update dashboard v2.0.0-beta5

2019-11-03 09:56:05 +00:00 · 2019-11-03 09:56:05 +00:00 · fb584bcca2
parent afbba63337
commit fb584bcca2
5 changed files with 400 additions and 98 deletions
--- a/manifests/dashboard/1.10.1/kubernetes-dashboard.yaml
+++ b/manifests/dashboard/1.10.1/kubernetes-dashboard.yaml
@ -0,0 +1,165 @@
 # Copyright 2017 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # ------------------- Dashboard Secret ------------------- #
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
 type: Opaque
 ---
 # ------------------- Dashboard Service Account ------------------- #
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
 ---
 # ------------------- Dashboard Role & Role Binding ------------------- #
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
 rules:
  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
 - apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
 - apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
 - apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
 - apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
 subjects:
 - kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
 ---
 # ------------------- Dashboard Deployment ------------------- #
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
 spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
 ---
 # ------------------- Dashboard Service ------------------- #
 kind: Service
 apiVersion: v1
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard
  namespace: kube-system
 spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
--- a/manifests/dashboard/kubernetes-dashboard.yaml
+++ b/manifests/dashboard/kubernetes-dashboard.yaml
@ -12,7 +12,39 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-# ------------------- Dashboard Secret ------------------- #
+apiVersion: v1
 kind: Namespace
 metadata:
  name: kube-system 
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
 ---
 kind: Service
 apiVersion: v1
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
 spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
 ---
 apiVersion: v1
 kind: Secret
@ -24,70 +56,117 @@ metadata:
 type: Opaque
 ---
 # ------------------- Dashboard Service Account ------------------- #
 apiVersion: v1
-kind: ServiceAccount
+kind: Secret
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kube-system
 type: Opaque
 data:
  csrf: ""
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kube-system
 type: Opaque
 ---
 kind: ConfigMap
 apiVersion: v1
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kube-system
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
 rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]
 ---
 # ------------------- Dashboard Role & Role Binding ------------------- #
-kind: Role
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: kubernetes-dashboard-minimal
+  labels:
-  namespace: kube-system
+    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
 rules:
-  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
+  # Allow Metrics Scraper to get metrics from the Metrics server
- apiGroups: [""]
+  - apiGroups: ["metrics.k8s.io"]
-  resources: ["secrets"]
+    resources: ["pods", "nodes"]
-  verbs: ["create"]
+    verbs: ["get", "list", "watch"]
  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
 - apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
 - apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
 - apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: kubernetes-dashboard-minimal
+  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
 subjects:
 - kind: ServiceAccount
  name: kubernetes-dashboard
-  namespace: kube-system
+subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: kubernetes-dashboard
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
 subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system
 ---
 # ------------------- Dashboard Deployment ------------------- #
 kind: Deployment
 apiVersion: apps/v1
@ -108,58 +187,117 @@ spec:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
-      - name: kubernetes-dashboard
+        - name: kubernetes-dashboard
-        image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
+          image: kubernetesui/dashboard:v2.0.0-beta5
-        ports:
+          imagePullPolicy: Always
-        - containerPort: 8443
+          ports:
-          protocol: TCP
+            - containerPort: 8443
-        args:
+              protocol: TCP
-          - --auto-generate-certificates
+          args:
-          # Uncomment the following line to manually specify Kubernetes API server Host
+            - --auto-generate-certificates
-          # If not specified, Dashboard will attempt to auto discover the API server and connect
+            - --namespace=kube-system
-          # to it. Uncomment only if the default does not work.
+            # Uncomment the following line to manually specify Kubernetes API server Host
-          # - --apiserver-host=http://my-address:port
+            # If not specified, Dashboard will attempt to auto discover the API server and connect
-        volumeMounts:
+            # to it. Uncomment only if the default does not work.
-        - name: kubernetes-dashboard-certs
+            # - --apiserver-host=http://my-address:port
-          mountPath: /certs
+          volumeMounts:
-          # Create on-disk volume to store exec logs
+            - name: kubernetes-dashboard-certs
-        - mountPath: /tmp
+              mountPath: /certs
-          name: tmp-volume
+              # Create on-disk volume to store exec logs
-        livenessProbe:
+            - mountPath: /tmp
-          httpGet:
+              name: tmp-volume
-            scheme: HTTPS
+          livenessProbe:
-            path: /
