安装kubernetes dashboard以及用户授权

kubernetes 版本v1.25.3

1、安装

版本查看:https://github.com/kubernetes/dashboard/releases

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

安装完成后会创建2个pod和2个service,访问kubernetes-dashboard service,即可进入登录页面

 

2、创建ServiceAccount和secret并关联

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: "admin-user"

 

2、创建ClusterRole

     这里直接使用cluster-admin的ClusterRole,这个集群角色拥有集群最大的权限

root@master01:~# kubectl get clusterrole cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2022-10-18T09:59:03Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "71"
  uid: 033f7c8a-1a7a-4b9f-b24c-6c921cb1ef45
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

3、创建ClusterRoleBinding,讲serviceaccount和ClusterRole关联起来

root@master01:~# kubectl get clusterrolebinding admin-user
NAME         ROLE                        AGE
admin-user   ClusterRole/cluster-admin   2d19h
root@master01:~# kubectl get clusterrolebinding admin-user -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

4、直接使用创建的serviceaccount admin-user的token访问dashboard:

 

4、使用制作登录kubeconfig

由于token不易保管,可以讲集群信息和身份凭据 信息写入kubeconfig,登录时传入kubeconfig文件即可

#添加集群配置
kubectl config set-cluster myland-01 --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs=true --server=https://10.0.8.101:6443 --kubeconfig=admin-user.kubeconfig

#添加身份凭据--token
kubectl config set-credentials admin-user --token=`kubectl describe secret admin-user -n kubernetes-dashboard |awk '/^token:/{print $2}'` --kubeconfig=admin-user.kubeconfig

#以admin-user用户的身份凭据与myland-01集群建立映射关系
kubectl config set-context admin-user@myland-01 --cluster=myland-01 --user=admin-user --kubeconfig=admin-user.kubeconfig

#设置为当前上下文为admin-user@myland-01
kubectl config use-context admin-user@myland-01 --kubeconfig=admin-user.kubeconfig

使用kubeconfig文件登录:

 

posted @ 2022-10-28 11:17  西风发财  阅读(420)  评论(0编辑  收藏  举报