Kubenetes 部署 Dashboard

Kubenetes 部署 Dashboard

Kubenestes Dashboard 是提供 Kubernetes信息可视化的 Web 插件

部署

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml 

配置

修改为通过 NodePort 访问

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard 

在 ports下面添加nodePort: 32576，将 clusterIp改为NodePort

spec:   clusterIP: 10.104.3.252   externalTrafficPolicy: Cluster   ports:   - nodePort: 32576     port: 443     protocol: TCP     targetPort: 8443   selector:     k8s-app: kubernetes-dashboard   sessionAffinity: None   type: NodePort 

此时可以通过节点 IP 和端口https://192.168.0.110:32576/访问到 Dashboard(Chrome 可能会提示证书错误,无法访问,Fix)

创建 ServiceAccount

vi admin-role.yaml 

输入以下内容

kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata:   name: admin   annotations:     rbac.authorization.kubernetes.io/autoupdate: "true" roleRef:   kind: ClusterRole   name: cluster-admin   apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount   name: admin   namespace: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata:   name: admin   namespace: kubernetes-dashboard   labels:     kubernetes.io/cluster-service: "true"     addonmanager.kubernetes.io/mode: Reconcile 

kubectl apply -f admin-role.yaml 

获取 Token

执行：

kubectl -n kubernetes-dashboard  get secret|grep admin-token 

admin-token-r8b4b                        kubernetes.io/service-account-token   3      48m kubernetes-dashboard-admin-token-qlnhp   kubernetes.io/service-account-token   3      60m 

执行：

kubectl -n kubernetes-dashboard describe secret admin-token-r8b4b 

Name:         admin-token-r8b4b Namespace:    kubernetes-dashboard Labels:       <none> Annotations:  kubernetes.io/service-account.name: admin               kubernetes.io/service-account.uid: 03a2bca0-b6c0-4cde-93aa-c4a6cd70dfdb  Type:  kubernetes.io/service-account-token  Data ==== ca.crt:     1025 bytes namespace:  20 bytes token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1yOGI0YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAzYTJiY2EwLWI2YzAtNGNkZS05M2FhLWM0YTZjZDcwZGZkYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.g_dtJjhbLVfJRcdhlyYH-ekn08Dv3_Ok9oMZ7o0jU0Ri90sIhaANaprVlGK7QiKzIkz_BNT1Hw_reAseoOy7smFriKhn4a4wPMO0Ir1aJPavDdoVIEhBDHHzrukXl3mVO92WgkBkAMIo8HoVve-1pj9QVtT7hu_e8GXifyLu1v6s26lMbVouG8cPD4hzM2grRfhCt7qjioP3Gs6khtmHysu_uCBNW63HvuwzMBRS-lSr1ewWld4QnrvgqJ-IfLqAcjHjysNR26Xi9IBAswkq0E-1qSgIyduALITXx9FK9RqNBOTZ33OeDBCE-OYqmlIItDuYl4qRaksV3mccL4RVWA 

将获取到的 Token 输入到 Dashboard 的输入框中，登录即可

---

遇到的问题

1. 访问页面提示ServiceUnavailable

{   "kind": "Status",   "apiVersion": "v1",   "metadata": {    },   "status": "Failure",   "message": "no endpoints available for service \"https:kubernetes-dashboard:\"",   "reason": "ServiceUnavailable",   "code": 503 } 

查看 Dashboard Pod 的状态

kubectl get pods -n kube-system | grep dashboard kubernetes-dashboard-77fd78f978-zqbs4   0/1     ImagePullBackOff   0          115m 

查看 Pod 详细信息

kubectl -n kube-system describe pod kubernetes-dashboard-77fd78f978-zqbs4 Name:               kubernetes-dashboard-77fd78f978-zqbs4 Namespace:          kube-system Priority:           0 PriorityClassName:  <none> Node:               ubuntu/192.168.111.129 Start Time:         Tue, 16 Oct 2018 09:50:14 +0000 Labels:             k8s-app=kubernetes-dashboard                     pod-template-hash=77fd78f978 Annotations:        <none> Status:             Pending IP:                 10.32.0.4 Controlled By:      ReplicaSet/kubernetes-dashboard-77fd78f978 Containers:   kubernetes-dashboard:     Container ID:     Image:         k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0     Image ID:     Port:          8443/TCP     Host Port:     0/TCP     Args:       --auto-generate-certificates     State:          Waiting       Reason:       ImagePullBackOff     Ready:          False     Restart Count:  0     Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3     Environment:    <none>     Mounts:       /certs from kubernetes-dashboard-certs (rw)       /tmp from tmp-volume (rw)       /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-7skvp (ro) Conditions:   Type              Status   Initialized       True   Ready             False   ContainersReady   False   PodScheduled      True Volumes:   kubernetes-dashboard-certs:     Type:        Secret (a volume populated by a Secret)     SecretName:  kubernetes-dashboard-certs     Optional:    false   tmp-volume:     Type:    EmptyDir (a temporary directory that shares a pod's lifetime)     Medium:   kubernetes-dashboard-token-7skvp:     Type:        Secret (a volume populated by a Secret)     SecretName:  kubernetes-dashboard-token-7skvp     Optional:    false QoS Class:       BestEffort Node-Selectors:  <none> Tolerations:     node-role.kubernetes.io/master:NoSchedule                  node.kubernetes.io/not-ready:NoExecute for 300s                  node.kubernetes.io/unreachable:NoExecute for 300s Events:   Type     Reason   Age                     From             Message   ----     ------   ----                    ----             -------   Warning  Failed   9m17s (x458 over 119m)  kubelet, ubuntu  Error: ImagePullBackOff   Normal   BackOff  4m14s (x479 over 119m)  kubelet, ubuntu  Back-off pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0" 

最后一行可以看到在拉取镜像的时候失败了；可以先拉取镜像再启动，这里有两种解决办法：

# 1. 如果网络可以拉取到镜像，直接手动拉取即可 docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0  # 2. 如果拉取不到，尝试从其他镜像源拉取重新打标签 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 

拉取到镜像之后等待一会儿，Kubernetes 会自动创建新的 Pod；或者也可以删除 Dashboard 所有资源重新创建：

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml 

2. 重启后使用 kubectl 提示 The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?

重启Ubuntu 后，访问Dashboard timeout，通过kubectl get pods -n kube-system查看 Pod 状态，提示

The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port? 

以为是配置的问题，但是参考 https://github.com/kubernetes/kubernetes/issues/50295#issuecomment-376603921，尝试后依然无法解决；最后尝试使用kubeadm init重新创建，提示

running with swap on is not supported. Please disable swap 

因为 Swap 导致Kubenetes 没有成功启动，执行关闭 swap，重新启动后解决问题

sudo swapoff -a sudo chown $(id -u):$(id -g) $HOME/.kube/config 

来源：51CTO

作者：呜呜呜啦啦啦

链接：https://blog.csdn.net/u013360850/article/details/100635850