kubernetes實踐之十:Kubernetes-dashboard+Heapster+InfluxDB+Grafana
一:前言
1.kubernetes-dashboard 官方提供的使用者管理Kubernets叢集視覺化工具
2.cAdvisor是用於監控容器執行狀態的利器之一。在kubernetes系統中,cAdvisor已經被預設整合到了kubelet元件內,當kubelet服務啟動時,它會自動啟動cAdvisor服務,然後cAdvisor會實時採集所在節點的效能指標及節點上執行的容器的效能指標。cAdvisor主頁顯示了主機的實時執行狀態,包括CPU使用情況、記憶體使用情況、網路吞吐量及檔案系統使用情況等資訊。但是cAdvisor只提供了單機的容器資源佔用情況,而在大規模容器叢集中,需要對所有的Node和全部容器進行效能監控。這就需要一套工具來實現叢集效能資料的採集、儲存和展示。
3.Heapster 提供整個叢集的資源監控,並支援持久化資料儲存到InfluxDB或者其他的儲存後端。Heapster從kubelet提供的API採集節點和容器的資源佔用。另外,Heapster的 /metrics API提供了Prometheus格式的資料。
4.InfluxDB是一個開源分散式時序、事件和指標資料庫。
5.Grafana是一個開源儀表盤工具,它可用於、與 一起使用。最新的版本還可以用於其他的資料來源,比如Elasticsearch。(與heapster與Prometheus均可整合)
6.Zabbix是一個基於WEB介面的提供分散式系統監視以及網路監視功能的企業級的開源解決方案.多用於傳統(非微服務)分散式系統的監控。
7.Prometheus 容器時代的產物。整合採集、儲存(支援多種時序資料庫)、頁面展示與一體的監控工具。
監控方案:
a.Heapster+InfluxDB+Grafana
b.Prometheus
二:安裝
1.映象
k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.2
gcr.io/google_containers/heapster-amd64:v1.4.2
gcr.io/google_containers/heapster-influxdb-amd64:v1.3.3
gcr.io/google_containers/heapster-grafana-amd64:v4.4.3
2.yaml檔案
admin-user.yaml(不需修改)
dashboard.yaml(橙色標示是修改的地方。特別說明當前版本需要新增 - --heapster-host=http://heapster 配置,否則無法正常獲取metrics )
grafana.yaml(橙色標示為需要修改的地方)
heapster-rbac.yaml(不需要修改)
heapster.yaml(橙色標示為需要修改的地方)
influxdb.yaml(橙色標示為需要修改的地方)
dashboard.yaml 檔案源於
其他yaml.檔案源於
下載後解壓縮 位於目錄\deploy\kube-config\influxdb
3.建立相關資源
執行命令:
kubectl create -f admin-user.yaml -f dashboard.yaml -f grafana.yaml -f heapster-rbac.yaml -f heapster.yaml -f influxdb.yaml
檢視建立狀態:
kubectl get pods --all-namespaces
三:訪問
建議使用Firefox瀏覽器訪問
選擇使用令牌登入的方式, 生成令牌的命令如下(請儲存好生成的Token):
成功登入後的頁面:
1.kubernetes-dashboard 官方提供的使用者管理Kubernets叢集視覺化工具
2.cAdvisor是用於監控容器執行狀態的利器之一。在kubernetes系統中,cAdvisor已經被預設整合到了kubelet元件內,當kubelet服務啟動時,它會自動啟動cAdvisor服務,然後cAdvisor會實時採集所在節點的效能指標及節點上執行的容器的效能指標。cAdvisor主頁顯示了主機的實時執行狀態,包括CPU使用情況、記憶體使用情況、網路吞吐量及檔案系統使用情況等資訊。但是cAdvisor只提供了單機的容器資源佔用情況,而在大規模容器叢集中,需要對所有的Node和全部容器進行效能監控。這就需要一套工具來實現叢集效能資料的採集、儲存和展示。
3.Heapster 提供整個叢集的資源監控,並支援持久化資料儲存到InfluxDB或者其他的儲存後端。Heapster從kubelet提供的API採集節點和容器的資源佔用。另外,Heapster的 /metrics API提供了Prometheus格式的資料。
4.InfluxDB是一個開源分散式時序、事件和指標資料庫。
5.Grafana是一個開源儀表盤工具,它可用於、與 一起使用。最新的版本還可以用於其他的資料來源,比如Elasticsearch。(與heapster與Prometheus均可整合)
6.Zabbix是一個基於WEB介面的提供分散式系統監視以及網路監視功能的企業級的開源解決方案.多用於傳統(非微服務)分散式系統的監控。
7.Prometheus 容器時代的產物。整合採集、儲存(支援多種時序資料庫)、頁面展示與一體的監控工具。
監控方案:
a.Heapster+InfluxDB+Grafana
b.Prometheus
二:安裝
1.映象
k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.2
gcr.io/google_containers/heapster-amd64:v1.4.2
gcr.io/google_containers/heapster-influxdb-amd64:v1.3.3
gcr.io/google_containers/heapster-grafana-amd64:v4.4.3
2.yaml檔案
admin-user.yaml(不需修改)
點選(此處)摺疊或開啟
-
apiVersion: v1
-
kind: ServiceAccount
-
metadata:
-
name: admin-user
-
namespace: kube-system
-
---
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: ClusterRoleBinding
-
metadata:
-
name: admin-user
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: cluster-admin
-
subjects:
