1、安装dashboard

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
(images地址记得改掉,因为墙,你懂得)

1.2, 配置ingress 映像域名xxx.dashboard.qing.cn(必须是https)

2 、创建admin token

#cat dashboard-adminuser.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

  name: admin-user

  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: admin-user

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: admin-user

  namespace: kube-system

#kubectl apply -f dashboard-adminuser.yaml
#kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

复制 token登陆即可

3、增加只读帐号token

#cat read-user-sa-rbac.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-read-user
namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-read-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dashboard-read-clusterrole
subjects:
- kind: ServiceAccount
name: dashboard-read-user
namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dashboard-read-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- nodes
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/scale
- ingresses
- networkpolicies
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- volumeattachments
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
verbs:
- get
- list
- watch

 

Kubernetes Dashboard 安装与认证的更多相关文章

  1. kubernetes dashboard 安装

    环境:CentOS Linux release 7.3.1611 (Core)IP:192.168.0.103 [1]组件安装yum install device-mapperyum install ...

  2. kubernetes dashboard 安装时出现9090: getsockopt: connection refused错误

    转载于:https://blog.csdn.net/lucy06/article/details/79082302 安装kubernetes  dashboard时,出现错误: Error: 'dia ...

  3. Kubernetes dashboard安装

    1. To download Dashboard plugin deployment YAML file from internet. #cd /home #mkdir k8s #cd k8s # w ...

  4. install kubernetes dashboard 安装 kubernetes dashboard 详细

    参考: http://www.bubuko.com/infodetail-2242562.html http://www.cnblogs.com/zhenyuyaodidiao/p/6500897.h ...

  5. Kubernetes入门(二)——Dashboard 安装

    Kubernetes集群搭建完成后,可以通过命令行方式可以了解集群资源的使用情况,但是这种方式比较笨拙且不直观,因此考虑给集群安装Dashboard,这样能更直观了解集群状态.本文Dashboard的 ...

  6. Kubernetes 及安装注意事项

    Docker Desktop for Mac/Windows开启Kubernetes 及安装注意事项 Table of Contents 1 解决方案 2 注意事项 2.1 Choose Kubeco ...

  7. K8s+dashboard安装部署【h】

    系统安装使用虚拟机安装两个centos系统,在/etc/hosts里增加两行192.168.140.128 kuber-master192.168.140.129 kuber-node1 关闭防火墙s ...

  8. kubernetes学习笔记之十一:kubernetes dashboard认证及分级授权

    第一章.部署dashboard 作为Kubernetes的Web用户界面,用户可以通过Dashboard在Kubernetes集群中部署容器化的应用,对应用进行问题处理和管理,并对集群本身进行管理.通 ...

  9. kubernetes Dashboard 使用RBAC 权限认证控制

    kubernetes RBAC实战 环境准备 先用kubeadm安装好kubernetes集群,[包地址在此](https://market.aliyun.com/products/56014009/ ...

随机推荐

  1. 离线缓存 Visual Studio 2019 (VS2019)的方法

    1. 下面是以管理员身份运行命令行: https://docs.microsoft.com/en-us/visualstudio/install/workload-component-id-vs-en ...

  2. Microsoft.Extensions.DependencyInjection 之一:解析实现

    [TOC] 前言 项目使用了 Microsoft.Extensions.DependencyInjection 2.x 版本,遇到第2次请求时非常高的内存占用情况,于是作了调查,本文对 3.0 版本仍 ...

  3. 这些Python库真的很“冷”,但是却很强大

    Python是一种很棒的编程语言.事实上,它还是世界上发展最快的编程语言之一.它一次又一次证明了它在数据科学职位中的实用性.整个Python及其库的生态系统使其成为全世界用户(初学者和高级)的合适选择 ...

  4. java开发高校社团管理系统JSP

    运行环境JDK1.7编写Eclipse( Neon.3 Release (4.6.3)) windows下Tomcat v8.5Mysql 5.5使用技术Java servlet & jspM ...

  5. Android App压力测试方法(Monkey)

    一.为什么要开展压力测试 a.提高产品的稳定性:b.提高产品的留存率 二.什么时候开展压力测试 a.首轮功能测试通过后:b.下班后的夜间进行 三.7个基础知识(理论部分) 3.1 手动测试场景与自动测 ...

  6. CTF必备技能丨Linux Pwn入门教程——ROP技术(下)

    Linux Pwn入门教程系列分享如约而至,本套课程是作者依据i春秋Pwn入门课程中的技术分类,并结合近几年赛事中出现的题目和文章整理出一份相对完整的Linux Pwn教程. 教程仅针对i386/am ...

  7. Jsp调用淘宝IP地址库获取来访IP详细信息

    Jsp调用淘宝IP地址库获取来访IP详细信息   示例网页点击:www.trembler.cn/ipinfo/ipinfo(服务器有其他用处,页面已失效) String ip = request.ge ...

  8. 剑指offer 8:旋转数组的最小数字

    题目描述 把一个数组最开始的若干个元素搬到数组的末尾,我们称之为数组的旋转.输入一个非递减排序的数组的一个旋转,输出旋转数组的最小元素.例如数组{3,4,5,1,2}为{1,2,3,4,5}的一个旋转 ...

  9. elasticsearch: 创建mapping

    elasticsearch版本: 6.5.4 创建mapping PUT http://192.168.2.136:9200/index_text/_mapping/text/ { "dyn ...

  10. odoo10学习笔记五:高级视图

    转载请注明原文地址:https://www.cnblogs.com/ygj0930/p/11189279.html 树视图 tree视图表现出来是列表视图,列表中一行一纪录.可以根据每行纪录的某字段值 ...