metrics-server

https://github.com/kubernetes-sigs/metrics-server

1
2
3
# deploy 0.3.6
# 修改image为  registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6
$ kubectl apply -f ./components.yaml

dashboard

https://github.com/kubernetes/dashboard

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// 部署dashboard
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

// check
$ kubectl -n kubernetes-dashboard get pods --watch

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kubernetes-dashboard
// 创建admin账号
$ kubectl apply -f auth.yaml

// 获取token
$ kubectl -n kubernetes-dashboard describe secret \
$(kubectl -n kubernetes-dashboard get secret | \ 
grep dashboard-admin | awk '{print $1}')

// 使用admin帐号的token登录
> https://<IP>:30001

// 删除已安装的dashboard
$ kubectl delete ns kubernetes-dashboard

authentication

使用basic auth:

1
--authentication-mode=basic

access dashboard

本机访问

1
2
$ kubectl proxy
#> http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

远程访问

1
$ kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443

nodePort:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
    targetPort: 8443
    nodePort: 30001
selector:
  k8s-app: kubernetes-dashboard

#> https://<node-ip>:30001

ingress: