Kubernetes 部署 Dashboard

Kubernetes 部署 Dashboard

KubernetesDashboard 是提供 Kubernetes信息可視化的 Web 插件

部署

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

配置

修改爲通過 NodePort 訪問

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

在 ports下面添加nodePort: 32576，將 clusterIp改爲NodePort

spec:
  clusterIP: 10.104.3.252
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32576
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort

此時可以通過節點 IP 和端口https://192.168.0.110:32576/訪問到 Dashboard(Chrome 可能會提示證書錯誤,無法訪問,Fix)

創建 ServiceAccount

vi admin-role.yaml

輸入以下內容

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kubernetes-dashboard
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

kubectl apply -f admin-role.yaml

獲取 Token

執行：

kubectl -n kubernetes-dashboard  get secret|grep admin-token

admin-token-r8b4b                        kubernetes.io/service-account-token   3      48m
kubernetes-dashboard-admin-token-qlnhp   kubernetes.io/service-account-token   3      60m

執行：

kubectl -n kubernetes-dashboard describe secret admin-token-r8b4b

Name:         admin-token-r8b4b
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 03a2bca0-b6c0-4cde-93aa-c4a6cd70dfdb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1yOGI0YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAzYTJiY2EwLWI2YzAtNGNkZS05M2FhLWM0YTZjZDcwZGZkYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.g_dtJjhbLVfJRcdhlyYH-ekn08Dv3_Ok9oMZ7o0jU0Ri90sIhaANaprVlGK7QiKzIkz_BNT1Hw_reAseoOy7smFriKhn4a4wPMO0Ir1aJPavDdoVIEhBDHHzrukXl3mVO92WgkBkAMIo8HoVve-1pj9QVtT7hu_e8GXifyLu1v6s26lMbVouG8cPD4hzM2grRfhCt7qjioP3Gs6khtmHysu_uCBNW63HvuwzMBRS-lSr1ewWld4QnrvgqJ-IfLqAcjHjysNR26Xi9IBAswkq0E-1qSgIyduALITXx9FK9RqNBOTZ33OeDBCE-OYqmlIItDuYl4qRaksV3mccL4RVWA

將獲取到的 Token 輸入到 Dashboard 的輸入框中，登錄即可

---

遇到的問題

1. 訪問頁面提示ServiceUnavailable

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "no endpoints available for service \"https:kubernetes-dashboard:\"",
  "reason": "ServiceUnavailable",
  "code": 503
}

查看 Dashboard Pod 的狀態

kubectl get pods -n kube-system | grep dashboard
kubernetes-dashboard-77fd78f978-zqbs4   0/1     ImagePullBackOff   0          115m

查看 Pod 詳細信息

kubectl -n kube-system describe pod kubernetes-dashboard-77fd78f978-zqbs4
Name:               kubernetes-dashboard-77fd78f978-zqbs4
Namespace:          kube-system
Priority:           0
PriorityClassName:  <none>
Node:               ubuntu/192.168.111.129
Start Time:         Tue, 16 Oct 2018 09:50:14 +0000
Labels:             k8s-app=kubernetes-dashboard
                    pod-template-hash=77fd78f978
Annotations:        <none>
Status:             Pending
IP:                 10.32.0.4
Controlled By:      ReplicaSet/kubernetes-dashboard-77fd78f978
Containers:
  kubernetes-dashboard:
    Container ID:
    Image:         k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
    Image ID:
    Port:          8443/TCP
    Host Port:     0/TCP
    Args:
      --auto-generate-certificates
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /certs from kubernetes-dashboard-certs (rw)
      /tmp from tmp-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-7skvp (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kubernetes-dashboard-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-certs
    Optional:    false
  tmp-volume:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  kubernetes-dashboard-token-7skvp:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-token-7skvp
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason   Age                     From             Message
  ----     ------   ----                    ----             -------
  Warning  Failed   9m17s (x458 over 119m)  kubelet, ubuntu  Error: ImagePullBackOff
  Normal   BackOff  4m14s (x479 over 119m)  kubelet, ubuntu  Back-off pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"

最後一行可以看到在拉取鏡像的時候失敗了；可以先拉取鏡像再啓動，這裏有兩種解決辦法：

# 1. 如果網絡可以拉取到鏡像，直接手動拉取即可
docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0

# 2. 如果拉取不到，嘗試從其他鏡像源拉取重新打標籤
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0

拉取到鏡像之後等待一會兒，Kubernetes 會自動創建新的 Pod；或者也可以刪除 Dashboard 所有資源重新創建：

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

2. 重啓後使用 kubectl 提示 The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?

重啓Ubuntu 後，訪問Dashboard timeout，通過kubectl get pods -n kube-system查看 Pod 狀態，提示

The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?

以爲是配置的問題，但是參考 https://github.com/kubernetes/kubernetes/issues/50295#issuecomment-376603921，嘗試後依然無法解決；最後嘗試使用kubeadm init重新創建，提示

running with swap on is not supported. Please disable swap

因爲 Swap 導致Kubenetes 沒有成功啓動，執行關閉 swap，重新啓動後解決問題

sudo swapoff -a
sudo chown $(id -u):$(id -g) $HOME/.kube/config