安装kubernetes-dashboard mkdir ~/kubernetes-dashboard && cd ~/kubernetes-dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml kubectl apply -f recommended.yaml grep image recommended.yaml crictl pull kubernetesui/dashboard:v2.4.0 crictl pull kubernetesui/metrics-scraper:v1.0.7 1、测试访问 dashboard(只有default命名空间权限) 修改 dashboard的 service为 nodeport kubectl get pods -n kubernetes-dashboard kubectl get svc -n kubernetes-dashboard # kubectl edit svc/kubernetes-dashboard -n kubernetes-dashboard 将type修改为 NodePort 使用kubernetes-dashboard 这个账户的token测试访问 #"获取token" kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard | awk '{print $1}') 只能访问default命名空间,原因是因为,kubernetes-dashboard 这个账户的角色权限不够 2、使用管理员账号访问、创建admin管理员用户 cat > ~/kubernetes-dashboard/admin.yaml << EOF kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kubernetes-dashboard --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kubernetes-dashboard EOF kubectl apply -f ~/kubernetes-dashboard/admin.yaml # 查看admin的secret名字 ADMIN_SECRET=$(kubectl get secrets -n kubernetes-dashboard | grep admin-token | awk '{print $1}') # 打印secret的token kubectl describe secret -n kubernetes-dashboard ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}'
继续阅读
评论