15.1.Dashboard

作为Kube认得Web用户界面,用户可以通过Dashboard在Kubernetes集群中部署容器化的应用,对应用进行问题处理和管理,并对集群本身进行管理。通过Dashboard,用户可以查看集群中应用的运行情况,同时也能够基于Dashboard创建或修改部署、任务、服务等Kubernetes的资源。通过部署向导,用户能够对部署进行扩容缩容,进行滚动更新。重启Pod或部署新应用,也能够查看Kubernetes资源的状态。

dashboard-secret.yaml

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

    # Allows editing resource and makes sure it is created first.

    addonmanager.kubernetes.io/mode: EnsureExists

  name: kubernetes-dashboard-certs

  namespace: kube-system

type: Opaque

---

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

    # Allows editing resource and makes sure it is created first.

    addonmanager.kubernetes.io/mode: EnsureExists

  name: kubernetes-dashboard-key-holder

  namespace: kube-system

type: Opaque

dashboard-configmap.yaml

apiVersion: v1

kind: ConfigMap

metadata:

  labels:

    k8s-app: kubernetes-dashboard

    # Allows editing resource and makes sure it is created first.

    addonmanager.kubernetes.io/mode: EnsureExists

  name: kubernetes-dashboard-settings

  namespace: kube-system

dashboard-service.yaml

apiVersion: v1

kind: Service

metadata:

  name: kubernetes-dashboard

  namespace: kube-system

  labels:

    k8s-app: kubernetes-dashboard

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

spec:

  selector:

    k8s-app: kubernetes-dashboard

  type: NodePort

  ports:

  - port:

    targetPort:

dashboard-rbac.yaml

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

    addonmanager.kubernetes.io/mode: Reconcile

  name: kubernetes-dashboard-minimal

  namespace: kube-system

rules:

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

  resources: ["secrets"]

  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

  verbs: ["get", "update", "delete"]

  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  resourceNames: ["kubernetes-dashboard-settings"]

  verbs: ["get", "update"]

  # Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

  resources: ["services"]

  resourceNames: ["heapster"]

  verbs: ["proxy"]

- apiGroups: [""]

  resources: ["services/proxy"]

  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

  labels:

    k8s-app: kubernetes-dashboard

    addonmanager.kubernetes.io/mode: Reconcile

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard-minimal

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

  name: kubernetes-dashboard-crb

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: admin

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

dashboard-controller.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

    addonmanager.kubernetes.io/mode: Reconcile

  name: kubernetes-dashboard

  namespace: kube-system

---

apiVersion: apps/v1

kind: Deployment

metadata:

  name: kubernetes-dashboard

  namespace: kube-system

  labels:

    k8s-app: kubernetes-dashboard

    kubernetes.io/cluster-service: "true"

    addonmanager.kubernetes.io/mode: Reconcile

spec:

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

      annotations:

        scheduler.alpha.kubernetes.io/critical-pod: ''

        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'

    spec:

      priorityClassName: system-cluster-critical

      containers:

      - name: kubernetes-dashboard

        #image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3

        image: dockeryanxiao/kubernetes-dashboard-amd64

        resources:

          limits:

            cpu: 100m

            memory: 300Mi

          requests:

            cpu: 50m

            memory: 100Mi

        ports:

        - containerPort:

          protocol: TCP

        args:

          # PLATFORM-SPECIFIC ARGS HERE

          - --auto-generate-certificates

        volumeMounts:

        - name: kubernetes-dashboard-certs

          mountPath: /certs

        - name: tmp-volume

          mountPath: /tmp

        livenessProbe:

          httpGet:

            scheme: HTTPS

            path: /

            port:

          initialDelaySeconds:

          timeoutSeconds:

      volumes:

      - name: kubernetes-dashboard-certs

        secret:

          secretName: kubernetes-dashboard-certs

      - name: tmp-volume

        emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      tolerations:

      - key: "CriticalAddonsOnly"

        operator: "Exists"

提交资源后查看svc对外提供服务的端口访问:https://node:svc-port。查看访问token后使用token登录:

 kubectl describe secret $(kubectl get secret -n kube-system |grep dashboard-token | awk '{print $1}') -n kube-system

15.2.heapster

heapster-serviceaccount.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: heapster

  namespace: kube-system

---

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

  name: heapster

roleRef:

  kind: ClusterRole

  name: cluster-admin

  apiGroup: rbac.authorization.k8s.io

subjects:

  - kind: ServiceAccount

    name: heapster

    namespace: kube-system

heapster-service.yaml

apiVersion: v1

kind: Service

metadata:

  name: heapster

  namespace: kube-system

spec:

  selector:

    k8s-app: heapster

  ports:

  - port:

    targetPort:

heapster.yaml

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: heapster

  namespace: kube-system

spec:

  replicas:

  template:

    metadata:

      labels:

        task: monitoring

        k8s-app: heapster

    spec:

      serviceAccountName: heapster

      containers:

      - name: heapster

        image: registry.cn-hangzhou.aliyuncs.com/google-containers/heapster-amd64:v1.5.1

        imagePullPolicy: IfNotPresent

        command:

        - /heapster

        #- --source=kubernetes:kubernetes:https://kubernetes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

        #- --source=kubernetes:https://kubernetes.default

        #- --sink=influxdb:http://monitoring-influxdb:8086

        #- --source=kubernetes:https://kuberntes.default:443?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

        - --source=kubernetes:kubernetes:https://kuberntes.default?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true

        - --metric-resolution=10s

安装后dashboard界面会显示更多功能:

Kubernetes系列:Kubernetes Dashboard的更多相关文章

  1. 从0到1使用Kubernetes系列——Kubernetes入门

    基本概念 Docker 是什么 Docker 起初是 dotCloud 公司创始人 Solomon Hykes 在法国的时候发起的一项公司内部项目,Docker 是基于 dotCloud 公司多年云服 ...

