绝密笔记 | Kubernetes 领进门 | 安装 kubernetes-dashboard 可视化面板

Kubernetes-Dashboard 是基于网页的 Kubernetes 用户界面。你可以使用 Dashboard容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。

1、安装 Kubernetes 控制面板

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

2、添加超级管理员并创建访问令牌

cat <<EOF | kubectl apply -f -
kind: ServiceAccount
apiVersion: v1
metadata:
  name: admin
  namespace: kubernetes-dashboard
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kubernetes-dashboard
EOF

# 创建令牌
kubectl -n kubernetes-dashboard create token admin

3、添加一个路由资源,即可通过 https://kubernetes.example.org 访问

# 设置域名
export MY_KUBEDASH_HOST=kubernetes.example.org

# 设置路由
cat <<EOF | kubectl apply -f -
kind: ServersTransport
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: kubernetes-dashboard-transport
  namespace: kubernetes-dashboard
spec:
  serverName: $MY_KUBEDASH_HOST
  insecureSkipVerify: true
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(\`$MY_KUBEDASH_HOST\`)
      priority: 10
      services:
        - kind: Service
          name: kubernetes-dashboard
          namespace: kubernetes-dashboard
          serversTransport: kubernetes-dashboard-transport
          port: 443
  tls:
    certResolver: default
EOF

请注意修改域名 kubernetes.example.org
若未配置自动签发证书,请删除 tls 的两行配置
由于认证问题,这里使用了 serversTransport 方案链接后端
配置完成后,可以通过 https://kubernetes.example.org 访问k8s管理面板

附录:设置会话超时时间为一天(可忽略)

kubectl patch -n kubernetes-dashboard deployments kubernetes-dashboard --type 'json' -p '[
  {
    "op" : "add",
    "path" : "/spec/template/spec/containers/0/args/-",
    "value" : "--token-ttl=86400"
  }
]'

其他章节

根据本站Tag查阅 《Kubernetes 领进门》 系列文章

正文完