部署web UI(dashboard)用于监控node资源

参见文档:https://blog.csdn.net/networken/article/details/85607593

官网:https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

github:https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

都可以去参考这些资料。

需要这个kubernetes-dashboard.yaml文件,直接去官网下载即可

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml

创建好了,需要token秘钥,

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')



[root@master newUI]# cat kubernetes-dashboard.yaml

# Copyright 2017 The Kubernetes Authors.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------- Dashboard Secret ------------------- #

apiVersion: v1

kind: Secret

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard-certs

  namespace: kube-system

type: Opaque

---

# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1

kind: ServiceAccount

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

rules:

  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.

- apiGroups: [""]

  resources: ["secrets"]

  verbs: ["create"]

  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  verbs: ["create", "list"]

  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.

- apiGroups: [""]

  resources: ["secrets"]

  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]

  verbs: ["get", "update", "delete"]

  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.

- apiGroups: [""]

  resources: ["configmaps"]

  resourceNames: ["kubernetes-dashboard-settings"]

  verbs: ["get", "update"]

  # Allow Dashboard to get metrics from heapster.

- apiGroups: [""]

  resources: ["services"]

  resourceNames: ["heapster"]

  verbs: ["proxy"]

- apiGroups: [""]

  resources: ["services/proxy"]

  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]

  verbs: ["get"]

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: kubernetes-dashboard-minimal

  namespace: kube-system

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: Role

  name: kubernetes-dashboard-minimal

subjects:

- kind: ServiceAccount

  name: kubernetes-dashboard

  namespace: kube-system

---

# ------------------- Dashboard Deployment ------------------- #

kind: Deployment

apiVersion: apps/v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  replicas: 1

  revisionHistoryLimit: 10

  selector:

    matchLabels:

      k8s-app: kubernetes-dashboard

  template:

    metadata:

      labels:

        k8s-app: kubernetes-dashboard

    spec:

      containers:

      - name: kubernetes-dashboard

        image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1

        ports:

        - containerPort: 8443

          protocol: TCP

        args:

          - --auto-generate-certificates

          # Uncomment the following line to manually specify Kubernetes API server Host

          # If not specified, Dashboard will attempt to auto discover the API server and connect

          # to it. Uncomment only if the default does not work.

          # - --apiserver-host=http://my-address:port

        volumeMounts:

        - name: kubernetes-dashboard-certs

          mountPath: /certs

          # Create on-disk volume to store exec logs

        - mountPath: /tmp

          name: tmp-volume

        livenessProbe:

          httpGet:

            scheme: HTTPS

            path: /

            port: 8443

          initialDelaySeconds: 30

          timeoutSeconds: 30

      volumes:

      - name: kubernetes-dashboard-certs

        secret:

          secretName: kubernetes-dashboard-certs

      - name: tmp-volume

        emptyDir: {}

      serviceAccountName: kubernetes-dashboard

      # Comment the following tolerations if Dashboard must not be deployed on master

      tolerations:

      - key: node-role.kubernetes.io/master

        effect: NoSchedule

---

# ------------------- Dashboard Service ------------------- #

kind: Service

apiVersion: v1

metadata:

  labels:

    k8s-app: kubernetes-dashboard

  name: kubernetes-dashboard

  namespace: kube-system

spec:

  type: NodePort   # 这里修改为NodePort,就可以去外部访问了

  ports:

    - port: 443

      targetPort: 8443

  selector:

    k8s-app: kubernetes-dashboard

如果在这过程中出现无法登陆的情况:

# 查看secret

kubectl get secret -n kube-system

# 查看token

kubectl describe secret -n kube-system admin-user-token-8ph9w

最终结果:

部署Dashboard,监控应用的更多相关文章

  1. 基于k8s集群部署prometheus监控etcd

    目录 基于k8s集群部署prometheus监控etcd 1.背景和环境概述 2.修改prometheus配置 3.检查是否生效 4.配置grafana图形 基于k8s集群部署prometheus监控 ...

  2. CentOS 6.5安装部署Zabbix监控系统

    CentOS 6.5安装部署Zabbix监控系统 先说一点废话,我没有用centos7做实验,讲真,centos 7我也不常用,喜欢新版本的同学其实可以尝试下,注意一点的就是centos 6.5只支持 ...

  3. kubernetes1.9中部署dashboard

    在1.9k8s中 dashboard可以有两种访问方式 kubeconfig(HTTPS)和token(http) 2018-03-18 一.基于token的访问1.下载官方的dashboardwge ...

  4. prometheus + grafana部署RabbitMQ监控

    prometheus + grafana部署RabbitMQ监控 1.grafana导入dashboards https://grafana.com/dashboards/2121   2.expor ...

  5. linux基础 -nginx和nfs代理 开发脚本自动部署及监控

    开发脚本自动部署及监控 1.编写脚本自动部署反向代理.web.nfs: (1).部署nginx反向代理三个web服务,调度算法使用加权轮询:  (2).所有web服务使用共享存储nfs,保证所有web ...

  6. Redis高可用部署及监控

    Redis高可用部署及监控 目录                        一.Redis Sentinel简介 二.硬件需求 三.拓扑结构 .单M-S结构 .双M-S结构 .优劣对比 四.配置部 ...

  7. Spring Cloud学习笔记【五】Hystrix Dashboard监控面板

    ystrix除了隔离依赖服务的调用以外,Hystrix 还提供了准实时的调用监控(Hystrix Dashboard),Hystrix 会持续地记录所有通过 Hystrix 发起的请求的执行信息,并以 ...

  8. 基于k8s集群部署prometheus监控ingress nginx

    目录 基于k8s集群部署prometheus监控ingress nginx 1.背景和环境概述 2.修改prometheus配置 3.检查是否生效 4.配置grafana图形 基于k8s集群部署pro ...

  9. springcloud断路器Dashboard监控仪表盘的使用

    断路器Dashboard监控仪表盘的使用 在原有的orderserverfeignhystrix服务中使用 1.增加依赖仓库              <dependency> <g ...

  10. 部署zabbix监控平台(源码安装)

    案例:部署Zabbix监控平台 1 问题 本案例要求部署一台Zabbix监控服务器,一台被监控主机,为进一步执行具体的监控任务做准备: 安装LNMP环境 源码安装Zabbix 安装监控端主机,修改基本 ...

随机推荐

  1. Python中列表操作进阶及元组

    列表高级操作 一.遍历列表 >>> ls=['a','d','it'] >>> for val in ls: ... print (val) ... a d it ...

  2. [转]html中meta作用

    meta是html语言head区的一个辅助性标签.几乎所有的网页里,我们可以看到类似下面这段的html代码:  <head>  <meta http-equiv="cont ...

  3. 自定义ViewPager+RadioGroup联动效果的实现

    package com.loaderman.myviewpager; import android.os.Bundle; import android.support.v7.app.AppCompat ...

  4. spring整合mybatis(代理的方式)【我】

    创建项目等同上一篇非代理方式随笔,只说不一样的部分: 项目结构主要是多了下面红框部分: 配置文件: 主要是dao配置文件中多了Mapper代理java类的扫描包路径: applicationConte ...

  5. 阶段3 3.SpringMVC·_06.异常处理及拦截器_4 SpringMVC拦截器之介绍和搭建环境

    拦截器可以有多个 搭建环境 不用改,直接finish 复制原来项目的 依赖的包也复制过来 web.xml配置前端控制器 springmvc的配置文件 先创建对应的文件夹 分别创建java和resour ...

  6. pyqt5的QListWidget中设置右键菜单

    QListWidget 是继承 QWidget 的, 所以 QListWidget 是有右键菜单的, 从文档上可以找到 QWidget 上有以下两个与右键菜单有关的函数: Qt.ContextMenu ...

  7. Jmeter实现WebSocket协议的接口

    1.下载websocket插件的jar包 网盘链接:https://pan.baidu.com/s/1FDcTHdQcDo6izgROMgB96w 密码:uags 该包下载完成后直接放在jmeter的 ...

  8. GitLab 架构

    GitLab 架构官方文档 GitLab 中文文档 版本 一般使用的是社区版(Community Edition,CE),此外还有企业版(Enterprise Edition,EE)可以使用. EE ...

  9. Opencv实现的陷波滤波器

    在本示例中,共设计了三个函数,分别是巴特沃斯滤波器BLPF().巴特沃斯陷波滤波器notchFilter_BTW().高斯陷波滤波器notchFilter_GAUSS() 巴特沃斯陷波滤波器参见书上6 ...

  10. CTF—攻防练习之HTTP—目录遍历

    主机:192.168.32.152 靶机:192.168.32.163 目录遍历攻击又称(目录爬升,目录回溯,点-点斜线),指再访问存储在web根文件之夹外的文件和目录,通过操控带有"点-斜 ...