1. 部署dashboard
1
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
|
镜像: kubernetesui/dashboard:v2.5.0
默认端口:8443
登录页面需要填入token或kubeconfig

2. 登录dashboard
2.1. 创建超级管理员
参考:dashboard/creating-sample-user
创建dashboard-adminuser.yaml文件如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
| apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
|
创建serviceaccount和ClusterRoleBinding,绑定cluster-admin的超级管理员的权限。
1
| kubectl apply -f dashboard-adminuser.yaml t
|
创建用户
1
| kubectl -n kubernetes-dashboard create token admin-user
|
查询token
移除账号
1 2
| kubectl -n kubernetes-dashboard delete serviceaccount admin-user kubectl -n kubernetes-dashboard delete clusterrolebinding admin-user
|
2.2. 创建Namespace管理员
1、创建角色权限(role)
1 2 3 4 5 6 7 8 9 10 11 12
| kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: <namespace> name: <namespace>-admin-role rules: - apiGroups: - '*' resources: - '*' verbs: - '*'
|
2、创建用户账号(ServiceAccount)
1 2 3 4 5
| apiVersion: v1 kind: ServiceAccount metadata: name: <namespace>-admin-user namespace: <namespace>
|
3、创建角色绑定关系
1 2 3 4 5 6 7 8 9 10 11 12 13
| apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: <namespace>-admin-user namespace: <namespace> roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: <namespace>-admin-role subjects: - kind: ServiceAccount name: <namespace>-admin-user namespace: <namespace>
|
4、生成token
1
| kubectl -n <namespace> create token <ServiceAccount>
|
2.3. 创建只读账户
参考: