kubernetes 创建系统用户来支持访问 dashboard

Dashboard:

1.部署：下载yaml文件可以直接运行也可以下载下来
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

2. 将Service改为NodePort
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

给将dashboard的pods打补丁，让dashboard的服务是用NodePort来暴露，就可以使用 http://<宿主机IP>:<port-3XXXX>来访问dashboard的页面了
3. 认证
建立一个账号：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin  #建立账号admin
  namespace: kube-system

kubectl get sa -n kube-system

kubectl get sa -n admin kube-system

给账号绑定一个集群权限：

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system

kubectl get clusterrolebinding

查看admin用户的token，用来登录dashboard

DAMIN_NAME=$(kubectl -n kube-system get secret | grep admin | awk '{print $1}')
kubectl -n kube-system describe secret $DAMIN_NAME

复制token

http://<宿主机IP>:<port-3XXXX>登录页面输入token

完成账号配置

posted @ 2019-01-30 14:58 划得戳阅读(774) 评论(0) 编辑收藏举报

刷新页面返回顶部

划得戳

kubernetes 创建系统用户来支持访问 dashboard

公告