kubernetes网页管理搭建

一、dashboard简介

dashboard是商业智能仪表盘（business intelligence dashboard，BI dashboard）的简称，它是一般商业智能都拥有的实现数据可视化的模块，是向企业展示度量信息和关键业务指标（KPI）现状的数据虚拟化工具。
dashboard在一个简单屏幕上联合并整理数字、公制和绩效记分卡。它们调整适应特定角色并展示为单一视角或部门指定的度量。dashboard关键的特征是从多种数据源获取实时数据，并且是定制化的交互式界面。dashboard以丰富的，可交互的可视化界面为数据提供更好的使用体验。

二、kubernetes网页可视化搭建.

【1】创建dashboard目录，下载dashboard的yaml文件

[root@master ~]# cd k8s/
[root@master k8s]# mkdir dashboard
//拷贝官方的文件
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard

[root@master dashboard]# ls         //可以从码云快速下载
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml  k8s-admin.yaml

【2】创建dashboard中的rbac、secret、controller、configmap、service组件

[root@master dashboard]# kubectl create -f dashboard-rbac.yaml 
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created

[root@master dashboard]# kubectl create -f dashboard-secret.yaml 
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created

[root@master dashboard]# kubectl create -f dashboard-controller.yaml 
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created

[root@master dashboard]# kubectl create -f dashboard-configmap.yaml 
configmap/kubernetes-dashboard-settings created

[root@master dashboard]# kubectl create -f dashboard-service.yaml 
service/kubernetes-dashboard created

【3】查看kube-system命名空间的容器和服务

[root@master dashboard]# kubectl get pods,service -n kube-system -o wide
NAME                                        READY   STATUS    RESTARTS   AGE   IP            NODE            NOMINATED NODE
pod/kubernetes-dashboard-7cb4c764dc-7x9l7   1/1     Running   0          10m   172.17.58.4   192.168.60.60   <none>

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE    SELECTOR
service/kubernetes-dashboard   NodePort   10.0.0.198   <none>        443:30004/TCP   124m   k8s-app=kubernetes-dashboard

【4】访问，端口号可以在service中修改，默认30001

这样就可以在浏览器上面访问https://192.168.60.60:30004

【5】在一些浏览器上面需要证书支持，所以制作证书

[root@master dashboard]# vim dashboard-cert.sh 
cat > dashboard-csr.json <<EOF
{
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   },
   "names": [
       {
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"
       }
   ]
}
EOF

K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

[root@master dashboard]# vim dashboard-controller.yaml 
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem
          - --tls-cert-file=dashboard.pem
//在auto下面添加两行令牌验证

【6】执行脚本声明kubernetes相关的证书

[root@master dashboard]# bash dashboard-cert.sh /root/k8s/master/k8s-cert/
2020/10/09 11:25:18 [INFO] generate received request
2020/10/09 11:25:18 [INFO] received CSR
2020/10/09 11:25:18 [INFO] generating key: rsa-2048
2020/10/09 11:25:18 [INFO] encoded CSR
2020/10/09 11:25:18 [INFO] signed certificate with serial number 387705407385876447234702460269006573129732521292
2020/10/09 11:25:18 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created

【7】更新controller配置

[root@master dashboard]#kubectl apply -f dashboard-controller.yaml 
serviceaccount/kubernetes-dashboard unchange
deployment.apps/kubernetes-dashboard configed

[root@master dashboard]# kubectl get pods,svc -n kube-system -o wide
NAME                                        READY   STATUS    RESTARTS   AGE     IP            NODE            NOMINATED NODE
pod/kubernetes-dashboard-7cb4c764dc-d29fh   1/1     Running   0          3m17s   172.17.58.4   192.168.60.60   <none>

NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE   SELECTOR
service/kubernetes-dashboard   NodePort   10.0.0.198   <none>        443:30004/TCP   95m   k8s-app=kubernetes-dashboard

【8】再次访问https://192.168.60.60:30004就可以访问到令牌验证的界面，

【9】获取令牌验证码

[root@master dashboard]# kubectl create -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

[root@master dashboard]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-665zn        kubernetes.io/service-account-token   3      29s
default-token-fj9sc                kubernetes.io/service-account-token   3      9d
kubernetes-dashboard-certs         Opaque                                11     7m10s
kubernetes-dashboard-key-holder    Opaque                                2      102m
kubernetes-dashboard-token-vgg8h   kubernetes.io/service-account-token   3      94s

[root@master dashboard]# kubectl describe secret dashboard-admin-token-665zn -n kube-system
Name:         dashboard-admin-token-665zn
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: fd258cfb-09df-11eb-bc9f-000c2979c544

