K8s 安裝dashboard
阿新 • • 發佈:2020-08-10
安裝UI管理介面
1.1 專案GitHub:
1.2 下載dashboard配置檔案
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
1.3 修改yaml檔案
新增type: NodePort 和 nodePort:31443,以便能實現非本機訪問
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 31443 selector: k8s-app: kubernetes-dashboard
1.4 建立認證令牌(RBAC)
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
1.4.1 建立一個admin-user
vim dashboard-adminuser.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard kubectl apply -f dashboard-adminuser.yaml
1.4.2 建立一個叢集角色
vim dashboard-ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
# kubectl apply -f dashboard-ClusterRoleBinding.yaml
1.4.3 獲取token
For Bash:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
顯示如下:
Name: admin-user-token-ljq54 Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: cf2d9d41-226c-45cf-a1d7-72fd598df4a1 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 20 bytes token: xxxx
1.5 訪問k8s叢集UI
https://yourk8sapiserver:31443
輸入剛才獲取的 token