k8s install dashboard

安装kubernetes-dashboard 2.0版本（kubernetes的web ui界面）

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/luckylucky421/kubernetes1.17.3/master/kubernetes-dashboard.yaml

https://raw.githubusercontent.com/luckylucky421/kubernetes1.17.3/master/kubernetes-dashboard.yaml

[root@master ~]# kubectl get svc -n kubernetes-dashboard

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

dashboard-metrics-scraper ClusterIP 10.1.34.2318000/TCP 69s

kubernetes-dashboard ClusterIP 10.1.209.213443/TCP 69s

修改service type类型变成NodePort：

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

把 type: ClusterIP变成 type: NodePort，保存退出即可

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

上面可看到service类型是NodePort，访问master1节点ip:32594端口即可访问kubernetes dashboard，我的环境需要输入如下地址

kubectl get pods -A -o wide

kubectl get pod -A|grep kubernetes-dashboard

kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-g66ht 0/1 ContainerCreating 0 27m

kubernetes-dashboard kubernetes-dashboard-7b544877d5-h4cfm 0/1 ContainerCreating 0 27m

kubectl logs -f -n kubernetes-dashboard kubernetes-dashboard-7b544877d5-h4cfm

Error from server: Get https://192.168.2.102:10250/containerLogs/kubernetes-dashboard/kubernetes-dashboard-7b544877d5-h4cfm/kubernetes-dashboard?follow=true: dial tcp 192.168.2.102:10250: connect: no route to host

Slave1，slave2 关掉防火墙

kubectl delete deployment kubernetes-dashboard –namespace kubernetes-dashboard

kubectl delete deployment dashboard-metrics-scraper –namespace kubernetes-dashboard

创建dashboard管理员

创建dashboard-admin.yaml文件。

1 vim dashboard-admin.yaml

文件的内容如下所示。

apiVersion: v1

kind: ServiceAccount

metadata:

 labels:

  k8s-app: kubernetes-dashboard

 name: dashboard-admin

 namespace: kubernetes-dashboard

保存退出后执行如下命令创建管理员。

kubectl create -f ./dashboard-admin.yaml

为用户分配权限

创建dashboard-admin-bind-cluster-role.yaml文件。

vim dashboard-admin-bind-cluster-role.yaml

文件内容如下所示。

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: dashboard-admin-bind-cluster-role
 labels:
  k8s-app: kubernetes-dashboard
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: cluster-admin
subjects:
\- kind: ServiceAccount
 name: dashboard-admin
 namespace: kubernetes-dashboard

保存退出后执行如下命令为用户分配权限。

kubectl create -f ./dashboard-admin-bind-cluster-role.yaml

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk ‘{print $1}’)

没图表数据

据官方说明在Master上执行安装：

cd ~

mkdir metrics-server

cd metrics-server

wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml

wget https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml

vi components.yaml

template: 

metadata:

  name: metrics-server 

labels: k8s-app: metrics-server

 spec: 

serviceAccountName: metrics-server 

volumes: 

\# mount in tmp so we can safely use from-scratch images and/or read-only containers 

- name: tmp-dir 

emptyDir: {} 

containers:

 - name: metrics-server 

image: k8s.gcr.io/metrics-server-amd64:v0.3.6 

imagePullPolicy: IfNotPresent 

args: 

 --cert-dir=/tmp 

 --secure-port=4443 

  --kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname #add

 --kubelet-insecure-tls #添加 

ports:

- name: main-port 

containerPort: 4443

 

 

#修改 Kubernetes apiserver 启动参数

vi /etc/kubernetes/manifests/kube-apiserver.yaml

#在kube-apiserver项中添加如下配置选项 修改后apiserver会自动重启

–enable-aggregator-routing=true

#安装 kubectl create -f components.yaml

#1-2分钟后查看结果

kubectl top nodes

一波三折啊：

kubectl logs -f -n kubernetes-dashboard dashboard-metrics-scraper-6b4884c9d5-mq9h9

dashboard

{“level”:”error”,”msg”:”Error scraping node metrics: the server is currently unable to handle the request (get nodes.metrics.k8s.io)”,”time”:”2023-12-27T14:35:59Z”}

emptyDir: {}

containers:

- name: metrics-server

​ #image: k8s.gcr.io/metrics-server-amd64:v0.3.6

​ image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.1

​ imagePullPolicy: IfNotPresent

​ args:

​ - –cert-dir=/tmp

​ - –secure-port=4443

​ - –kubelet-preferred-address-types=InternalDNS,InternalIP,ExternalDNS,ExternalIP,Hostname #add

​ #- –kubelet-preferred-address-types=InternalIP #add

​ - –kubelet-insecure-tls #添加

原来的#image: k8s.gcr.io/metrics-server-amd64:v0.3.6

镜像pull不到，修改一下镜像：

    - name: metrics-server
#image: k8s.gcr.io/metrics-server-amd64:v0.3.6
image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.1
imagePullPolicy: IfNotPresent

图表还是没出来：

kubectl top node

error: metrics not available yet

kubectl logs -f -nkube-system metrics-server-5b66d98b7-hjqh9

Vim components.yaml 添加 - nodes/metrics；

metadata:
  name: system:metrics-server
rules:

 - apiGroups:

 - ""
resources:

 - pods

 - nodes

 - nodes/stats

 - nodes/metrics

 - namespaces

 - configmaps
verbs:

 - get

 - list

 - watch

kubectl top nodes

NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%

master 105m 5% 1283Mi 35%

slave1 52m 2% 1270Mi 47%

slave2 35m 1% 1346Mi 50%

kubectl describe pod metrics-server-5b66d98b7-szl8j -n kube-system

几个插件下载地址：

Fannel：

https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Dashboard：

https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

metrics-server：

https://github.com/kubernetes-sigs/metrics

-server/releases/download/v0.3.6/components.yaml

kubeadm reset,Init以后重新来过一遍发现好多报错：问题：

dashboard remote 10.1.71.12:56041 error: tls: unknown certificate

证书问题导致：

export KUBECONFIG=/etc/kubernetes/admin.conf

kubectl delete -f kubernetes-dashboard.yaml

kubectl apply -f kubernetes-dashboard.yaml

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

自建证书：

openssl genrsa -out dashboard.key 2048

通过nodepod访问可以写node节点IP，通过apiserver访问写master的ip

openssl req -new -out dashboard.crs -key dashboard.key -subj ‘/CN=192.168.2.101’

openssl x509 -req -in dashboard.crs -signkey dashboard.key -out dashboard.crt

删除原有旧的证书

kubectl delete secret kubernetes-dashboard-certs -n kubernets-dashboard

创建新的证书：

kubectl create secret generic kubernetes-dashboard-certs –from-file=dashboard.key –from-file=dashboard.crt -n kubernetes-dashboard

修改dashboard.yml args修改添加- –tls：

containers:
     - name: kubernetes-dashboard
       image: kubernetesui/dashboard:v2.0.0-beta8
       imagePullPolicy: IfNotPresent
       ports:
         - containerPort: 8443
           protocol: TCP
       args:
         - --auto-generate-certificates
         - --tls-key-file=dashboard.key
         - --tls-cert-file=dashboard.crt
         - --namespace=kubernetes-dashboard

kubectl get svc -n kubernetes-dashboard
重启pod：
kubectl delete pod kubernetes-dashboard-5f98bdb684-n2z7x -n kubernetes-dashboard