-
- kind: ServiceAccount
-
name: admin-user
- namespace: kube-system
點選(此處)摺疊或開啟
-
# Copyright 2017 The Kubernetes Authors.
-
#
-
# Licensed under the Apache License, Version 2.0 (the "License");
-
# you may not use this file except in compliance with the License.
-
# You may obtain a copy of the License at
-
#
-
# http://www.apache.org/licenses/LICENSE-2.0
-
#
-
# Unless required by applicable law or agreed to in writing, software
-
# distributed under the License is distributed on an "AS IS" BASIS,
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-
# See the License for the specific language governing permissions and
-
# limitations under the License.
-
-
# Configuration to deploy release version of the Dashboard UI compatible with
-
# Kubernetes 1.8.
-
#
-
# Example usage: kubectl create -f
-
-
# ------------------- Dashboard Secret ------------------- #
-
-
apiVersion: v1
-
kind: Secret
-
metadata:
-
labels:
-
k8s-app: kubernetes-dashboard
-
name: kubernetes-dashboard-certs
-
namespace: kube-system
-
type: Opaque
-
-
---
-
# ------------------- Dashboard Service Account ------------------- #
-
-
apiVersion: v1
-
kind: ServiceAccount
-
metadata:
-
labels:
-
k8s-app: kubernetes-dashboard
-
name: kubernetes-dashboard
-
namespace: kube-system
-
-
---
-
# ------------------- Dashboard Role & Role Binding ------------------- #
-
-
kind: Role
-
apiVersion: rbac.authorization.k8s.io/v1
-
metadata:
-
name: kubernetes-dashboard-minimal
-
namespace: kube-system
-
rules:
-
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
-
- apiGroups: [""]
-
resources: ["secrets"]
-
verbs: ["create"]
-
# Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
-
- apiGroups: [""]
-
resources: ["configmaps"]
-
verbs: ["create"]
-
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
-
- apiGroups: [""]
-
resources: ["secrets"]
-
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
-
verbs: ["get", "update", "delete"]
-
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
-
- apiGroups: [""]
-
resources: ["configmaps"]
-
resourceNames: ["kubernetes-dashboard-settings"]
-
verbs: ["get", "update"]
-
# Allow Dashboard to get metrics from heapster.
-
- apiGroups: [""]
-
resources: ["services"]
-
resourceNames: ["heapster"]
-
verbs: ["proxy"]
-
- apiGroups: [""]
-
resources: ["services/proxy"]
-
resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
-
verbs: ["get"]
-
-
---
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: RoleBinding
-
metadata:
-
name: kubernetes-dashboard-minimal
-
namespace: kube-system
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: Role
-
name: kubernetes-dashboard-minimal
-
subjects:
-
- kind: ServiceAccount
-
name: kubernetes-dashboard
-
namespace: kube-system
-
-
---
-
# ------------------- Dashboard Deployment ------------------- #
-
-
kind: Deployment
-
apiVersion: apps/v1beta2
-
metadata:
-
labels:
-
k8s-app: kubernetes-dashboard
-
name: kubernetes-dashboard
-
namespace: kube-system
-
spec:
-
replicas: 1
-
revisionHistoryLimit: 10
-
selector:
-
matchLabels:
-
k8s-app: kubernetes-dashboard
-
template:
-
metadata:
-
labels:
-
k8s-app: kubernetes-dashboard
-
spec:
-
containers:
-
- name: kubernetes-dashboard
-
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.2
-
ports:
-
- containerPort: 8443
-
protocol: TCP
-
args:
-
- --auto-generate-certificates
-
# Uncomment the following line to manually specify Kubernetes API server Host
-
# If not specified, Dashboard will attempt to auto discover the API server and connect
-
# to it. Uncomment only if the default does not work.
-
# - --apiserver-host=http://my-address:port
-
- --heapster-host=http://heapster
-
volumeMounts:
-
- name: kubernetes-dashboard-certs
-
mountPath: /certs
-
# Create on-disk volume to store exec logs
-
- mountPath: /tmp
-
name: tmp-volume
-
livenessProbe:
-
httpGet:
-
scheme: HTTPS
-
path: /
-
port: 8443
-
initialDelaySeconds: 30
-
timeoutSeconds: 30
-
volumes:
-
- name: kubernetes-dashboard-certs
-
secret:
-
secretName: kubernetes-dashboard-certs
-
- name: tmp-volume
-
emptyDir: {}
-
serviceAccountName: kubernetes-dashboard
-
# Comment the following tolerations if Dashboard must not be deployed on master
-
tolerations:
-
- key: node-role.kubernetes.io/master
-
effect: NoSchedule
-
-
---
-
# ------------------- Dashboard Service ------------------- #
-
-
kind: Service
-
apiVersion: v1
-
metadata:
-
labels:
-
k8s-app: kubernetes-dashboard
-
name: kubernetes-dashboard
-
namespace: kube-system
-
spec:
-
type: NodePort
-
ports:
-
- port: 443
-
targetPort: 8443
-
nodePort: 32666
-
selector:
- k8s-app: kubernetes-dashboard
點選(此處)摺疊或開啟
-
apiVersion: extensions/v1beta1
-
kind: Deployment
-
metadata:
-
name: monitoring-grafana
-
namespace: kube-system
-
spec:
-
replicas: 1
-
template:
-
metadata:
-
labels:
-
task: monitoring
-
k8s-app: grafana
-
spec:
-
containers:
-
- name: grafana
-
image: gcr.io/google_containers/heapster-grafana-amd64:v4.4.3
-
ports:
-
- containerPort: 3000
-
protocol: TCP
-
volumeMounts:
-
- mountPath: /etc/ssl/certs
-
name: ca-certificates
-
readOnly: true
-
- mountPath: /var
-
name: grafana-storage
-
env:
-
- name: INFLUXDB_HOST
-
value: monitoring-influxdb
-
- name: GF_SERVER_HTTP_PORT
-
value: "3000"
-
# The following env variables are required to make Grafana accessible via
-
# the kubernetes api-server proxy. On production clusters, we recommend
-
# removing these env variables, setup auth for grafana, and expose the grafana
-
# service using a LoadBalancer or a public IP.
-
- name: GF_AUTH_BASIC_ENABLED
-
value: "false"
-
- name: GF_AUTH_ANONYMOUS_ENABLED
-
value: "true"
-
- name: GF_AUTH_ANONYMOUS_ORG_ROLE
-
value: Admin
-
- name: GF_SERVER_ROOT_URL
-
# If you're only using the API Server proxy, set this value instead:
-
# value: /api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
-
value: /
-
volumes:
-
- name: ca-certificates
-
hostPath:
-
path: /etc/ssl/certs
-
- name: grafana-storage
-
emptyDir: {}
-
---
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
# For use as a Cluster add-on ()
-
# If you are NOT using this as an addon, you should comment out this line.
- kubernetes.io/cluster-service: 'true
點選(此處)摺疊或開啟
-
kind: ClusterRoleBinding
-
apiVersion: rbac.authorization.k8s.io/v1beta1
-
metadata:
-
name: heapster
-
roleRef:
-
apiGroup: rbac.authorization.k8s.io
-
kind: ClusterRole
-
name: system:heapster
-
subjects:
-
- kind: ServiceAccount
-
name: heapster
- namespace: kube-system
點選(此處)摺疊或開啟
-
apiVersion: v1
-
kind: ServiceAccount
-
metadata:
-
name: heapster
-
namespace: kube-system
-
---
-
apiVersion: extensions/v1beta1
-
kind: Deployment
-
metadata:
-
name: heapster
-
namespace: kube-system
-
spec:
-
replicas: 1
-
template:
-
metadata:
-
labels:
-
task: monitoring
-
k8s-app: heapster
-
spec:
-
serviceAccountName: heapster
-
containers:
-
- name: heapster
-
image: gcr.io/google_containers/heapster-amd64:v1.4.2
-
imagePullPolicy: IfNotPresent
-
command:
