Dashboard

部署和访问 Kubernetes 仪表板（Dashboard）

1. 下载 yaml，并运行 Dashboard

下载 yaml

$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml

 修改Service的类型，以便外部访问

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort # add
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30009 #add
  selector:
    k8s-app: kubernetes-dashboard

---

部署

$ kubectl create -f recommended.yaml

查看namespace下的Dashboard资源

$ kubectl get pod,svc -n kubernetes-dashboard

NAME                                            READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-7bc864c59-fr8ts   1/1     Running   0          2m16s
pod/kubernetes-dashboard-6ff574dd47-nsmtl       1/1     Running   0          2m16s

NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.103.240.90    <none>        8000/TCP        2m16s
service/kubernetes-dashboard        NodePort    10.109.131.123   <none>        443:30009/TCP   2m16s

登陆界面：https://192.168.241.128:30009

2. 创建访问账户，获取token

创建账号dashboard-admin，为其授权

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
  name: dashboard-admin
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: dashboard-admin
type: kubernetes.io/service-account-token

获取账号token

$ kubectl -n kubernetes-dashboard describe secret dashboard-admin

 

 

输入 token 访问成功！

Dashboard token 过期时间太短

添加一行

- '--token-ttl=43200'