K8s 安裝dashboard
安裝UI管理界面
1.1 項目GitHub:
1.2 下載dashboard配置文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
1.3 修改yaml文件
新增type: NodePort 和 nodePort:31443,以便能實現非本機訪問
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 31443
selector:
k8s-app: kubernetes-dashboard
1.4 創建認證令牌(RBAC)
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
1.4.1 創建一個admin-user
vim dashboard-adminuser.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard kubectl apply -f dashboard-adminuser.yaml
1.4.2 創建一個集群角色
vim dashboard-ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
# kubectl apply -f dashboard-ClusterRoleBinding.yaml
1.4.3 獲取token
For Bash:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
顯示如下:
Name: admin-user-token-ljq54
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: cf2d9d41-226c-45cf-a1d7-72fd598df4a1
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: xxxx
1.5 訪問k8s集群UI
https://yourk8sapiserver:31443
輸入剛才獲取的 token