本篇文章主要是介绍如何在本地部署kubernetes dashboard, 部署环境是mac m2
下载dashboard.yaml
官网release地址: kubernetes/dashboard/releases
本篇文章下载的是kubernetes-dashboard-v2.7.0的版本,通过wget命令下载到本地:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
部署dashboard
修改recommended.yaml暴露nodeport
首先是要修改recommended.yaml中的service配置,将service端口通过nodeport的方式提供给kubernetes集群外部访问。
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新增
ports:
- port: 443
targetPort: 8443
nodePort: 30443 #新增
selector:
k8s-app: kubernetes-dashboard
在集群中部署kubernetes dashboard
提交recommended.yaml文件进行kubernetes dashboard的安装。
如果不能访问容器镜像不能下载的话,需要梯子或者将docker的镜像源仓库调整为国内的
执行命令:
kubectl apply -f recommended.yaml
创建用户SA和Token
新增dashboard-admin.yaml文件,在其中添加dashboard-admin的ServiceAccount配置和ClusterRoleBinding配置。
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: dashboard-admin
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin-bind-cluster-role
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
执行kubectl apply -f 命令将dashboard-admin.yaml提交到集群
kubectl apply -f dashboard-admin.yaml
创建dashboard-admin的token
kubectl create token dashboard-admin -n kubernetes-dashboard
执行结果如下图:
将token复制出来用来访问kubernetes dashboard:
#参考
k8s Dashboard 2.7 使用EIP和多权限角色token的解决方案