Kubernetes

安装k8s dashboard

Posted by 胡伟煌 on 2022-10-23

1. 部署dashboard

1
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml

镜像: kubernetesui/dashboard:v2.5.0

默认端口:8443

登录页面需要填入token或kubeconfig

2. 登录dashboard

2.1. 创建超级管理员

参考:dashboard/creating-sample-user

创建dashboard-adminuser.yaml文件如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

创建serviceaccount和ClusterRoleBinding,绑定cluster-admin的超级管理员的权限。

1
kubectl apply -f dashboard-adminuser.yaml t

创建用户

1
kubectl -n kubernetes-dashboard create token admin-user

查询token

移除账号

1
2
kubectl -n kubernetes-dashboard delete serviceaccount admin-user
kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user

2.2. 创建Namespace管理员

1、创建角色权限(role)

1
2
3
4
5
6
7
8
9
10
11
12
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: <namespace>
  name: <namespace>-admin-role
rules:
  - apiGroups:
    - '*'
    resources:
    - '*'
    verbs:
    - '*'

2、创建用户账号(ServiceAccount)

1
2
3
4
5
apiVersion: v1
kind: ServiceAccount
metadata:
  name: <namespace>-admin-user
  namespace: <namespace>

3、创建角色绑定关系

1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: <namespace>-admin-user
  namespace: <namespace>
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: <namespace>-admin-role
subjects:
- kind: ServiceAccount
  name: <namespace>-admin-user
  namespace: <namespace>

4、生成token

1
kubectl -n <namespace> create token <ServiceAccount>

2.3. 创建只读账户

参考:


支付宝打赏 微信打赏

赞赏一下




FEATURED TAGS
Kubernetes
FRIENDS