-
- /heapster
-
- --source=kubernetes:https://10.116.137.196:6443
-
- --sink=influxdb:http://monitoring-influxdb.kube-system.svc:8086
-
---
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
task: monitoring
-
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
-
# If you are NOT using this as an addon, you should comment out this line.
-
kubernetes.io/cluster-service: 'true'
-
kubernetes.io/name: Heapster
-
name: heapster
-
namespace: kube-system
-
spec:
-
ports:
-
- port: 80
-
targetPort: 8082
-
selector:
- k8s-app: heapster
點選(此處)摺疊或開啟
-
apiVersion: extensions/v1beta1
-
kind: Deployment
-
metadata:
-
name: monitoring-influxdb
-
namespace: kube-system
-
spec:
-
replicas: 1
-
template:
-
metadata:
-
labels:
-
task: monitoring
-
k8s-app: influxdb
-
spec:
-
containers:
-
- name: influxdb
-
image: gcr.io/google_containers/heapster-influxdb-amd64:v1.3.3
-
volumeMounts:
-
- mountPath: /data
-
name: influxdb-storage
-
volumes:
-
- name: influxdb-storage
-
emptyDir: {}
-
---
-
apiVersion: v1
-
kind: Service
-
metadata:
-
labels:
-
task: monitoring
-
# For use as a Cluster add-on (https://github.com/kubernetes/kubernetes/tree/master/cluster/addons)
-
# If you are NOT using this as an addon, you should comment out this line.
-
kubernetes.io/cluster-service: 'true'
-
kubernetes.io/name: monitoring-influxdb
-
name: monitoring-influxdb
-
namespace: kube-system
-
spec:
-
ports:
-
- port: 8086
-
targetPort: 8086
-
selector:
- k8s-app: influxdb
其他yaml.檔案源於
下載後解壓縮 位於目錄\deploy\kube-config\influxdb
3.建立相關資源
執行命令:
kubectl create -f admin-user.yaml -f dashboard.yaml -f grafana.yaml -f heapster-rbac.yaml -f heapster.yaml -f influxdb.yaml
檢視建立狀態:
kubectl get pods --all-namespaces
三:訪問
建議使用Firefox瀏覽器訪問
選擇使用令牌登入的方式, 生成令牌的命令如下(請儲存好生成的Token):
點選(此處)摺疊或開啟
- kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') | grep token
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-2152479/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- kubernetes實踐之十一:EFK
- kubernetes實踐之五十二:Helm
- kubernetes實踐之五十七:PodPreset
- kubernetes實踐之五十八:CronJob
- kubernetes實踐之十七:架構架構
- kubernetes實踐之十九:API概述API
- kubernetes實踐之六十:Cabin-Manage Kubernetes
- kubernetes實踐之五十九:NetworkPolicy
- kubernetes實踐之六十四:CoreDNSDNS
- kubernetes實踐之九:kube-dnsDNS
- kubernetes實踐之五:網路模型模型
- kubernetes實踐之五十六:雲原生
- kubernetes實踐之四十二:StatefulSet
- kubernetes生產實踐之redis-clusterRedis
- GitOps實踐之kubernetes安裝argocdGitGo
- kubernetes實踐之六十二:Secret 使用
- kubernetes實踐之六十三:使用技巧
- kubernetes實踐之六十五:Service Mesh
- kubernetes實踐之八:TLS bootstrappingTLSbootAPP
- kubernetes實踐之十二:部署Traefik Ingress
- kubernetes實踐之十四:Service Account與Secret
- kubernetes實踐之七十三:Istio之配置請求路由路由
- kubernetes實踐之七十二:Istio之策略與遙測
- kubernetes實踐之五十五:kubectl之配置kubeconfig
- kubernetes實踐之七十:Istio之流量管理(上)
- kubernetes實踐之六十七:Istio介紹
- kubernetes實踐之四十九:Scheduler原理分析
- kubernetes實踐之六:CFSSL構建本地CA
- kubernetes實踐之五:Node節點安裝
- kubernetes實踐之五十四:垃圾回收機制
- kubernetes實踐之十六:RBAC 角色訪問控制
- kubernetes實踐之四十三: Service詳解
- kubernetes實踐之七十一:Istio之流量管理(下)
- kubernetes實踐之六十八:部署 coredns 外掛DNS
- kubernetes實踐之六十一:kubectl port-forwardForward
- kubernetes實踐之四十七:ResourceQuota ControllerController
- kubernetes實踐之五十:kubelet執行機制分析
- kubernetes實踐之五十三:Service中的故障排查