• Kubernetes Dashboard 安装与认证

    1、安装dashboard 

    $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
    (images地址记得改掉,因为墙,你懂得)

    1.2, 配置ingress 映像域名xxx.dashboard.qing.cn(必须是https)

    2 、创建admin token

    #cat dashboard-adminuser.yaml

    apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

    ---
    apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

    #kubectl apply -f dashboard-adminuser.yaml
    #kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

    复制 token登陆即可

    3、增加只读帐号token

    #cat read-user-sa-rbac.yaml 

    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: dashboard-read-user
    namespace: kube-system

    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
    name: dashboard-read-binding
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: dashboard-read-clusterrole
    subjects:
    - kind: ServiceAccount
    name: dashboard-read-user
    namespace: kube-system

    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
    name: dashboard-read-clusterrole
    rules:
    - apiGroups:
    - ""
    resources:
    - configmaps
    - endpoints
    - persistentvolumeclaims
    - pods
    - replicationcontrollers
    - replicationcontrollers/scale
    - serviceaccounts
    - services
    - nodes
    - persistentvolumeclaims
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - ""
    resources:
    - bindings
    - events
    - limitranges
    - namespaces/status
    - pods/log
    - pods/status
    - replicationcontrollers/status
    - resourcequotas
    - resourcequotas/status
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - ""
    resources:
    - namespaces
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - apps
    resources:
    - daemonsets
    - deployments
    - deployments/scale
    - replicasets
    - replicasets/scale
    - statefulsets
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - autoscaling
    resources:
    - horizontalpodautoscalers
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - batch
    resources:
    - cronjobs
    - jobs
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - extensions
    resources:
    - daemonsets
    - deployments
    - deployments/scale
    - ingresses
    - networkpolicies
    - replicasets
    - replicasets/scale
    - replicationcontrollers/scale
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - policy
    resources:
    - poddisruptionbudgets
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - networking.k8s.io
    resources:
    - networkpolicies
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - storage.k8s.io
    resources:
    - storageclasses
    - volumeattachments
    verbs:
    - get
    - list
    - watch
    - apiGroups:
    - rbac.authorization.k8s.io
    resources:
    - clusterrolebindings
    - clusterroles
    - roles
    - rolebindings
    verbs:
    - get
    - list
    - watch

     

     
  • 相关阅读:
    将Microsoft SQL Server 2000数据库转换成MySQL数据库
    centos7 升级php版本
    Jquery Ajax方法传递json到action
    2015/12/7
    sql server 2008 评估期已过期
    C# 邮件发送注意事项
    ReSharper warning: Virtual member call in a constructor
    EF code first 生成edmx文件
    EF 已有打开的与此 Command 相关联的 DataReader,必须首先将它关闭
    C# 发送邮件
  • 原文地址:https://www.cnblogs.com/Qing-840/p/10834199.html
Copyright © 2020-2023  润新知