容器云----kubernetes-dashboard(kubernetes管理界面)
首先,需要搭建好完成的kubernetes集群,详见文章容器云----kubernetes+docker-ce。
一.创建dashboard的yaml文件
vim kubernetes-dashboard.yaml
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Configuration to deploy release version of the Dashboard UI compatible with # Kubernetes 1.8. # # Example usage: kubectl create -f <this_file> # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] verbs: ["get", "update", "delete"] - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1beta2 metadata: labels: k8s-app: kubernetes-dashboard revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: serviceAccountName: kubernetes-dashboard containers: - name: kubernetes-dashboard image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 ports: - containerPort: 9090 protocol: TCP args: #- --auto-generate-certificates volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTP path: / port: 9090 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard-admin tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: ports: - port: 9090 targetPort: 9090 selector: k8s-app: kubernetes-dashboard # ------------------------------------------------------------ kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-external namespace: kube-system spec: ports: - port: 9090 targetPort: 9090 nodePort: 30090 type: NodePort selector: k8s-app: kubernetes-dashboard
二.创建dashboard的认证yaml文件
vim kubernetes-dashboard-admin.yaml
apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard-admin labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard-admin namespace: kube-system
三.启动dashboard
kubectl apply -f ./kubernetes-dashboard.yaml -f ./kubernetes-dashboard-admin.yaml
四.查看dashboard的创建状态
kubectl get svc,pods -n kube-system | grep dashboard
service/kubernetes-dashboard-external NodePort 10.96.28.16 <none> 9090:30090/TCP 3d pod/kubernetes-dashboard-5cc6564db9-m98fw 1/1 Running 4 3d
kubectl describe pod kubernetes-dashboard-5cc6564db9-m98fw -n kube-system
Name: kubernetes-dashboard-5cc6564db9-m98fw Namespace: kube-system Node: yun02/172.22.6.242 Start Time: Sat, 10 Nov 2018 12:01:53 +0800 Labels: k8s-app=kubernetes-dashboard pod-template-hash=1772120865 Annotations: <none> Status: Running IP: 10.244.1.2 Controlled By: ReplicaSet/kubernetes-dashboard-5cc6564db9 Containers: kubernetes-dashboard: Container ID: docker://c108de98d182217caa6ab214845f3e132737735c083d1c0e99c7e09b4e92e418 Image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3 Image ID: docker://sha256:0c60bcf89900cff208874ae172a972e75cedb5b1b7c99dbcf18ada134c599357 Port: 9090/TCP Host Port: 0/TCP State: Running Started: Tue, 13 Nov 2018 14:07:15 +0800 Last State: Terminated Reason: Error Exit Code: 2 Started: Tue, 13 Nov 2018 14:06:45 +0800 Finished: Tue, 13 Nov 2018 14:06:56 +0800 Ready: True Restart Count: 4 Liveness: http-get http://:9090/ delay=30s timeout=30s period=10s #success=1 #failure=3 Environment: <none> Mounts: /certs from kubernetes-dashboard-certs (rw) /tmp from tmp-volume (rw) /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-admin-token-nxgrv (ro) Conditions: Type Status Initialized True Ready True PodScheduled True Volumes: kubernetes-dashboard-certs: Type: Secret (a volume populated by a Secret) SecretName: kubernetes-dashboard-certs Optional: false tmp-volume: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: kubernetes-dashboard-admin-token-nxgrv: Type: Secret (a volume populated by a Secret) SecretName: kubernetes-dashboard-admin-token-nxgrv Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node-role.kubernetes.io/master:NoSchedule node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: <none>
可以看到,dashboard创建在172.22.6.242这台机器上。
接下来可以访问172.22.6.242:30090
