k8s集群好了 再添加一些相关的组件
dashboard helm helm的webui
1. 目标
k8s集群好了 再添加一些相关的组件
dashboard helm helm的webui
2. 安装控制面板
查看dashboard与k8s的版本适配情况 以及相关的镜像
https://github.com/kubernetes/dashboard/releases
1
2
3
4
5
|
k8s.gcr.io/kubernetes-dashboard-arm64:v1.10.1
k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
k8s.gcr.io/kubernetes-dashboard-ppc64le:v1.10.1
k8s.gcr.io/kubernetes-dashboard-arm:v1.10.1
k8s.gcr.io/kubernetes-dashboard-s390x:v1.10.1
|
2.1. 面板镜像
本次系统为ubuntu16-x64
所以使用 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
对应国内的是 registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
本次使用 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
2.2. 安装
先下载yaml文件, 然后修改镜像地址, 再安装
1
2
3
4
5
6
7
8
9
10
11
12
|
curl -o kb-dashboard.yml -O -L https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
sed -i "s#k8s.gcr.io#registry.aliyuncs.com/google_containers#g" kb-dashboard.yml
#另外在117行追加参数
sed -i '117d' kb-dashboard.yml
sed -i '117 s/^/ - --enable-skip-login=true\n/' kb-dashboard.yml
sed -i '117 s/^/ - --auto-generate-certificates\n/' kb-dashboard.yml
#部署应用
kubectl apply -f kb-dashboard.yml
#查看部署状态
kubectl get pods -n kube-system -l k8s-app=kubernetes-dashboard
|
~~不用考虑翻墙的话直接一条命令
kubectl apply -f https://github.com/kubernetes/dashboard/blob/master/src/deploy/recommended/kubernetes-dashboard.yaml~~
2.3. 设置登录账户
dashboard虽然装好了
但其对k8s进行管理操作(crud pod等)需要一定的权限
一种方式是为dashboard自身设置最高权限
另一种是创建一个高权限的用户 使用该账户登录dashboard
本次选择方式1 直接给高权限
2.3.1. 方式1: 设置免登录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
cat > dashboard-admin.yaml << EOF
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-minimal
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
EOF
kubectl apply -f dashboard-admin.yaml
|
2.3.2. 方式2: 创建token登录
创建一个账户
1
2
3
4
|
kubectl create serviceaccount tom
kubectl create clusterrolebinding tom \
--clusterrole=cluster-admin \
--serviceaccount=default:tom
|
查询token
1
|
kubectl describe secrets/` kubectl get secret | grep tom | awk '{print $1}' `
|
通过proxy输入token无响应 然后通过之前配的nodePort访问
一般浏览器对https://ip 不让访问 在火狐里点击同意风险才看到面板页
https://192.168.88.167:30001/
2.4. 访问管理页-方法1-代理
访问时建议使用firefox或chrome 国内的浏览器可能会拒绝访问(https证书问题)
在代理下https方式无法用token登录 只能通过设置权限的方式登录
1
2
3
4
|
# 这一步可跳过 通过proxy可以访问 但是登录的时候有问题
# 大概时proxy对https支持有问题
kubectl proxy --address=0.0.0.0 --disable-filter=true
http://192.168.88.164:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
|
- address不设置就只能本机访问
- disable-filter=true 关闭权限
- accept-hosts='^*$’ 设置过滤权限
2.5. 访问管理页-方法2-nodeport
alias kks='kubectl -n kube-system’
选择方式3
2.5.1. 修改方式1-实时修改
编辑services
1
2
3
4
5
6
|
kks edit svc kubernetes-dashboard
找到【type: ClusterIP】 将ClusterIP修改为NodePort
root@pu6-km:/home/u6# kks get svc kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.101.241.208 <none> 443:30366/TCP 17h
|
2.5.2. 修改方式2-配置文件修改
vi kb-dashboard.yml
1
2
3
4
|
spec:
type: NodePort
ports:
nodePort: 30366
|
更新dashboard
1
|
kubectl replace --force -f kb-dashboard.yml
|
2.5.3. 修改方式3-直接修改
1
2
3
4
5
6
|
kks get svc kubernetes-dashboard -o json
kks patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'
# 将NodePort再改回ClusterIP
kks get svc kubernetes-dashboard -o json
kks patch svc kubernetes-dashboard --type='json' -p='[{"op": "replace", "path": "/spec/type", "value":"ClusterIP"},{"op": "remove", "path": "/spec/ports/0/nodePort"}]'
|
此时在外部访问集群任意节点的ip+端口(https) 如:
https://192.168.88.113:30366
3. todo Heapster插件
安装此插件后 可再dashboard中看到node的内存cpu等信息
1
2
3
4
5
6
7
8
9
10
11
|
mkdir heapster && cd heapster
wget https://raw.githubusercontent.com/kubernetes-retired/heapster/v1.5.4/deploy/kube-config/influxdb/grafana.yaml
wget https://raw.githubusercontent.com/kubernetes-retired/heapster/v1.5.4/deploy/kube-config/influxdb/heapster.yaml
wget https://raw.githubusercontent.com/kubernetes-retired/heapster/v1.5.4/deploy/kube-config/influxdb/influxdb.yaml
wget https://raw.githubusercontent.com/kubernetes-retired/heapster/v1.5.4/deploy/kube-config/rbac/heapster-rbac.yaml
for yamlFile in `ls ./`; do
sed -i "s#gcr.io#registry.aliyuncs.com#g" $yamlFile
done;
kubectl create -f ./
|
4. helm
https://github.com/helm/helm/releases
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
curl -LO -o helm.tar.gz https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz | tar zx
mv linux-amd64/helm /usr/local/bin/helm
kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --upgrade --service-account tiller \
--stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts \
-i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1
kubectl -n kube-system get svc |grep tiller
helm create myapp
helm repo update
helm search
|
https://github.com/kubeapps/kubeapps/blob/master/docs/user/access-control.md
4.1. helm图形化面板
两个方案
minio是对象存储
kubeapps更专注
安装kubeapps可以选择helm仓库中的app安装
https://github.com/bitnami/charts
4.1.1. 安装kubeapps
1
2
3
4
5
|
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm install --name kubeapps --namespace kubeapps bitnami/kubeapps
#外部访问
kubectl -n kubeapps patch svc kubeapps-internal-dashboard -p '{"spec":{"type":"NodePort"}}'
|
4.1.2. minio
1
2
3
|
#不建议给helm用
docker pull minio/minio
docker run -p 9000:9000 minio/minio server /data
|
文章作者
duansheli
上次更新
2019-12-25
(325c7b3)