Kubenetes 部署 Dashboard

September 8, 2019 · 483 words · 3 min

Kubenetes 部署 Dashboard

Kubenestes Dashboard 是提供 Kubernetes信息可视化的 Web 插件

部署

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

配置

修改为通过 NodePort 访问

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

在 ports下面添加nodePort: 32576，将 clusterIp改为NodePort

spec:
  clusterIP: 10.104.3.252
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32576
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort

此时可以通过节点 IP 和端口https://192.168.0.110:32576/访问到 Dashboard(Chrome 可能会提示证书错误,无法访问,Fix)

Dashboard

创建 ServiceAccount

vi admin-role.yaml

输入以下内容

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kubernetes-dashboard
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

kubectl apply -f admin-role.yaml

获取 Token

执行：

kubectl -n kubernetes-dashboard  get secret|grep admin-token

admin-token-r8b4b                        kubernetes.io/service-account-token   3      48m
kubernetes-dashboard-admin-token-qlnhp   kubernetes.io/service-account-token   3      60m

执行：

kubectl -n kubernetes-dashboard describe secret admin-token-r8b4b

Name:         admin-token-r8b4b
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 03a2bca0-b6c0-4cde-93aa-c4a6cd70dfdb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1yOGI0YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAzYTJiY2EwLWI2YzAtNGNkZS05M2FhLWM0YTZjZDcwZGZkYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.g_dtJjhbLVfJRcdhlyYH-ekn08Dv3_Ok9oMZ7o0jU0Ri90sIhaANaprVlGK7QiKzIkz_BNT1Hw_reAseoOy7smFriKhn4a4wPMO0Ir1aJPavDdoVIEhBDHHzrukXl3mVO92WgkBkAMIo8HoVve-1pj9QVtT7hu_e8GXifyLu1v6s26lMbVouG8cPD4hzM2grRfhCt7qjioP3Gs6khtmHysu_uCBNW63HvuwzMBRS-lSr1ewWld4QnrvgqJ-IfLqAcjHjysNR26Xi9IBAswkq0E-1qSgIyduALITXx9FK9RqNBOTZ33OeDBCE-OYqmlIItDuYl4qRaksV3mccL4RVWA

将获取到的 Token 输入到 Dashboard 的输入框中，登录即可

DashboardAfterLogin

遇到的问题

1. 访问页面提示ServiceUnavailable

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "no endpoints available for service \"https:kubernetes-dashboard:\"",
  "reason": "ServiceUnavailable",
  "code": 503
}

查看 Dashboard Pod 的状态

kubectl get pods -n kube-system | grep dashboard
kubernetes-dashboard-77fd78f978-zqbs4   0/1     ImagePullBackOff   0          115m

查看 Pod 详细信息

kubectl -n kube-system describe pod kubernetes-dashboard-77fd78f978-zqbs4
Name:               kubernetes-dashboard-77fd78f978-zqbs4
Namespace:          kube-system
Priority:           0
PriorityClassName:  <none>
Node:               ubuntu/192.168.111.129
Start Time:         Tue, 16 Oct 2018 09:50:14 +0000
Labels:             k8s-app=kubernetes-dashboard
                    pod-template-hash=77fd78f978
Annotations:        <none>
Status:             Pending
IP:                 10.32.0.4
Controlled By:      ReplicaSet/kubernetes-dashboard-77fd78f978
Containers:
  kubernetes-dashboard:
    Container ID:
    Image:         k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
    Image ID:
    Port:          8443/TCP
    Host Port:     0/TCP
    Args:
      --auto-generate-certificates
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /certs from kubernetes-dashboard-certs (rw)
      /tmp from tmp-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-7skvp (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kubernetes-dashboard-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-certs
    Optional:    false
  tmp-volume:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  kubernetes-dashboard-token-7skvp:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-token-7skvp
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason   Age                     From             Message
  ----     ------   ----                    ----             -------
  Warning  Failed   9m17s (x458 over 119m)  kubelet, ubuntu  Error: ImagePullBackOff
  Normal   BackOff  4m14s (x479 over 119m)  kubelet, ubuntu  Back-off pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"

最后一行可以看到在拉取镜像的时候失败了；可以先拉取镜像再启动，这里有两种解决办法：

# 1. 如果网络可以拉取到镜像，直接手动拉取即可
docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0

# 2. 如果拉取不到，尝试从其他镜像源拉取重新打标签
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0

拉取到镜像之后等待一会儿，Kubernetes 会自动创建新的 Pod；或者也可以删除 Dashboard 所有资源重新创建：

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

2. 重启后使用 kubectl 提示 `The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?`

重启Ubuntu 后，访问Dashboard timeout，通过kubectl get pods -n kube-system查看 Pod 状态，提示

The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?

以为是配置的问题，但是参考 https://github.com/kubernetes/kubernetes/issues/50295#issuecomment-376603921，尝试后依然无法解决；最后尝试使用kubeadm init重新创建，提示

running with swap on is not supported. Please disable swap

因为 Swap 导致Kubenetes 没有成功启动，执行关闭 swap，重新启动后解决问题

sudo swapoff -a
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Go 调用 Windows 的系统 API，检测是否锁屏 Spring Cloud 使用 Kubernetes 作为配置中心 - 使用加密配置

Kubenetes 部署 Dashboard

部署

配置

修改为通过 NodePort 访问

创建 ServiceAccount

获取 Token

遇到的问题

1. 访问页面提示ServiceUnavailable

2. 重启后使用 kubectl 提示 The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?

2. 重启后使用 kubectl 提示 `The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?`