  2. 从0到1使用Kubernetes系列(二):安装工具介绍

    该系列第一篇为:<从0到1使用Kubernetes系列--Kubernetes入门>.本文是Kubernetes系列的第二篇,将介绍使用Kubeadm+Ansible搭建Kubernete ...

  3. Kubernetes系列(五) Ingress

    作者: LemonNan 原文地址: https://juejin.im/post/6878269825639317517 Kubernetes 系列 Kubernetes系列(一) Pod Kube ...

  4. Kubernetes系列(三) Deployment

    作者: LemonNan 原文地址: https://juejin.im/post/6865672466939150349/ Kubernetes 系列 Kubernetes系列(一) Pod Kub ...

  5. kubernetes系列(十七) - 通过helm安装dashboard详细教程

    1. 前提条件 2. 配置https证书为secret 3. dashboard安装 3.1 helm拉取dashboard的chart 3.2 配置dashboard的chart包配置 3.3 he ...

  6. Kubernetes系列之Helm介绍篇

    本次系列使用的所需部署包版本都使用的目前最新的或最新稳定版,安装包地址请到公众号内回复[K8s实战]获取 介绍 Helm 是 Deis 开发的一个用于 Kubernetes 应用的包管理工具,主要用来 ...

  7. kubernetes系列之ConfigMap使用方式

    作用理解 核心用途就是容器和配置的分离解耦. 如启用一个mysql容器,mysql容器重要的文件有两部分,一部分为存储数据文件,一部分为配置文件my.cnf,存储数据可以用持久存储实现和容器的分离解耦 ...

  8. Kubernetes系列之理解K8s Service的几种模式

    今天给大家介绍下k8s的service的几种访问模式. 概述 我们知道pod的ip不是固定的,是根据所在宿主机的docker0网卡生成的,每次重启,更新,调度等情况IP都会变,那pod与pod之间需要 ...

  9. kubernetes系列03—kubeadm安装部署K8S集群

    本文收录在容器技术学习系列文章总目录 1.kubernetes安装介绍 1.1 K8S架构图 1.2 K8S搭建安装示意图 1.3 安装kubernetes方法 1.3.1 方法1:使用kubeadm ...

随机推荐

  1. C++ 编程学习(六) 函数

    零.小知识点 1.函数返回类型可以是除数组外的自定义类型 一.传值调用 向函数传递参数的传值调用方法,把参数的实际值复制给函数的形式参数.在这种情况下,修改函数内的形式参数不会影响实际参数. 默认情况 ...

  2. java课程之团队开发冲刺阶段2.6

    总结昨天进度: 1.总体的思路已经完成,代码也差不多了,只剩下对闹钟activity的设置 遇到的困难: 1.在设置震动的时候,对方法有点不太理解,所以使用的时候产生了错误,没有达到预期的效果 今天的 ...

  3. 吴裕雄--天生自然JAVA SPRING框架开发学习笔记:Spring AOP(面向切面编程)

    面向切面编程(AOP)和面向对象编程(OOP)类似,也是一种编程模式.Spring AOP 是基于 AOP 编程模式的一个框架,它的使用有效减少了系统间的重复代码,达到了模块间的松耦合目的. AOP ...

  4. PAT Advanced 1030 Travel Plan (30) [Dijkstra算法 + DFS,最短路径,边权]

    题目 A traveler's map gives the distances between cities along the highways, together with the cost of ...

  5. xv6 系统调用

    1. 系统调用的实现 开发程序需所有的接口在user.h中,包含两部分system call和ulib user.h中的系统接口函数在usys.S中通过汇编实现 #define SYSCALL(nam ...

  6. JS-语句四

    For 循环: for 循环是创建循环时常会用到的工具. 下面是 for 循环的语法: ; 语句 ; 语句 ) { 被执行的代码 } 其中语句1是初始值:语句2是.条件判断:语句3是状态改变:被执行的 ...

  7. JS-语句二

    for循环的4个要素: 1.初始值        2.条件判断        3.状态改变        4.循环体 for循环的写法: for(var i=0;i>10;i++)        ...

  8. JSP三大指令(Page指令,include指令,taglib指令)

    参考文章: https://www.runoob.com/jsp/jsp-directives.html http://c.biancheng.net/view/1458.html https://b ...

  9. Spark核心算子

    Spark RDD: Transformation Meaning map(func) 返回一个新的分布式数据集,该数据集是通过将源的每个元素传递给函数func处理形成的. filter(func) ...

  10. POJ 1979:Red and Black

    Red and Black Time Limit: 1000MS   Memory Limit: 30000K Total Submissions: 26058   Accepted: 14139 D ...