1.dashboard可视化界面

1.下载yaml

  1. wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
  1. # Copyright 2017 The Kubernetes Authors.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. apiVersion: v1
  15. kind: Namespace
  16. metadata:
  17. name: kubernetes-dashboard
  18. ---
  19. apiVersion: v1
  20. kind: ServiceAccount
  21. metadata:
  22. labels:
  23. k8s-app: kubernetes-dashboard
  24. name: kubernetes-dashboard
  25. namespace: kubernetes-dashboard
  26. ---
  27. kind: Service
  28. apiVersion: v1
  29. metadata:
  30. labels:
  31. k8s-app: kubernetes-dashboard
  32. name: kubernetes-dashboard
  33. namespace: kubernetes-dashboard
  34. spec:
  35. type: NodePort
  36. ports:
  37. - port: 443
  38. targetPort: 8443
  39. selector:
  40. k8s-app: kubernetes-dashboard
  41. ---
  42. apiVersion: v1
  43. kind: Secret
  44. metadata:
  45. labels:
  46. k8s-app: kubernetes-dashboard
  47. name: kubernetes-dashboard-certs
  48. namespace: kubernetes-dashboard
  49. type: Opaque
  50. ---
  51. apiVersion: v1
  52. kind: Secret
  53. metadata:
  54. labels:
  55. k8s-app: kubernetes-dashboard
  56. name: kubernetes-dashboard-csrf
  57. namespace: kubernetes-dashboard
  58. type: Opaque
  59. data:
  60. csrf: ""
  61. ---
  62. apiVersion: v1
  63. kind: Secret
  64. metadata:
  65. labels:
  66. k8s-app: kubernetes-dashboard
  67. name: kubernetes-dashboard-key-holder
  68. namespace: kubernetes-dashboard
  69. type: Opaque
  70. ---
  71. kind: ConfigMap
  72. apiVersion: v1
  73. metadata:
  74. labels:
  75. k8s-app: kubernetes-dashboard
  76. name: kubernetes-dashboard-settings
  77. namespace: kubernetes-dashboard
  78. ---
  79. kind: Role
  80. apiVersion: rbac.authorization.k8s.io/v1
  81. metadata:
  82. labels:
  83. k8s-app: kubernetes-dashboard
  84. name: kubernetes-dashboard
  85. namespace: kubernetes-dashboard
  86. rules:
  87. # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  88. - apiGroups: [""]
  89. resources: ["secrets"]
  90. resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
  91. verbs: ["get", "update", "delete"]
  92. # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  93. - apiGroups: [""]
  94. resources: ["configmaps"]
  95. resourceNames: ["kubernetes-dashboard-settings"]
  96. verbs: ["get", "update"]
  97. # Allow Dashboard to get metrics.
  98. - apiGroups: [""]
  99. resources: ["services"]
  100. resourceNames: ["heapster", "dashboard-metrics-scraper"]
  101. verbs: ["proxy"]
  102. - apiGroups: [""]
  103. resources: ["services/proxy"]
  104. resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
  105. verbs: ["get"]
  106. ---
  107. kind: ClusterRole
  108. apiVersion: rbac.authorization.k8s.io/v1
  109. metadata:
  110. labels:
  111. k8s-app: kubernetes-dashboard
  112. name: kubernetes-dashboard
  113. rules:
  114. # Allow Metrics Scraper to get metrics from the Metrics server
  115. - apiGroups: ["metrics.k8s.io"]
  116. resources: ["pods", "nodes"]
  117. verbs: ["get", "list", "watch"]
  118. ---
  119. apiVersion: rbac.authorization.k8s.io/v1
  120. kind: RoleBinding
  121. metadata:
  122. labels:
  123. k8s-app: kubernetes-dashboard
  124. name: kubernetes-dashboard
  125. namespace: kubernetes-dashboard
  126. roleRef:
  127. apiGroup: rbac.authorization.k8s.io
  128. kind: Role
  129. name: kubernetes-dashboard
  130. subjects:
  131. - kind: ServiceAccount
  132. name: kubernetes-dashboard
  133. namespace: kubernetes-dashboard
  134. ---
  135. apiVersion: rbac.authorization.k8s.io/v1
  136. kind: ClusterRoleBinding
  137. metadata:
  138. name: kubernetes-dashboard
  139. roleRef:
  140. apiGroup: rbac.authorization.k8s.io
  141. kind: ClusterRole
  142. name: kubernetes-dashboard
  143. subjects:
  144. - kind: ServiceAccount
