https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml编辑该并使用下列命令实现将角色名替换:
:%s/kubernetes-dashboard-minimal/kubernetes-dashboard/g - 创建kubernetes-dashboard-rbac.yaml
下载的部署文件,有个地方需要注意下,它里面创建的一个ServiceAccount=kubernetes-dashboard,授予它的权限都是只操作kube-system里面的资源,而创建的deployment使用的ServiceAccount就是kubernetes-dashboard,因此你访问dashboard时对其它namespace的资源将无权查看,因此,要想dashboard能查看到其它namespace的资源需要重新创建RBAC权限。
创建kubernetes-dashboard-rbac.yaml,内容如下:
apiVersion: v1kind: ServiceAccountmetadata: ?name: dashboard ?namespace: kube-system---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1beta1metadata: ?name: dashboardsubjects: ?- kind: ServiceAccount ???name: dashboard ???namespace: kube-systemroleRef: ?kind: ClusterRole ?name: cluster-admin ?#将集群管理员的角色赋予dashboard ?apiGroup: rbac.authorization.k8s.io创建好后,在下载的部署文件中有个地方改下,之前说到的deployment用到的ServiceAccount是kubernetes-dashboard ,需要把它改成这里创建的ServiceAccount为dashboard。
- 开始部署:
kubectl create -f dashboard-rbac.yaml -f kubernetes-dashboard.yaml ?#先部署RBAC再部署deploymentroot@ubuntu15:/data/dashboard# kubectl get deploy,pod,svc -n kube-system NAME ?????????????????????????????DESIRED ??CURRENT ??UP-TO-DATE ??AVAILABLE ??AGEdeploy/kubernetes-dashboard ??????1 ????????1 ????????1 ???????????1 ??????????1hNAME ??????????????????????????????????????????READY ????STATUS ???RESTARTS ??AGEpo/kubernetes-dashboard-56466b7cbf-x4z99 ??????1/1 ??????Running ??0 ?????????1hNAME ??????????????????????TYPE ???????CLUSTER-IP ??????EXTERNAL-IP ??PORT(S) ????????AGEsvc/kubernetes-dashboard ??ClusterIP ??10.254.160.221 ??<none> ???????443/TCP ????????1hdashboard# kubectl get pod -n kube-system ?-o wideNAME ??????????????????????????????????????READY ????STATUS ???RESTARTS ???AGE ????????IP ????????????NODEkubernetes-dashboard-56466b7cbf-x4z99 ??????1/1 ??????Running ???0 ?????????1h ???????172.30.11.7 ???10.3.1.17访问之前的配置
根据官方文档的配置手册,访问方式较之前的版本不同,需要运行kubectl proxy ,打开localhsot 8001端口,且运行在前台 , 这里我们把它运行在后台:
kubectl proxy --address=0.0.0.0 --port=8001 --accept-hosts=‘^.*‘ &官方文档上给出的访问方式:
To access HTTPS endpoint of dashboard go to: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/打开页面后在弹出的认证对话框中,直接跳过即可。
Kubernetes之dashboard1.8的部署
原文地址:http://blog.51cto.com/newfly/2105892