+            httpGet:
-            port: 8443
+              scheme: HTTPS
-          initialDelaySeconds: 30
+              path: /
-          timeoutSeconds: 30
+              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
-      - name: kubernetes-dashboard-certs
+        - name: kubernetes-dashboard-certs
-        secret:
+          secret:
-          secretName: kubernetes-dashboard-certs
+            secretName: kubernetes-dashboard-certs
-      - name: tmp-volume
+        - name: tmp-volume
-        emptyDir: {}
+          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "beta.kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
-      - key: node-role.kubernetes.io/master
+        - key: node-role.kubernetes.io/master
-        effect: NoSchedule
+          effect: NoSchedule
 ---
 # ------------------- Dashboard Service ------------------- #
 kind: Service
 apiVersion: v1
 metadata:
  labels:
-    k8s-app: kubernetes-dashboard
+    k8s-app: dashboard-metrics-scraper
-    kubernetes.io/cluster-service: "true"
+  name: dashboard-metrics-scraper
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard
  namespace: kube-system
 spec:
  ports:
-    - port: 443
+    - port: 8000
-      targetPort: 8443
+      targetPort: 8000
  selector:
-    k8s-app: kubernetes-dashboard
+    k8s-app: dashboard-metrics-scraper
-  type: NodePort
+
 ---
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kube-system
 spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
      annotations:
        seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
    spec:
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.1
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "beta.kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}
--- a/roles/cluster-addon/defaults/main.yml
+++ b/roles/cluster-addon/defaults/main.yml
@ -19,12 +19,12 @@ metricsVer: "v0.3.6"
 metricsserver_offline: "metrics-server_{{ metricsVer }}.tar"
 # dashboard 自动安装
-# 现阶段 dashboard 获取metrics仍旧依赖于heapster，因此需连带安装heapster
+# dashboard v2.0.0-beta5 不依赖于heapster
 dashboard_install: "yes"
-dashboardVer: "v1.10.1"
+dashboardVer: "v2.0.0-beta5"
 dashboard_offline: "dashboard_{{ dashboardVer }}.tar"
-heapsterVer: "v1.5.4"
+dashboardMetricsScraperVer: "v1.0.1"
-heapster_offline: "heapster_{{ heapsterVer }}.tar"
+metricsscraper_offline: "metrics-scraper_{{ dashboardMetricsScraperVer }}.tar"
 # ingress 自动安装，可选 "traefik" 和 "nginx-ingress"
 ingress_install: "yes"
--- a/roles/cluster-addon/tasks/main.yml
+++ b/roles/cluster-addon/tasks/main.yml
@ -73,37 +73,36 @@
  when: '"metrics-server" not in pod_info.stdout and metricsserver_install == "yes"'
  ignore_errors: true
-# 现阶段 dashboard 获取metrics仍旧依赖于heapster，因此需连带安装heapster
+# dashboard v2.0.0-beta5 不依赖于heapster
 - block:
    - block:
-        - name: 尝试推送离线 dashboard heapster镜像（若执行失败，可忽略）
+        - name: 尝试推送离线 dashboard 镜像（若执行失败，可忽略）
          copy: src={{ base_dir }}/down/{{ item }} dest=/opt/kube/images/{{ item }}
          when: 'item in download_info.stdout'
          with_items:
          - "{{ dashboard_offline }}"
-          - "{{ heapster_offline }}"
+          - "{{ metricsscraper_offline }}"
        - name: 获取dashboard离线镜像推送情况
          command: "ls /opt/kube/images"
          register: image_info     
-        - name: 导入 dashboard heapster的离线镜像（docker）
+        - name: 导入 dashboard 的离线镜像（docker）
          shell: "{{ bin_dir }}/docker load -i /opt/kube/images/{{ item }}"
          with_items:
          - "{{ dashboard_offline }}"
-          - "{{ heapster_offline }}"
+          - "{{ metricsscraper_offline }}"
          when: "item in image_info.stdout and CONTAINER_RUNTIME == 'docker'"
-        - name: 导入 dashboard heapster的离线镜像（containerd）
+        - name: 导入 dashboard 的离线镜像（containerd）
          shell: "{{ bin_dir }}/ctr -n=k8s.io images import /opt/kube/images/{{ item }}"
          with_items:
          - "{{ dashboard_offline }}"
-          - "{{ heapster_offline }}"
+          - "{{ metricsscraper_offline }}"
          when: "item in image_info.stdout and CONTAINER_RUNTIME == 'containerd'"
    - name: 创建 dashboard部署
-      shell: "{{ base_dir }}/bin/kubectl apply -f {{ base_dir }}/manifests/dashboard && \
+      shell: "{{ base_dir }}/bin/kubectl apply -f {{ base_dir }}/manifests/dashboard"
 	      {{ base_dir }}/bin/kubectl apply -f {{ base_dir }}/manifests/heapster/heapster-only"
      run_once: true
      connection: local
  when: '"kubernetes-dashboard" not in pod_info.stdout and dashboard_install == "yes"'
--- a/tools/easzup
+++ b/tools/easzup
@ -184,9 +184,9 @@ function get_offline_image() {
  # images needed by k8s cluster
  calicoVer=v3.4.4
  corednsVer=1.6.2
-  dashboardVer=v1.10.1
+  dashboardVer=v2.0.0-beta5
  dashboardMetricsScraperVer=v1.0.1
  flannelVer=v0.11.0-amd64
  heapsterVer=v1.5.4
  metricsVer=v0.3.6
  pauseVer=3.1
  traefikVer=v1.7.12
@ -214,9 +214,9 @@ function get_offline_image() {
    docker pull easzlab/flannel:${flannelVer} && \
    docker save -o ${imageDir}/flannel_${flannelVer}.tar easzlab/flannel:${flannelVer}
  fi
-  if [[ ! -f "$imageDir/heapster_$heapsterVer.tar" ]];then
+  if [[ ! -f "$imageDir/metrics-scraper_$dashboardMetricsScraperVer.tar" ]];then
-    docker pull mirrorgooglecontainers/heapster-amd64:${heapsterVer} && \
+    docker pull kubernetesui/metrics-scraper:${dashboardMetricsScraperVer} && \
-    docker save -o ${imageDir}/heapster_${heapsterVer}.tar mirrorgooglecontainers/heapster-amd64:${heapsterVer}
+    docker save -o ${imageDir}/metrics-scraper_${dashboardMetricsScraperVer}.tar kubernetesui/metrics-scraper:${dashboardMetricsScraperVer}
  fi
  if [[ ! -f "$imageDir/metrics-server_$metricsVer.tar" ]];then
    docker pull mirrorgooglecontainers/metrics-server-amd64:${metricsVer} && \