参考:在centos stream 9上搭建k8s最新版本(当前:v1.26.1)集群环境

 查找dashboard 对应的版本

 https://github.com/kubernetes/dashboard/releases

 下载 kubernetes-dashboard.yaml  使用的2.7.0

 wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml -O kubernetes-dashboard.yaml
-------------------------------------
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard
-------------------------------------

添加
   nodePort: 30001
 type: NodePort
-------------------------------

 安装dashboard

 kubectl apply -f kubernetes-dashboard.yaml

 创建用户

 wget https://raw.githubusercontent.com/cby-chen/Kubernetes/main/yaml/dashboard-user.yaml
 kubectl apply -f dashboard-user.yaml

 创建登录Token,过期了再重新创建

 kubectl -n kubernetes-dashboard create token admin-user

 放到一个变量里,后面生成kubeconfig时可以用

 DASH_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 修改k8s dashboard token认证的过期时间

两种方法修改k8s dashboard token认证的过期时间

 重新生成token

 [root@k8s-master01 ~]# kubeadm token create
xxxxxxxxxxxxxxxx

 查看token

- [root@k8s-master01 ~]# kubeadm token list
- TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
- o66dni.mhu79izcjwqn5h4z   23h         2023-11-11T00:59:02Z   authentication,signing   <none>                                                     system:bootstrappers:kubeadm:default-node-token


 获取集群名称

 [root@k8s-master01 pki]# kubectl cluster-info dump |grep cluster-name
 "--cluster-name=kubernetes",

 生成dashboard-admin.kubeconfig配置文件

 K8S-Dashbord部署、Token、Kubeconfig认证登录


 $kubectl config set-cluster kubernetes 
 --certificate-authority=/etc/kubernetes/pki/ 
 --embed-certs=true 
 --server=https://192.168.221.131:6443 
 --kubeconfig=dashboard-admin.kubeconfig
 
 $DASH_TOKEN前面已设置了该变量
 $kubectl config set-credentials dashboard-admin 
 --token=$DASH_TOKEN 
 --kubeconfig=dashboard-admin.kubeconfig
 
 $kubectl config set-context dashboard-admin@kubernetes 
 --cluster=kubernetes 
 --user=dashboard-admin 
 --kubeconfig=dashboard-admin.kubeconfig
 
 $kubectl config use-context dashboard-admin@kubernetes --kubeconfig=dashboard-admin.kubeconfig

 普通用户

 创建ServiceAccount

[root@master01 dashboard]# cat developer-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2023-12-06T01:50:51Z"
  name: developer
  namespace: develop
  resourceVersion: "5328458"
  uid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


 配置普通用户角色

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"creationTimestamp":null,"name":"developer","namespace":"develop"},"rules":[{"apiGroups":[""],"resources":["pods","services"],"verbs":["list","get","watch","create","delete","patch"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get","watch","create","delete","patch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["list","get","watch"]}]}
  creationTimestamp: "2023-12-06T02:23:32Z"
  name: developer
  namespace: develop
  resourceVersion: "11102812"
  uid: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  - pods/exec
  - services
  verbs:
  - list
  - get
  - watch
  - create
  - delete
  - patch
- apiGroups:
  - apps
  resources:
  - deployments
  - replicasets
  verbs:
  - list
  - get
  - watch
  - create
  - delete
  - patch
- apiGroups:
  - batch
  - batch/v1
  resources:
  - jobs
  verbs:
  - list
  - get
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - list
  - get
  - watch

角色绑定

[root@master01 dashboard]# cat developer-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"annotations":{},"creationTimestamp":null,"name":"developer-rolebinding","namespace":"develop"},"roleRef":{"apiGroup":"","kind":"Role","name":"developer"},"subjects":[{"apiGroup":"","kind":"User","name":"developer"}]}
  creationTimestamp: "2023-12-06T02:23:36Z"
  name: developer-rolebinding
  namespace: develop
  resourceVersion: "11086248"
  uid: xxxxxxxxxxxxxxxxxxxxxx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: developer
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: developer
- kind: ServiceAccount
  name: developer

 获取普通用户token

 kubectl -n develop create token developer

 登录Dashboard

 选择不了命名空间,直接输入develop
 右边显示的是serviceaccount

# kubernetes # 容器 # 云原生
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes