安装Dashboard

kubernetes.io地址

github地址

下载文件后稍作修改,方便集群外访问

1
2

#有可能要梯子下载,请到官方确认最新版本
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

把以下内容

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

改成

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard

安装

  • 访问地址:https://任一节点IP:30000,控制节点或工作节点都可以
1

kubectl apply -f recommended.yaml

创建超级管理员用户

github地址

1
2
3
4
5
6
7
8

#创建用户
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin

#获取token,两种方法二选一
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/dashboard-admin -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')  # 方法二

创建普通用户

kubernetes.io地址

1
2
3
4
5
6

#create
kubectl create serviceaccount xxx-user -n kubernetes-dashboard
kubectl create clusterrolebinding xxx-user --clusterrole=view --serviceaccount=kubernetes-dashboard:xxx-user

#get token
kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/xxx-user/{print $1}')

安装Metrics-Server

下载文件

1

wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

找到如下位置

  containers:
  - args:
    - --cert-dir=/tmp
    - --secure-port=4443
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --kubelet-use-node-status-port
    - --metric-resolution=15s

添加- --kubelet-insecure-tls

  containers:
  - args:
    - --cert-dir=/tmp
    - --secure-port=4443
    - --kubelet-insecure-tls
    - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
    - --kubelet-use-node-status-port
    - --metric-resolution=15s

安装

1

kubectl apply -f components.yaml

k8s.gcr.io上的metrics-server国内无法拉取,v0.5.0版本请确认后修改成需要的版本

  • 从日志确认pod运行在哪个node了,去node机器执行,最好所有node都拉取一下这个镜像
1
2
3

sudo docker pull registry.aliyuncs.com/google_containers/metrics-server:v0.5.0
sudo docker tag registry.aliyuncs.com/google_containers/metrics-server:v0.5.0 k8s.gcr.io/metrics-server/metrics-server:v0.5.0
sudo docker rmi registry.aliyuncs.com/google_containers/metrics-server:v0.5.0