安裝UI管理界面
1.1 項目GitHub:
1.2 下載dashboard配置文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
1.3 修改yaml文件
新增type: NodePort 和 nodePort:31443,以便能實現非本機訪問
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 31443 selector: k8s-app: kubernetes-dashboard
1.4 創建認證令牌(RBAC)
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
1.4.1 創建一個admin-user
vim dashboard-adminuser.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard kubectl apply -f dashboard-adminuser.yaml
1.4.2 創建一個集群角色
vim dashboard-ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
# kubectl apply -f dashboard-ClusterRoleBinding.yaml
1.4.3 獲取token
For Bash:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
顯示如下:
Name: admin-user-token-ljq54 Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: cf2d9d41-226c-45cf-a1d7-72fd598df4a1 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 20 bytes token: xxxx
1.5 訪問k8s集群UI
https://yourk8sapiserver:31443
輸入剛才獲取的 token