创建，注释掉kubernetes-dashboard-certs对象声明
  #apiVersion: v1
  #kind: Secret
  #metadata:
  #  labels:
  #    k8s-app: kubernetes-dashboard
  #  name: kubernetes-dashboard-certs
  #  namespace: kubernetes-dashboard
  #type: Opaque
  
  #---
  

二、自签发证书

mkdir dashboard-certs

cd dashboard-certs/

#创建命名空间
kubectl create namespace kubernetes-dashboard

# 创建key文件
openssl genrsa -out dashboard.key 2048

#证书请求
openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'

#自签证书
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

#创建kubernetes-dashboard-certs对象
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard

三、安装 Dashboard

#安装
kubectl create -f  ~/recommended.yaml

#检查结果
kubectl get pods -A  -o wide

kubectl get service -n kubernetes-dashboard  -o wide

四、创建管理员

• 创建并编辑 dashboard-admin.yaml

  apiVersion: v1
  kind: ServiceAccount
  metadata:
    labels:
      k8s-app: kubernetes-dashboard
    name: dashboard-admin
    namespace: kubernetes-dashboard
  

• 保存退出后执行

  kubectl create -f dashboard-admin.yaml
  

• 为用户分配权限，创建 dashboard-admin-bind-cluster-role.yaml

  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: dashboard-admin-bind-cluster-role
    labels:
      k8s-app: kubernetes-dashboard
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
  subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kubernetes-dashboard
  

• 保存退出后执行

  kubectl create -f dashboard-admin-bind-cluster-role.yaml
  

五、获取用户 token 并访问 Dashboard

• 查看并复制用户 token

  kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
  

• 访问：https://<自己搭建的 master 的 IP>:30001，谷歌浏览器不行，但其他浏览器可以，比如Safari，选择Token登录，输入刚才复制的密钥就能登录了。

六、安装 metrics-server

• 拉取镜像

  docker pull rancher/metrics-server:v0.3.6 
  docker tag rancher/metrics-server:v0.3.6  k8s.gcr.io/metrics-server-amd64:v0.3.6 
  

• 下载安装脚本

  cd ~
  mkdir metrics-server
  cd metrics-server
  wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
  

• 修改安装脚本

  spec:
    serviceAccountName: metrics-server
    volumes:
    # mount in tmp so we can safely use from-scratch images and/or read-only containers
    - name: tmp-dir
      emptyDir: {}
    containers:
    - name: metrics-server
      image: k8s.gcr.io/metrics-server-amd64:v0.3.6
      imagePullPolicy: IfNotPresent
      args:
        - --cert-dir=/tmp
        - --secure-port=4443
      ports:
      - name: main-port
        containerPort: 4443
        protocol: TCP
      securityContext:
        readOnlyRootFilesystem: true
        runAsNonRoot: true
        runAsUser: 1000
      command: #增加
        - /metrics-server
        - --kubelet-insecure-tls
        - --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname
      volumeMounts:
      - name: tmp-dir
        mountPath: /tmp
    nodeSelector:
      kubernetes.io/os: linux
      kubernetes.io/arch: "amd64"
  

• 安装

  #安装
  kubectl create -f components.yaml
  
  #1-2分钟后查看结果
  kubectl top nodes
  

• 再回到dashboard界面可以看到CPU和内存使用情况了