k8s控制台

K8s 安装dashboard

 

目录

• 安装UI管理界面
  • 1.1 项目GitHub: https://github.com/kubernetes/dashboard
  • 1.2 下载dashboard配置文件
  • 1.3 修改yaml文件
  • 1.4 创建认证令牌(RBAC)
  • 1.5 访问k8s集群UI

 

回到顶部

安装UI管理界面

1.1 项目GitHub: https://github.com/kubernetes/dashboard

1.2 下载dashboard配置文件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml

1.3 修改yaml文件

新增type: NodePort 和 nodePort：31443，以便能实现非本机访问

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 31443
  selector:
    k8s-app: kubernetes-dashboard

 

1.4 创建认证令牌(RBAC)

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

1.4.1 创建一个admin-user

vim dashboard-adminuser.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
kubectl apply -f dashboard-adminuser.yaml

1.4.2 创建一个集群角色

vim dashboard-ClusterRoleBinding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

# kubectl apply -f dashboard-ClusterRoleBinding.yaml

1.4.3 获取token

For Bash:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

显示如下：

Name:         admin-user-token-ljq54
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: cf2d9d41-226c-45cf-a1d7-72fd598df4a1
​
Type:  kubernetes.io/service-account-token
​
Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:  xxxx

1.5 访问k8s集群UI

https://yourk8sapiserver:31443

输入刚才获取的 token