https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml编辑该并使用下列命令实现将角色名替换:
:%s/kubernetes-dashboard-minimal/kubernetes-dashboard/g - 创建kubernetes-dashboard-rbac.yaml
下载的部署文件,有个地方需要注意下,它里面创建的一个ServiceAccount=kubernetes-dashboard,授予它的权限都是只操作kube-system里面的资源,而创建的deployment使用的ServiceAccount就是kubernetes-dashboard,因此你访问dashboard时对其它namespace的资源将无权查看,因此,要想dashboard能查看到其它namespace的资源需要重新创建RBAC权限。
创建kubernetes-dashboard-rbac.yaml,内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard
subjects:
- kind: ServiceAccount
name: dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin #将集群管理员的角色赋予dashboard
apiGroup: rbac.authorization.k8s.io创建好后,在下载的部署文件中有个地方改下,之前说到的deployment用到的ServiceAccount是kubernetes-dashboard ,需要把它改成这里创建的ServiceAccount为dashboard。
- 开始部署:
kubectl create -f dashboard-rbac.yaml -f kubernetes-dashboard.yaml #先部署RBAC再部署deployment
[email protected]:/data/dashboard# kubectl get deploy,pod,svc -n kube-system
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/kubernetes-dashboard 1 1 1 1 1h
NAME READY STATUS RESTARTS AGE
po/kubernetes-dashboard-56466b7cbf-x4z99 1/1 Running 0 1h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes-dashboard ClusterIP 10.254.160.221 <none> 443/TCP 1h
dashboard# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE
kubernetes-dashboard-56466b7cbf-x4z99 1/1 Running 0 1h 172.30.11.7 10.3.1.17
- 访问之前的配置
根据官方文档的配置手册,访问方式较之前的版本不同,需要运行kubectl proxy ,打开localhsot 8001端口,且运行在前台 , 这里我们把它运行在后台:
kubectl proxy --address=0.0.0.0 --port=8001 --accept-hosts=‘^.*‘ &官方文档上给出的访问方式:
To access HTTPS endpoint of dashboard go to: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/打开页面后在弹出的认证对话框中,直接跳过即可。
原文地址:http://blog.51cto.com/newfly/2105892
时间: 2024-11-10 13:29:38