  145. name: kubernetes-dashboard
  146. namespace: kubernetes-dashboard
  147. ---
  148. kind: Deployment
  149. apiVersion: apps/v1
  150. metadata:
  151. labels:
  152. k8s-app: kubernetes-dashboard
  153. name: kubernetes-dashboard
  154. namespace: kubernetes-dashboard
  155. spec:
  156. replicas: 1
  157. revisionHistoryLimit: 10
  158. selector:
  159. matchLabels:
  160. k8s-app: kubernetes-dashboard
  161. template:
  162. metadata:
  163. labels:
  164. k8s-app: kubernetes-dashboard
  165. spec:
  166. containers:
  167. - name: kubernetes-dashboard
  168. image: kubernetesui/dashboard:v2.2.0
  169. imagePullPolicy: Always
  170. ports:
  171. - containerPort: 8443
  172. protocol: TCP
  173. args:
  174. - --auto-generate-certificates
  175. - --namespace=kubernetes-dashboard
  176. # Uncomment the following line to manually specify Kubernetes API server Host
  177. # If not specified, Dashboard will attempt to auto discover the API server and connect
  178. # to it. Uncomment only if the default does not work.
  179. # - --apiserver-host=http://my-address:port
  180. volumeMounts:
  181. - name: kubernetes-dashboard-certs
  182. mountPath: /certs
  183. # Create on-disk volume to store exec logs
  184. - mountPath: /tmp
  185. name: tmp-volume
  186. livenessProbe:
  187. httpGet:
  188. scheme: HTTPS
  189. path: /
  190. port: 8443
  191. initialDelaySeconds: 30
  192. timeoutSeconds: 30
  193. securityContext:
  194. allowPrivilegeEscalation: false
  195. readOnlyRootFilesystem: true
  196. runAsUser: 1001
  197. runAsGroup: 2001
  198. volumes:
  199. - name: kubernetes-dashboard-certs
  200. secret:
  201. secretName: kubernetes-dashboard-certs
  202. - name: tmp-volume
  203. emptyDir: {}
  204. serviceAccountName: kubernetes-dashboard
  205. nodeSelector:
  206. "kubernetes.io/os": linux
  207. # Comment the following tolerations if Dashboard must not be deployed on master
  208. tolerations:
  209. - key: node-role.kubernetes.io/master
  210. effect: NoSchedule
  211. ---
  212. kind: Service
  213. apiVersion: v1
  214. metadata:
  215. labels:
  216. k8s-app: dashboard-metrics-scraper
  217. name: dashboard-metrics-scraper
  218. namespace: kubernetes-dashboard
  219. spec:
  220. ports:
  221. - port: 8000
  222. targetPort: 8000
  223. selector:
  224. k8s-app: dashboard-metrics-scraper
  225. ---
  226. kind: Deployment
  227. apiVersion: apps/v1
  228. metadata:
  229. labels:
  230. k8s-app: dashboard-metrics-scraper
  231. name: dashboard-metrics-scraper
  232. namespace: kubernetes-dashboard
  233. spec:
  234. replicas: 1
  235. revisionHistoryLimit: 10
  236. selector:
  237. matchLabels:
  238. k8s-app: dashboard-metrics-scraper
  239. template:
  240. metadata:
  241. labels:
  242. k8s-app: dashboard-metrics-scraper
  243. annotations:
  244. seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
  245. spec:
  246. containers:
  247. - name: dashboard-metrics-scraper
  248. image: kubernetesui/metrics-scraper:v1.0.6
  249. ports:
  250. - containerPort: 8000
  251. protocol: TCP
  252. livenessProbe:
  253. httpGet:
  254. scheme: HTTP
  255. path: /
  256. port: 8000
  257. initialDelaySeconds: 30
  258. timeoutSeconds: 30
  259. volumeMounts:
  260. - mountPath: /tmp
  261. name: tmp-volume
  262. securityContext:
  263. allowPrivilegeEscalation: false
  264. readOnlyRootFilesystem: true
  265. runAsUser: 1001
  266. runAsGroup: 2001
  267. serviceAccountName: kubernetes-dashboard
  268. nodeSelector:
  269. "kubernetes.io/os": linux
  270. # Comment the following tolerations if Dashboard must not be deployed on master
  271. tolerations:
  272. - key: node-role.kubernetes.io/master
  273. effect: NoSchedule
  274. volumes:
  275. - name: tmp-volume
  276. emptyDir: {}

