dashboard安装使用

部署dashboard

       github地址:

       https://github.com/kubernetes/dashboard/releases

  

root@deploy:/dashboar# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
root@deploy:/dashboar# mv recommended.yaml dashboard-2.6.0.yaml

 

  下载镜像

  Kubernetes Dashboard,dashboard的前段界面

docker pull kubernetesui/dashboard:v2.6.0

 

  Metrics Scraper,向kubelet抓取pod资源数据

docker pull kubernetesui/metrics-scraper:v1.0.8

 

       并修改dashboard的image文件改为本地仓库镜像地址

 

  修改dashboard service,更改service类型为NodePort,并暴露30110端口

root@deploy:/dashboard# vim dashboard-2.6.0.yaml
…
---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30110
  selector:
    k8s-app: kubernetes-dashboard

---
…

 

  安装

root@deploy:/dashboard# kubectl apply -f dashboard-2.6.0.yaml

 

       创建sa账户并绑定为cluster-admin的clusterrolebinding,1.24版本之前会自动生成绑定成功后的sa账户secret。新版需要手动创建

 

  创建sa账户 admin

#切换 namespace
root@deploy:/dashboar# kubectl config set-context --namespace kubernetes-dashboard --current 
Context "context-cluster1" modified.

root@deploy:/dashboar# kubectl create serviceaccount admin
serviceaccount/admin created

 

 

  将sa账户admin绑定到集群角色cluster-admin

root@deploy:/dashboar# kubectl create clusterrolebinding admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin
clusterrolebinding.rbac.authorization.k8s.io/admin created

 

  查看admin集群角色

root@deploy:/dashboar# kubectl get clusterrolebindings.rbac.authorization.k8s.io |grep admin
admin                                                  ClusterRole/cluster-admin                                          103s
cluster-admin                                          ClusterRole/cluster-admin                                          29h
kubernetes-crb                                         ClusterRole/cluster-admin

 

  创建secret用户认证token

root@deploy:/dashboar# vim usercrendentitals.yaml 
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: dashboard-admin-user
  namespace: kubernetes-dashboard 
  annotations:
    kubernetes.io/service-account.name: "admin"

root@deploy:/dashboar# kubectl apply -f usercrendentitals.yaml

 

 #获取secret创建的用户token

root@deploy:/dashboar# kubectl describe secrets dashboard-admin-user |grep token

 

 

  登录http://nodeip:30110

 

 

posted @ 2022-07-29 17:37  PunchLinux  阅读(515)  评论(0编辑  收藏  举报