实时警报通知:微信告警通知的重要性解析
853
2022-10-12
Kubernetes 常用组件-Dashboard
Kubernetes 常用组件-Dashboard
Kubernetes Cluster 安装好后我们需要一个面板来可视化管理,此处我们引用官方的dashboard。
github[1]
dashboard
一、快速应用
借鉴官方YAML文件做过以下调整
1.使用私有镜像2.命名空间复用kube-system3.TTL时间延长1天4.增加nodeport-30001用于暴露服务
kubectl apply -f https://m.8ops.top/attachment/kubernetes/kube-dashboard.yaml
dashboard
二、创建用户
# 创建SAkubectl create serviceaccount dashboard-admin -n kube-system# 绑定cluster-adminkubectl create clusterrolebinding dashboard-admin \ --clusterrole=cluster-admin \ --serviceaccount=kube-system:dashboard-admin# 输出tokenkubectl describe secrets \ -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
指令用意
1.授予管理员权限用于通过dashboard管理cluster2.获取网页版登录token
token
浏览器访问
https://10.101.11.240:30001/
Dashboard
创建完成后在Chrome浏览器打开提示非安全站点,由于证书是私有的浏览器无法识别,可以通过在页面上盲敲命令thisisunsafe成功打开网页。
Dashboard
拷贝之前的token,通过Token的登录选项即可。
三、权限解析
用户
root@K-KUBE-LAB-01:~# kubectl -n kube-system get sa dashboard-adminNAME SECRETS AGEdashboard-admin 1 5d23hroot@K-KUBE-LAB-01:~# kubectl -n kube-system get sa dashboard-admin -o yamlapiVersion: v1kind: ServiceAccountmetadata: creationTimestamp: "2021-08-17T02:55:23Z" name: dashboard-admin namespace: kube-system resourceVersion: "6750" uid: 31044793-79b3-455c-8e6e-b853d003162csecrets:- name: dashboard-admin-token-gkm76
权限
root@K-KUBE-LAB-01:~# kubectl -n kube-system get clusterrolebinding dashboard-admin -o yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata: creationTimestamp: "2021-08-17T02:55:23Z" name: dashboard-admin resourceVersion: "6752" uid: 7fa29bdc-eaa3-46b3-a0a4-f9985a2602feroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-adminsubjects:- kind: ServiceAccount name: dashboard-admin namespace: kube-systemroot@K-KUBE-LAB-01:~# kubectl -n kube-system get ClusterRole cluster-admin -o yamlapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" creationTimestamp: "2021-08-17T02:01:54Z" labels: kubernetes.io/bootstrapping: rbac-defaults name: cluster-admin resourceVersion: "91" uid: d7698abc-af4f-4320-a81f-79a53ce45291rules:- apiGroups: - '*' resources: - '*' verbs: - '*'- nonResourceURLs: - '*' verbs: - '*'
发表评论
暂时没有评论,来抢沙发吧~