# 1. 安装
1. 下载安装文件
~~~
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
~~~
2. 修改dashboard的service为nodeport,可以被外部访问
```
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30002
selector:
k8s-app: kubernetes-dashboard
```
3. 部署dashboard
```
kubectl apply -f recommended.yaml
```
4. 创建serviceAccount
```
kubectl apply -f dashboard-serviceaccount.yaml
```
```
vim dashboard-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
```
创建一个serviceaccount,会自动生产一个secret,保存对应的token
```
[root@master serviceAccount]# kubectl describe secret $(kubectl get secret -n kube-system | grep dashboard-admin | awk '{print $1}') -n kube-system
Name: dashboard-admin-token-hccf9
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: cb2ed2ae-e9c2-4539-ab51-b86a29598da2
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkdFckVOWVhDQkRvWnFIZ3FuSDhFa2ZfeUkxZzJ0YzVXVGFTYzFlckcxRWsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4taGNjZjkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiY2IyZWQyYWUtZTljMi00NTM5LWFiNTEtYjg2YTI5NTk4ZGEyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.LTiKOJu7tkPN_Vn4zFfnnKWR2SqzzOGTZn-9dcLskZYKLTQuBy_x2Pzre7aLYv4T_zFDZqxXKH-HG6-5ujFjApXv3lptVJAz2-UcsdUmgMMJ3jGt6yjIscMYPu5ZKTHVs9otDYpB8NPe5IHQUPRLAcQSmvMBtSTKqVfsP7nVDB46A_rIGFpZHnMiW2iQKnREx9ynIGyJQQW-t4pqSAwuxAQdXckQt53dKlqQ6KX7yH1b-FaaNoegt1onJdMolC54VXxS0dYKcjWa81mrcZ0wDLDIGw1hj4wAEYPNzrBh0QvN16XQmcjz2lBcz-MDdbzPg-tpcyZFo-TU1x_ohKCICQ
```
5. 获取serviceaccount对应的token
```
kubectl describe secret $(kubectl get secret -n kube-system | grep dashboard-admin | awk '{print $1}') -n kube-system | grep ^token | awk '{print $2}'
```
输入token登录
# 2. 登录方式配置
有token和配置文件登录方式,因为dashboard是以容器化的方式运行,所以两种方式需要serviceAccount账号
## 2.1 token访问
**1. 创建serviceaccount,pod访问账户**
```
kubectl create sa dashboard-admin -n kube-system
```
创建serviceaccount时,会自动创建对应的secret
**2. 给serviceaccount绑定角色**
```
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
```
**3. 查看dashboard-admin的secret名字**
```
ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
```
**4. 打印secret的token**
```
kubectl describe secret $ADMIN_SECRET -n kube-system | grep ^token | awk '{print $2}'
```
## 2.2 配置文件访问
## 2.3 分级访问
通过绑定rolebindding和clusterrolebindding,区分权限,也可以自定义role来细分权限
- docker
- docker安装
- 数据持久化
- 镜像管理
- Dockerfile
- 镜像的分层
- add copy
- 构建实例
- 镜像的导入导出
- 清理构建空间
- 配置阿里云加速器
- docker网络模型
- 本地仓库
- registry
- harbor
- IDEA部署docker
- 软件安装
- 安装es
- 安装MongoDB
- 安装rabbitmq
- 安装redis
- 安装nacos
- 安装mysql
- Minio
- 镜像中心
- kubernetes
- 1. 安装k8s
- 2.主要组件
- 3.污点
- 4.pod
- 5.控制器
- 6.网络
- 7.探针
- 8.安装Dashbord
- 9.secret
- 9.serviceAccount
- 10.service
- 资源清单
- kube-proxy
- flannel源文件
- 服务升级
- 笔记
- 镜像