下载dashboard文件
去github地址:https://github.com/kubernetes/dashboard/releases/,
下载dashboard的recommended.yaml文件,
下载的时候需要看下版本是否完全支持
执行
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
执行成功之后,修改一下服务
kubectl edit services -n kubernetes-dashboard kubernetes-dashboard
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: ClusterIP #修改为NodePort
查看状态
[root@k8s-master-01 dashboard]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-6f669b9c9b-jjwst 1/1 Running 0 4h36m 10.244.1.141 k8s-node-02 <none> <none>
pod/kubernetes-dashboard-758765f476-8n779 1/1 Running 0 4h36m 10.244.1.140 k8s-node-02 <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.106.9.206 <none> 8000/TCP 4h36m k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.104.157.64 <none> 443:30005/TCP 4h36m k8s-app=kubernetes-dashboard
访问https://192.168.10.11:30005/,注意必须是https不然不能访问
登录
通过Token令牌访问
获取Token令牌
执行如下命令,创建一个ServiceAccount用户dashboard-admin:
kubectl create serviceaccount dashboard-admin -n kube-system
然后将dashboard-admin用户与角色绑定:
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
最后,查看Token令牌,执行如下组合命令:
[root@k8s-master-01 dashboard]# kubectl get secrets -n kubernetes-dashboard | grep dashboard-admin
dashboard-admin-token-q6fjc kubernetes.io/service-account-token 3 4h38m
[root@k8s-master-01 dashboard]# kubectl describe secrets dashboard-admin-token-q6fjc -n kubernetes-dashboard
Name: dashboard-admin-token-q6fjc
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 0663a297-3546-4508-9f6b-cdb9f5b142a7
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ik9IWWxrZTdTNXozV1BlZGd5ZlduOVZaaUdvQlJPXzJqOTBUNjJPbnZZMjgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tcTZmamMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMDY2M2EyOTctMzU0Ni00NTA4LTlmNmItY2RiOWY1YjE0MmE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.BIBV9ee9-3NR5CxANisF7OfYRe8k7ai_tJFzAM8QoWYbMoOjZE4LgdciM_cE2o_7J1DXYgYcc1vO1l7DM-1V9clvaoOXagoYHie379y3hVokmPXBByXxpX_M6P8t4WiNTkUu7F_c5WWTYr1Enlm25jWBzLJlcdcsPsirlXXtlVT15wDOXcgzeWrzumMSV3q_RWWAINLvxXzt-o_rvs94cnV_XyHIzvb2d9XfThYpTNKAadFbt7qwVYBeW_rBRegqi6nMF3N078ZRaSAvEpgQjNOKrpbEfxfuU16rmHik7YekUXPxzV4FKJ0TwwqaAzDzRJQygnguOAgagJBINFp4Ig
将查询到的token部分复制粘贴到“输入Token”
然后就登录成功了
安装监控组件
默认k8s集群不带监控组件,heapster从1.11版本开始逐渐废弃,替代品为新的组件metrics-server
下载此文件https://github.com/kubernetes-sigs/metrics-server/releases
wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.2/components.yaml
修改一下文件components.yaml
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
#设定不验证tls
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
#image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1
#默认的k8s.gcr.io我们是访问不到的,需要修改成国内的
image: registry.cn-guangzhou.aliyuncs.com/k8s-hxg/metrics-server:v0.6.1
imagePullPolicy: IfNotPresent
执行安装
kubectl apply -f components.yaml
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
#查看pod状态
[root@k8s-master-01 pki]# kubectl -n kube-system get pod | grep metrics
metrics-server-75cbbdf6b5-dv6kg 1/1 Running 0 31m
然后,就可以查看各个组件的资源使用信息了
[root@k8s-master-01 pki]# kubectl top node
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master-01 168m 8% 1955Mi 53%
k8s-node-01 114m 5% 4500Mi 122%
k8s-node-02 55m 2% 1229Mi 33%
k8s-node-03 88m 4% 561Mi 15%
评论区