Kubernetes-Dashboard 是基于网页的 Kubernetes 用户界面。你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。
1、安装 Kubernetes 控制面板
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml2、添加超级管理员并创建访问令牌
cat <<EOF | kubectl apply -f -
kind: ServiceAccount
apiVersion: v1
metadata:
name: admin
namespace: kubernetes-dashboard
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kubernetes-dashboard
EOF
# 创建令牌
kubectl -n kubernetes-dashboard create token admin3、添加一个路由资源,即可通过 https://kubernetes.example.org 访问
# 设置域名
export MY_KUBEDASH_HOST=kubernetes.example.org
# 设置路由
cat <<EOF | kubectl apply -f -
kind: ServersTransport
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: kubernetes-dashboard-transport
namespace: kubernetes-dashboard
spec:
serverName: $MY_KUBEDASH_HOST
insecureSkipVerify: true
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(\`$MY_KUBEDASH_HOST\`)
priority: 10
services:
- kind: Service
name: kubernetes-dashboard
namespace: kubernetes-dashboard
serversTransport: kubernetes-dashboard-transport
port: 443
tls:
certResolver: default
EOF请注意修改域名
kubernetes.example.org
若未配置自动签发证书,请删除 tls 的两行配置
由于认证问题,这里使用了serversTransport方案链接后端
配置完成后,可以通过https://kubernetes.example.org访问k8s管理面板
附录:设置会话超时时间为一天(可忽略)
kubectl patch -n kubernetes-dashboard deployments kubernetes-dashboard --type 'json' -p '[
{
"op" : "add",
"path" : "/spec/template/spec/containers/0/args/-",
"value" : "--token-ttl=86400"
}
]'其他章节
根据本站Tag查阅 《Kubernetes 领进门》 系列文章
正文完