Kubernetes详解(五十六)——Dashboard安装与部署

今天继续给大家介绍Linux运维相关知识,本文主要内容是Dashboard安装与部署。

一、Dashboard创建

Kubernetes的Dashboard是一个图形化页面,通过该页面,我们也可以管理整个Kubernetes集群,从而可以不用使用命令行的方式来进行配置。
Dashborad的创建资源清单如下所示:

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      nodeName: master
      containers:
      - name: kubernetes-dashboard
        image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.8.3
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
---
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard

注意,我们在使用该资源清单时,需要将Deployment控制器下的nodeName指定为Kubernetes集群中控制节点的主机名,我这里是master,其他场景下应该根据其配置情况进行不同的修改。
完成后,我们即可执行命令:

kubectl create -f kubernetes-dashboard.yaml

该命令执行后悔按照我们资源清单的配置,分别撞见Secret、ServiceAccount、Role、Rolebinding、Deployment以及Service,该命令执行过程如下所示:
Kubernetes详解(五十六)——Dashboard安装与部署_第1张图片

二、ClusterRolebinding创建

之后,我们还需要创建一个ClusterRolebinding,来给我们Dashboard进行授权。该ClusterRolebinding配置命令如下所示:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

之后,我们可以执行该命令,执行结果如下所示:
在这里插入图片描述

三、效果展示

在上述所有配置结束后,我们就可以来查看我们的配置结果了。首先,我们执行命令:

kubectl get pods --all-namespaces

该命令执行结果如下所示:
Kubernetes详解(五十六)——Dashboard安装与部署_第2张图片
发现我们的dashborad的Pod已经成功运行!
我们查看当前的端口,结果如下所示:
Kubernetes详解(五十六)——Dashboard安装与部署_第3张图片
发现我们的系统30000端口已经打开。
之后,我们使用浏览器访问我们Kubernetes集群中的任意一台设备的30000端口,结果如下所示:
Kubernetes详解(五十六)——Dashboard安装与部署_第4张图片
从上图中可以看出,我们的Dashboard已经安装并且部署完毕!
注:访问时请采用火狐浏览器,否则其他的浏览器会因为我们访问Dashboard的证书问题而拒绝我们访问。此外,如果您的火狐浏览器级别过高,也可能会出现上述问题。出现上述问题的解决请查看Kubernetes详解(五十九)——Kubernetes Dashboard无法用浏览器访问解决
原创不易,转载请说明出处:https://blog.csdn.net/weixin_40228200

你可能感兴趣的:(虚拟化运维,kubernetes,linux,docker,Dashboard,云原生)