2.修改service类型
image.png
3.执行yaml
kubectl apply -f recommended.yaml

2.metrics-server监控服务安装

1.metrics-server.yaml

  1. ---
  2. apiVersion: rbac.authorization.k8s.io/v1
  3. kind: ClusterRole
  4. metadata:
  5. name: system:aggregated-metrics-reader
  6. labels:
  7. rbac.authorization.k8s.io/aggregate-to-view: "true"
  8. rbac.authorization.k8s.io/aggregate-to-edit: "true"
  9. rbac.authorization.k8s.io/aggregate-to-admin: "true"
  10. rules:
  11. - apiGroups: ["metrics.k8s.io"]
  12. resources: ["pods", "nodes"]
  13. verbs: ["get", "list", "watch"]
  14. ---
  15. apiVersion: rbac.authorization.k8s.io/v1
  16. kind: ClusterRoleBinding
  17. metadata:
  18. name: metrics-server:system:auth-delegator
  19. roleRef:
  20. apiGroup: rbac.authorization.k8s.io
  21. kind: ClusterRole
  22. name: system:auth-delegator
  23. subjects:
  24. - kind: ServiceAccount
  25. name: metrics-server
  26. namespace: kube-system
  27. ---
  28. apiVersion: rbac.authorization.k8s.io/v1
  29. kind: RoleBinding
  30. metadata:
  31. name: metrics-server-auth-reader
  32. namespace: kube-system
  33. roleRef:
  34. apiGroup: rbac.authorization.k8s.io
  35. kind: Role
  36. name: extension-apiserver-authentication-reader
  37. subjects:
  38. - kind: ServiceAccount
  39. name: metrics-server
  40. namespace: kube-system
  41. ---
  42. apiVersion: apiregistration.k8s.io/v1beta1
  43. kind: APIService
  44. metadata:
  45. name: v1beta1.metrics.k8s.io
  46. spec:
  47. service:
  48. name: metrics-server
  49. namespace: kube-system
  50. group: metrics.k8s.io
  51. version: v1beta1
  52. insecureSkipTLSVerify: true
  53. groupPriorityMinimum: 100
  54. versionPriority: 100
  55. ---
  56. apiVersion: v1
  57. kind: ServiceAccount
  58. metadata:
  59. name: metrics-server
  60. namespace: kube-system
  61. ---
  62. apiVersion: apps/v1
  63. kind: Deployment
  64. metadata:
  65. name: metrics-server
  66. namespace: kube-system
  67. labels:
  68. k8s-app: metrics-server
  69. spec:
  70. selector:
  71. matchLabels:
  72. k8s-app: metrics-server
  73. template:
  74. metadata:
  75. name: metrics-server
  76. labels:
  77. k8s-app: metrics-server
  78. spec:
  79. serviceAccountName: metrics-server
  80. volumes:
  81. # mount in tmp so we can safely use from-scratch images and/or read-only containers
  82. - name: tmp-dir
  83. emptyDir: {}
  84. containers:
  85. - name: metrics-server
  86. image: lizhenliang/metrics-server:v0.3.7
  87. imagePullPolicy: IfNotPresent
  88. args:
  89. - --cert-dir=/tmp
  90. - --secure-port=4443
  91. - --kubelet-insecure-tls
  92. - --kubelet-preferred-address-types=InternalIP
  93. ports:
  94. - name: main-port
  95. containerPort: 4443
  96. protocol: TCP
  97. securityContext:
  98. readOnlyRootFilesystem: true
  99. runAsNonRoot: true
  100. runAsUser: 1000
  101. volumeMounts:
  102. - name: tmp-dir
  103. mountPath: /tmp
  104. nodeSelector:
  105. kubernetes.io/os: linux
  106. kubernetes.io/arch: "amd64"
  107. ---
  108. apiVersion: v1
  109. kind: Service
  110. metadata:
  111. name: metrics-server
  112. namespace: kube-system
  113. labels:
  114. kubernetes.io/name: "Metrics-server"
  115. kubernetes.io/cluster-service: "true"
  116. spec:
  117. selector:
  118. k8s-app: metrics-server
  119. ports:
  120. - port: 443
  121. protocol: TCP
  122. targetPort: main-port
  123. ---
  124. apiVersion: rbac.authorization.k8s.io/v1
  125. kind: ClusterRole
  126. metadata:
  127. name: system:metrics-server
  128. rules:
  129. - apiGroups:
  130. - ""
  131. resources:
  132. - pods
  133. - nodes
  134. - nodes/stats
  135. - namespaces
  136. - configmaps
  137. verbs:
  138. - get
  139. - list
  140. - watch
  141. ---
  142. apiVersion: rbac.authorization.k8s.io/v1
  143. kind: ClusterRoleBinding
  144. metadata:
  145. name: system:metrics-server
  146. roleRef:
  147. apiGroup: rbac.authorization.k8s.io
  148. kind: ClusterRole
  149. name: system:metrics-server
  150. subjects:
  151. - kind: ServiceAccount
  152. name: metrics-server
  153. namespace: kube-system

2.执行yaml
kubectl apply -f metrics-server.yaml
3.查看指标
kubectl top node
kubectl top pod
image.png

3.kubectl命令补全

yum -y install bash-completion
bash
source <(kubectl completion bash)