4
Kubernetes集群仪表盘dashboard&Kuboard安装Demo - InfoQ 写作平台
source link: https://xie.infoq.cn/article/8d58cc77c721f30e5f7617014
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Kubernetes 集群仪表盘 dashboard&Kuboard 安装 Demo
作者:山河已无恙
- 2022 年 2 月 19 日
本文字数:15113 字
阅读完需:约 50 分钟
很多时候我们放弃,以为不过是一段感情,到了最后,才知道,原来那是一生。——匪我思存《佳期如梦》
一、环境准备
无论是dashboard还是Kuboard,为了在页面上显示系统资源的使用情况,需要部署K8s核心指标监控工具Metrics Server,所以我们先来安装metric-server
┌──[[email protected]]-[~/ansible]└─$kubectl get nodesNAME STATUS ROLES AGE VERSIONvms81.liruilongs.github.io Ready control-plane,master 68d v1.22.2vms82.liruilongs.github.io Ready <none> 68d v1.22.2vms83.liruilongs.github.io Ready <none> 68d v1.22.2┌──[[email protected]]-[~/ansible]└─$
安装 metric-server
相关镜像资源文件下载
curl -Ls https://api.github.com/repos/kubernetes-sigs/metrics-server/tarball/v0.3.6 -o metrics-server-v0.3.6.tar.gzdocker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6两种方式任选其一,我们这里已经下载了镜像,所以直接导入,使用 ansible 所以机器执行
┌──[[email protected]]-[~/ansible]└─$ansible all -m copy -a "src=./metrics-img.tar dest=/root/metrics-img.tar"┌──[[email protected]]-[~/ansible]└─$ansible all -m shell -a "docker load -i /root/metrics-img.tar"192.168.26.83 | CHANGED | rc=0 >>Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6192.168.26.81 | CHANGED | rc=0 >>Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6192.168.26.82 | CHANGED | rc=0 >>Loaded image: k8s.gcr.io/metrics-server-amd64:v0.3.6┌──[[email protected]]-[~/ansible]└─$
修改 metrics-server-deployment.yaml,创建资源
┌──[[email protected]]-[~/ansible]└─$mv kubernetes-sigs-metrics-server-d1f4f6f/ metrics┌──[[email protected]]-[~/ansible]└─$cd metrics/┌──[[email protected]]-[~/ansible/metrics]└─$lscmd deploy hack OWNERS README.md versioncode-of-conduct.md Gopkg.lock LICENSE OWNERS_ALIASES SECURITY_CONTACTSCONTRIBUTING.md Gopkg.toml Makefile pkg vendor┌──[[email protected]]-[~/ansible/metrics]└─$cd deploy/1.8+/┌──[[email protected]]-[~/ansible/metrics/deploy/1.8+]└─$lsaggregated-metrics-reader.yaml metrics-apiservice.yaml resource-reader.yamlauth-delegator.yaml metrics-server-deployment.yamlauth-reader.yaml metrics-server-service.yaml┌──[[email protected]]-[~/ansible/metrics/deploy/1.8+]└─$vim metrics-server-deployment.yaml
修改资源文件,获取镜像方式
31 - name: metrics-server32 image: k8s.gcr.io/metrics-server-amd64:v0.3.633 #imagePullPolicy: Always34 imagePullPolicy: IfNotPresent35 command:36 - /metrics-server37 - --metric-resolution=30s38 - --kubelet-insecure-tls39 - --kubelet-preferred-address-types=InternalIP40 volumeMounts:
部署 metrics-server
┌──[[email protected]]-[~/ansible/metrics/deploy/1.8+]└─$kubectl apply -f .
确认是否成功安装 kube-system 空间
┌──[[email protected]]-[~/ansible/metrics/deploy/1.8+]└─$kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcalico-kube-controllers-78d6f96c7b-79xx4 1/1 Running 2 3h15mcalico-node-ntm7v 1/1 Running 1 12hcalico-node-skzjp 1/1 Running 4 12hcalico-node-v7pj5 1/1 Running 1 12hcoredns-545d6fc579-9h2z4 1/1 Running 2 3h15mcoredns-545d6fc579-xgn8x 1/1 Running 2 3h16metcd-vms81.liruilongs.github.io 1/1 Running 1 13hkube-apiserver-vms81.liruilongs.github.io 1/1 Running 2 13hkube-controller-manager-vms81.liruilongs.github.io 1/1 Running 4 13hkube-proxy-rbhgf 1/1 Running 1 13hkube-proxy-vm2sf 1/1 Running 1 13hkube-proxy-zzbh9 1/1 Running 1 13hkube-scheduler-vms81.liruilongs.github.io 1/1 Running 5 13hmetrics-server-bcfb98c76-gttkh 1/1 Running 0 70m
简单测试
┌──[[email protected]]-[~/ansible/metrics/deploy/1.8+]└─$kubectl top nodesW1007 14:23:06.102605 102831 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flagNAME CPU(cores) CPU% MEMORY(bytes) MEMORY%vms81.liruilongs.github.io 555m 27% 2025Mi 52%vms82.liruilongs.github.io 204m 10% 595Mi 15%vms83.liruilongs.github.io 214m 10% 553Mi 14%┌──[[email protected]]-[~/ansible/metrics/deploy/1.8+]└─$
二、dashboard 安装
kubernetes-dashboard是 Kubernetes的Web UI网页管理工具,可提供部署应用、资源对象管理、容器日志查询、系统监控等常用的集群管理功能。为了在页面上显示系统资源的使用情况,需要部署 K8s 核心指标监控工具Metrics Server
Github 主页: https://github.com/kubernetes/dashboard
资源文件(需要科学上网):https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml
这里如果可以科学上网的小伙伴可以用这个,如果不行的话,用我的那个,yaml文件太大了,我放到了文末。
环境准备,工作节点push相关的镜像,这里因为有些镜像 push 不下来,所以替换为可以访问的镜像仓库来处理。
┌──[[email protected]]-[~/ansible]└─$cat recommended.yaml | grep -i image#image: kubernetesui/dashboard:v2.0.0-beta8image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/dashboard:v2.0.0-beta8#imagePullPolicy: AlwaysimagePullPolicy: IfNotPresent#image: kubernetesui/metrics-scraper:v1.0.1image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/metrics-scraper:v1.0.1imagePullPolicy: IfNotPresent┌──[[email protected]]-[~/ansible]└─$ansible node -m shell -a "docker pull registry.cn-hangzhou.aliyuncs.com/kube-iamges/dashboard:v2.0.0-beta8"┌──[[email protected]]-[~/ansible]└─$ansible node -m shell -a "docker pull registry.cn-hangzhou.aliyuncs.com/kube-iamges/metrics-scraper:v1.0.1"
安装 dashboard
┌──[[email protected]]-[~/ansible]└─$kubectl apply -f recommended.yamlnamespace/kubernetes-dashboard createdserviceaccount/kubernetes-dashboard createdservice/kubernetes-dashboard createdsecret/kubernetes-dashboard-certs createdsecret/kubernetes-dashboard-csrf createdsecret/kubernetes-dashboard-key-holder createdconfigmap/kubernetes-dashboard-settings createdrole.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrole.rbac.authorization.k8s.io/kubernetes-dashboard createdrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createdclusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard createddeployment.apps/kubernetes-dashboard createdservice/dashboard-metrics-scraper createddeployment.apps/dashboard-metrics-scraper created┌──[[email protected]]-[~/ansible]└─$
安装完成,查看相关的资源是否准备好.
