Kubernetes 常用组件-Dashboard

Kubernetes 常用组件-Dashboard

Kubernetes 常用组件-Dashboard

Kubernetes Cluster 安装好后我们需要一个面板来可视化管理，此处我们引用官方的dashboard。

github[1]

dashboard

一、快速应用

借鉴官方YAML文件做过以下调整

1.使用私有镜像2.命名空间复用kube-system3.TTL时间延长1天4.增加nodeport-30001用于暴露服务

kubectl apply -f https://m.8ops.top/attachment/kubernetes/kube-dashboard.yaml

dashboard

二、创建用户

# 创建SAkubectl create serviceaccount dashboard-admin -n kube-system# 绑定cluster-adminkubectl create clusterrolebinding dashboard-admin \ --clusterrole=cluster-admin \ --serviceaccount=kube-system:dashboard-admin# 输出tokenkubectl describe secrets \ -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

指令用意

1.授予管理员权限用于通过dashboard管理cluster2.获取网页版登录token

token

浏览器访问

https://10.101.11.240:30001/

Dashboard

创建完成后在Chrome浏览器打开提示非安全站点，由于证书是私有的浏览器无法识别，可以通过在页面上盲敲命令thisisunsafe成功打开网页。

Dashboard

拷贝之前的token，通过Token的登录选项即可。

三、权限解析

用户

root@K-KUBE-LAB-01:~# kubectl -n kube-system get sa dashboard-adminNAME SECRETS AGEdashboard-admin 1 5d23hroot@K-KUBE-LAB-01:~# kubectl -n kube-system get sa dashboard-admin -o yamlapiVersion: v1kind: ServiceAccountmetadata: creationTimestamp: "2021-08-17T02:55:23Z" name: dashboard-admin namespace: kube-system resourceVersion: "6750" uid: 31044793-79b3-455c-8e6e-b853d003162csecrets:- name: dashboard-admin-token-gkm76

权限

root@K-KUBE-LAB-01:~# kubectl -n kube-system get clusterrolebinding dashboard-admin -o yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: creationTimestamp: "2021-08-17T02:55:23Z" name: dashboard-admin resourceVersion: "6752" uid: 7fa29bdc-eaa3-46b3-a0a4-f9985a2602feroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-adminsubjects:- kind: ServiceAccount name: dashboard-admin namespace: kube-systemroot@K-KUBE-LAB-01:~# kubectl -n kube-system get ClusterRole cluster-admin -o yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" creationTimestamp: "2021-08-17T02:01:54Z" labels: kubernetes.io/bootstrapping: rbac-defaults name: cluster-admin resourceVersion: "91" uid: d7698abc-af4f-4320-a81f-79a53ce45291rules:- apiGroups: - '*' resources: - '*' verbs: - '*'- nonResourceURLs: - '*' verbs: - '*'