Dashboard
部署和访问 Kubernetes 仪表板(Dashboard)
1. 下载 yaml,并运行 Dashboard
下载 yaml
$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml 修改Service的类型,以便外部访问
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort # add
ports:
- port: 443
targetPort: 8443
nodePort: 30009 #add
selector:
k8s-app: kubernetes-dashboard
---部署
$ kubectl create -f recommended.yaml查看namespace下的Dashboard资源
$ kubectl get pod,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-7bc864c59-fr8ts 1/1 Running 0 2m16s
pod/kubernetes-dashboard-6ff574dd47-nsmtl 1/1 Running 0 2m16s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.103.240.90 <none> 8000/TCP 2m16s
service/kubernetes-dashboard NodePort 10.109.131.123 <none> 443:30009/TCP 2m16s登陆界面:https://192.168.241.128:30009
2. 创建访问账户,获取token
创建账号dashboard-admin,为其授权
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: dashboard-admin
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: dashboard-admin
type: kubernetes.io/service-account-token获取账号token
$ kubectl -n kubernetes-dashboard describe secret dashboard-admin 
输入 token 访问成功!
Dashboard token 过期时间太短
添加一行
- '--token-ttl=43200'
