安装UI管理界面
1.1 项目GitHub:
1.2 下载dashboard配置文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
1.3 修改yaml文件
新增type: NodePort 和 nodePort:31443,以便能实现非本机访问
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 31443 selector: k8s-app: kubernetes-dashboard
1.4 创建认证令牌(RBAC)
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
1.4.1 创建一个admin-user
vim dashboard-adminuser.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard kubectl apply -f dashboard-adminuser.yaml
1.4.2 创建一个集群角色
vim dashboard-ClusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard
# kubectl apply -f dashboard-ClusterRoleBinding.yaml
1.4.3 获取token
For Bash:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
显示如下:
Name: admin-user-token-ljq54 Namespace: kubernetes-dashboard Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: cf2d9d41-226c-45cf-a1d7-72fd598df4a1 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 20 bytes token: xxxx
1.5 访问k8s集群UI
https://yourk8sapiserver:31443
输入刚才获取的 token