┌──[[email protected]]-[~/ansible]└─$kubectl get pods -n kubernetes-dashboardNAME READY STATUS RESTARTS AGEdashboard-metrics-scraper-669c88c9d9-c6jc7 1/1 Running 0 119skubernetes-dashboard-5d66bcd8fd-87hlx 1/1 Running 0 2m
┌──[[email protected]]-[~/ansible]└─$kubectl get svc -n kubernetes-dashboardNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdashboard-metrics-scraper ClusterIP 10.103.114.121 <none> 8000/TCP 2m11skubernetes-dashboard ClusterIP 10.98.100.249 <none> 443/TCP 2m12s
┌──[[email protected]]-[~/ansible]└─$kubectl get sa -n kubernetes-dashboardNAME SECRETS AGEdefault 1 2m21skubernetes-dashboard 1 2m21s
┌──[[email protected]]-[~/ansible]└─$kubectl get deploy -n kubernetes-dashboardNAME READY UP-TO-DATE AVAILABLE AGEdashboard-metrics-scraper 1/1 1 1 2m50skubernetes-dashboard 1/1 1 1 2m51s┌──[[email protected]]-[~/ansible]└─$
修改SVC类型为NodePort,允许机器外部提供访问能力
┌──[[email protected]]-[~/ansible]└─$kubectl edit svc kubernetes-dashboard -n kubernetes-dashboardservice/kubernetes-dashboard edited┌──[[email protected]]-[~/ansible]└─$
查看修改是否正确
┌──[[email protected]]-[~/ansible]└─$kubectl get svc -n kubernetes-dashboardNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdashboard-metrics-scraper ClusterIP 10.103.114.121 <none> 8000/TCP 6m33skubernetes-dashboard NodePort 10.98.100.249 <none> 443:32329/TCP 6m34s┌──[[email protected]]-[~/ansible]└─$
这里切换了一下命名空间,不是必要操作
┌──[[email protected]]-[~/ansible]└─$kubectl config set-context $(kubectl config current-context) --namespace=kubernetes-dashboardContext "kubernetes-admin@kubernetes" modified.┌──[[email protected]]-[~/ansible]└─$
创建 sa,为其绑定一个类似 root 的 K8s 角色,提供访问能力。更多可以参考:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
┌──[[email protected]]-[~/ansible]└─$cat dashboard-adminuser.yamlapiVersion: v1kind: ServiceAccountmetadata:name: admin-usernamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:name: admin-userroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-adminsubjects:- kind: ServiceAccountname: admin-usernamespace: kubernetes-dashboard
┌──[[email protected]]-[~/ansible]└─$kubectl apply -f dashboard-adminuser.yamlserviceaccount/admin-user createdclusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
获取sa的token,通过token的方式登录部署好的dashboard
┌──[[email protected]]-[~/ansible]└─$kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"eyJhbGciOiJSUzI1NiIsImtpZCI6ImF2MmJVZ3d6M21JRC1BZUwwaHlDdzZHSGNyaVJON1BkUHF6MlhPV2NfX00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXF3bWdtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1MWE0ZTU5Ni00OThiLTRhOGMtOTBjOC00YTExZGYxZDk3NzYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.epjeFx7jvYG6v0zf0RuMjpY7RisrzBxrNdYdfszCwXS2_AauHM9a6dLUSx1oLUimiUdbCZvX0tElC99u8f5YQS4xGL-8gNSIUpe3JvWjgTlYB-6I5BqRxKrckqkHrs0juzw0K2d4HdDwUe79AyS7pJwqrD4LTQKzAfOmpWbwzHbPI4WKJ7FKyYGcW76HOdTYTdXVb_Rr0ucdOIRQdEwbFceT9atiImqQhb1Kv9ByoFDxSx2YP6PXPo8zGMUwmXXtlimzv0IdghcPOrwe6gk96LoD3pV-Q2kGL3OPhnxVusfOJh-bdRznSGorvtXc_IGJh8gwhF1zluRmQ4tECCu1sw
如果用新版的谷歌浏览器会提示这个报错,解决办法为,键盘直接输入thisisunsafe就可以了
第一次访问会有如下页面
选择所有命名空间就可以查看相关信息
三、kuboard
Kuboard,是一款免费的 Kubernetes 图形化管理工具,Kuboard 力图帮助用户快速在 Kubernetes 上落地微服务..
