kubernetes安装部署dashboard

安装

社区提供了kubernetes-dashbaord的YAML资源定义文件,直接下载YAML文件安装即可实现dashboard的安装接入

#在master节点上执行:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

开放访问

kubernetes-dashbaord安装完毕后,kubernetes-dashboard默认service的类型为ClusterIP,为了从外部访问控制面板,开放为NodePort类型

kubectl edit service -n kubernetes-dashboard kubernetes-dashboard

kubectl get service -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.96.28.47             8000/TCP        8m17s
kubernetes-dashboard        NodePort    10.96.209.215           443:31438/TCP   8m17s

授权

此时通过https协议访问31438端口即可打开dashboard的控制台,为了保护数据安全性,集群默认开启了RBAC认证授权,需要授予权限的用户才可以访问到kubernetes集群,因此需要授权用户访问集群,集群中已定有了cluster-admin的角色和相关的Role,ClusterRole和ClusterRoleBinding角色,定义ServiceAccount将其关联即可,如下:

[root@k8s-master-01 ~]# cat dashboard-rbac.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
[root@k8s-master-01 ~]# kubectl apply -f dashboard-rbac.yaml 
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

获取访问token

[root@k8s-master-01 ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-qfpqp
Namespace:    kubernetes-dashboard
Labels:       
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 0fde99b8-d478-4d16-a825-8ff94d26ee1c

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkxFaWI1ZGQ4QTFPZVdiTjJsbmx2enZBcnp6TkdGcUhaMlVWWEFRQTl4SkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXFmcHFwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwZmRlOTliOC1kNDc4LTRkMTYtYTgyNS04ZmY5NGQyNmVlMWMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.gXTHcSlNxemweCeEKiRm_pngHg2_KcfQ9NO65MnQo3L0PnKJPUunnKC2QAfylI6aBiL9YpaWhmLAvtRCzGeaWLbuUYixASHkF3hx-vdK79VKrduylhgVl27IAcmA2aqydBYtEQ-y-S368KAoiYhFkkbmqorj175n0gSNG18lZsLldNkQYdWAZMr97KuCejDgGTtbpVtmwVy_oRPWhTWGgPN011ZO9-6LUJM-o3PCeyZ2pbnR8E4gzGcnZYQg3xNJMMCM-m_mOgVQm4I0wR5-GOpFu6jELnQ7oC4TXn5A4cAw0vZm5igABIc_KmBtIvU3NMBwO8SFRmLOcH4soqOiqw

你可能感兴趣的:(k8s,kubernetes)