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNjY1em4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmQyNThjZmItMDlkZi0xMWViLWJjOWYtMDAwYzI5NzljNTQ0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.HbpRqlcHQ_YMbeNdeyc3tJnXKoDUSb76rUV2KEQC-FjbgvwmpRTG6a09OqNgVWZ-OIHpHMc5XzJxE2dXB2lfHb3UqUJgvm92ZH7fwQ-wl1GBe6RahfIpZxUkT31i8UzALqgT8Gpf3lPbchtxE-gCbcQfoW2k-uuCxtaI69iB8LhzfHwhw_e3Svt44VNGyg7MxLLajIR0HYo4fvto_xq7yQ5R745iijS3uqrulSaCMwwyG-SMaJ9qRgA_E0Bj9mkjNcH5u6f3FopYJWVMFVqInw-NqNRDKc3HFk6wW4X15YC6-2qkj4PoXHFxLRTVjWCk13eOSMGytEtao3intBAIrw
ca.crt:     1359 bytes

【10】复制token验证码到浏览器上面然后登陆就可以了

三、出现的错误及解决方案

【问题一】：下面节点有一个状态是notready

[root@master ~]# kubectl get nodes
NAME             STATUS     ROLES    AGE   VERSION
192.168.60.100   Ready      <none>   8d    v1.12.3
192.168.60.60    NotReady   <none>   8d    v1.12.3

【解决方案】：在nginx节点上面启动keepalived双机热备及负载均衡功能

[root@nginx02 ~]# systemctl restart nginx
[root@nginx02 ~]# systemctl start keepalived
[root@nginx02 ~]# systemctl restart keepalived

[root@nginx01 ~]# systemctl restart nginx
[root@nginx01 ~]# systemctl start keepalived
[root@nginx01 ~]# systemctl restart keepalived

[root@master ~]# kubectl get nodes
NAME             STATUS   ROLES    AGE   VERSION
192.168.60.100   Ready    <none>   8d    v1.12.3
192.168.60.60    Ready    <none>   8d    v1.12.3

【问题二】： “kubelet-bootstrap” already exists

[root@master kuberconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io "kubelet-bootstrap" already exists

【解决问题】：删除"kubelet-bootstrap"

[root@master kuberconfig]# kubectl delete clusterrolebinding kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io "kubelet-bootstrap" deleted
[root@master kuberconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created

【问题三】：容器状态是CrashLoopBackOff

[root@master dashboard]# kubectl get pods,svc -n kube-system -o wide
NAME                                        READY   STATUS             RESTARTS   AGE    IP            NODE             NOMINATED NODE
pod/kubernetes-dashboard-7dffbccd68-4c827   0/1     CrashLoopBackOff   33         161m   172.17.85.3   192.168.60.100   <none>

【解决方案】

（1）查看容器的详细信息

[root@master dashboard]# kubectl describe pod/kubernetes-dashboard-7cb4c764dc-lbmxz -n kube-system
Events:
  Type     Reason     Age                  From                     Message
  ----     ------     ----                 ----                     -------
  Normal   Scheduled  2m44s                default-scheduler        Successfully assigned kube-system/kubernetes-dashboard-7cb4c764dc-lbmxz to 192.168.60.100
  Normal   Pulled     42s (x4 over 2m43s)  kubelet, 192.168.60.100  Container image "siriuszg/kubernetes-dashboard-amd64:v1.8.3" already present on machine
  Normal   Created    42s (x4 over 2m43s)  kubelet, 192.168.60.100  Created container
  Normal   Started    41s (x4 over 2m43s)  kubelet, 192.168.60.100  Started container
  Warning  BackOff    11s (x7 over 118s)   kubelet, 192.168.60.100  Back-off restarting failed container

（2）docker节点的问题，检查node节点192.168.60.100

[root@node2 ~]# vim /var/log/messages
Oct  4 13:06:14 node2 kubelet: I1004 13:06:14.472645   47802 setters.go:775] Error getting volume limit for plugin kubernetes.io/gce-pd
Oct  4 13:06:14 node2 kubelet: I1004 13:06:14.472659   47802 setters.go:775] Error getting volume limit for plugin kubernetes.io/azure-disk
Oct  4 13:06:14 node2 kubelet: I1004 13:06:14.472663   47802 setters.go:775] Error getting volume limit for plugin kubernetes.io/aws-ebs

（3）在node节点刷新防火墙策略

[root@node2 ~]# systemctl stop kubelet
[root@node2 ~]# systemctl stop docker
[root@node2 ~]# iptables --flush
[root@node2 ~]# iptables -t nat --flush
[root@node2 ~]# systemctl start kubelet.service 
[root@node2 ~]# systemctl start docker
[root@node2 ~]# iptables -F