官网: http://press.demo.kuboard.cn/overview/share-coder.html
下载资源 yml 文件
┌──[[email protected]]-[~/ansible]└─$wget https://kuboard.cn/install-script/kuboard.yaml--2021-11-12 20:00:01-- https://kuboard.cn/install-script/kuboard.yamlResolving kuboard.cn (kuboard.cn)... 122.112.240.69, 119.3.92.138Connecting to kuboard.cn (kuboard.cn)|122.112.240.69|:443... connected.HTTP request sent, awaiting response... 200 OKLength: 2318 (2.3K) [application/octet-stream]Saving to: ‘kuboard.yaml’100%[============================================================>] 2,318 --.-K/s in 0s2021-11-12 20:00:04 (58.5 MB/s) - ‘kuboard.yaml’ saved [2318/2318]
所有节点预先拉取下载镜像docker pull eipwork/kuboard:latest
┌──[[email protected]]-[~/ansible]└─$ansible all -m shell -a "docker pull eipwork/kuboard:latest"
修改 kuboard.yaml 把策略改为 IfNotPresent
┌──[[email protected]]-[~/ansible]└─$cat kuboard.yaml | grep imagePullPolicyimagePullPolicy: Always┌──[[email protected]]-[~/ansible]└─$cat kuboard.yaml | grep AlwaysimagePullPolicy: Always┌──[[email protected]]-[~/ansible]└─$sed -i s#Always#IfNotPresent#g kuboard.yaml┌──[[email protected]]-[~/ansible]└─$cat kuboard.yaml | grep imagePullPolicyimagePullPolicy: IfNotPresent┌──[[email protected]]-[~/ansible]└─$
.创建资源对象 kubectl apply -f kuboard.yaml
┌──[[email protected]]-[~/ansible]└─$kubectl apply -f kuboard.yamldeployment.apps/kuboard createdservice/kuboard createdserviceaccount/kuboard-user createdclusterrolebinding.rbac.authorization.k8s.io/kuboard-user createdserviceaccount/kuboard-viewer createdclusterrolebinding.rbac.authorization.k8s.io/kuboard-viewer created┌──[[email protected]]-[~/ansible]└─$
确保 kuboard 运行 kubectl get pods -n kube-system
┌──[[email protected]]-[~/ansible]└─$kubectl get pods -n kube-systemNAME READY STATUS RESTARTS AGEcalico-kube-controllers-78d6f96c7b-csdd6 1/1 Running 240 (4m56s ago) 17dcalico-node-ntm7v 1/1 Running 145 (8m22s ago) 36dcalico-node-skzjp 0/1 CrashLoopBackOff 753 (4m30s ago) 36dcalico-node-v7pj5 1/1 Running 169 (4m59s ago) 36dcoredns-7f6cbbb7b8-2msxl 1/1 Running 4 17dcoredns-7f6cbbb7b8-ktm2d 1/1 Running 5 (20h ago) 17detcd-vms81.liruilongs.github.io 1/1 Running 7 (7d11h ago) 24dkube-apiserver-vms81.liruilongs.github.io 1/1 Running 15 (20h ago) 24dkube-controller-manager-vms81.liruilongs.github.io 1/1 Running 56 (108m ago) 24dkube-proxy-nzm24 1/1 Running 3 (11h ago) 23dkube-proxy-p2zln 1/1 Running 3 (14d ago) 24dkube-proxy-pqhqn 1/1 Running 7 (7d11h ago) 24dkube-scheduler-vms81.liruilongs.github.io 1/1 Running 60 (108m ago) 24dkuboard-78dccb7d9f-rsnrp 1/1 Running 0 49smetrics-server-bcfb98c76-76pg5 1/1 Running 0 20h┌──[[email protected]]-[~/ansible]└─$kubectl config set
获取 tokenecho $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
┌──[[email protected]]-[~/ansible]└─$echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)eyJhbGciOiJSUzI1NiIsImtpZCI6IkZ1NHI1RkhSemVhN2s1OWthS1ZEQ0dueDRmS2RkMDdyR0FZYklkaWFnbmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJvYXJkLXVzZXItdG9rZW4tYmY4bjgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoia3Vib2FyZC11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzQ4YWYyNTQtZDI5NS00Yjc4LTg3ZWItNmE0ZDFkMjFkZmU4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmt1Ym9hcmQtdXNlciJ9.Nzjerrlpw6XcBRkqXPQzDlSmMZrDf89yuVjXkL7vV1nhgWXX0iqZsqF8DPiy7Sjj-2JFYPD_zojgqV0sgOlKV_7Ou6p3F7K6lhu4VI9CGkM8OJxFdPIh-ETKVnIlb7l9s1jN4hvhBWck8geOIx4pnOawUU3jbOH7TQKz43bTnvUx_FACvnxG9gVU6KyQm6GVzs28SDs1YrqpMFWZgnJ_vCAe-KfUrqYChLecIHXM-vuB4JODxrwB4n3z2GtsJdigTIpd_FjeDs9Bl7v3CoWrozMa73rxPZyO58fo8D1bi1XTbJNeRjTjYnQc0-GvSoupQaNAfYloD1pwimmcFnIKxQ┌──[[email protected]]-[~/ansible]└─$
.登录 http://192.168.26.81:32567
┌──[[email protected]]-[~/ansible]└─$kubectl get svc -A | grep kuboardkube-system kuboard NodePort 10.96.142.159 <none> 80:32567/TCP 51s┌──[[email protected]]-[~/ansible]└─$
用上面命令获取的 token 登录:
如果一直卡在这里,刷新下
recommended.yaml 资源文件
# Copyright 2017 The Kubernetes Authors.## Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.apiVersion: v1kind: Namespacemetadata:name: kubernetes-dashboard---apiVersion: v1kind: ServiceAccountmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: ServiceapiVersion: v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardspec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1kind: Secretmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboardtype: Opaque---apiVersion: v1kind: Secretmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboardtype: Opaquedata:csrf: ""---apiVersion: v1kind: Secretmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboardtype: Opaque---kind: ConfigMapapiVersion: v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: RoleapiVersion: rbac.authorization.k8s.io/v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardrules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardrules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardroleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboardsubjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:name: kubernetes-dashboardroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboardsubjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: DeploymentapiVersion: apps/v1metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboardspec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboard#image: kubernetesui/dashboard:v2.0.0-beta8image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/dashboard:v2.0.0-beta8#imagePullPolicy: AlwaysimagePullPolicy: IfNotPresentports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: ServiceapiVersion: v1metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboardspec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: DeploymentapiVersion: apps/v1metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboardspec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccompProfile: 'runtime/default'spec:containers:- name: dashboard-metrics-scraper#image: kubernetesui/metrics-scraper:v1.0.1image: registry.cn-hangzhou.aliyuncs.com/kube-iamges/metrics-scraper:v1.0.1imagePullPolicy: IfNotPresentports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}
划线
评论
复制
发布于: 2022 年 02 月 19 日阅读数: 379
版权声明: 本文为 InfoQ 作者【山河已无恙】的原创文章。
原文链接:【https://xie.infoq.cn/article/8d58cc77c721f30e5f7617014】。
本文遵守【CC BY-NC】协议,转载请保留原文出处及本版权声明。
山河已无恙
关注
CSDN博客专家,华为云云享专家,RHCE/CKA认证 2022.01.03 加入
Java 后端一枚,技术不高,前端、Shell、Python 也可以写一点.纯种屌丝,不热爱生活,热爱学习,热爱工作,喜欢一直忙,不闲着。喜欢篆刻,喜欢吃好吃的,喜欢吃饱了晒太阳。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK