1.部署服务器托管网 Dashboard UI
默认情况下不会部署 Dashboard。
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml 下载文件
在下载下来的recommended.yaml#大概在40行处添加一个type: NodePort,注意剧本的语法格式 type: NodePort
ports:
– port: 443
targetPort: 8443
nodePort: 30001 #添加此句定义对外的访问端口为30001
可以通过以下命令部署:
kubectl apply -f recommended.yaml2、访问 Dashboard 用户界面
创建访问用户
Creating sample user
In this guide, we will find out how to create a new user using the Service Account mechanism of Kubernetes, grant this user admin permissions and login to Dashboard using a bearer token tied to this user.
IMPORTANT:Make sure that you know what you are doing before proceeding. Granting admin privileges to Dashboard’s Service Account might be a security risk.
For each of the following snippets forServiceAccountandClusterRoleBinding, you should copy them to new manifest files likedashboard-adminuser.yamland usekubectl apply -f dashboard-adminuser.yamlto create them.
Creating a Service Account
We are creating Service Account with the nameadmin-userin namespacekubernetes-dashboardfirst.
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboardCreating a ClusterRoleBinding
In most cases after provisioning the cluster usingkops,kubeadmor any other popular tool, theClusterRolecluster-adminalready exists in the cluster. We can use it and create only aClusterRoleBindingfor ourServiceAccount. If it does not exist then you need to create this role first and grant required privileges manually.
apiVersion: r服务器托管网bac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboardGetting a Bearer Token for ServiceAccount
Now we need to find the token we can use to log in. Execute the following command:
kubectl -n kubernetes-dashboard create token admin-userIt should print something like:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQCheckKubernetes docsfor more information about API tokens for a ServiceAccount.
Getting a long-lived Bearer Token for ServiceAccount
We can also create a token with the secret which bound the service account and the token will be saved in the Secret:
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-tokenAfter Secret is created, we can execute the following command to get the token which saved in the Secret:
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -dCheckKubernetes docsfor more information about long-lived API tokens for a ServiceAccount.
Accessing Dashboard
Now copy the token and paste it into theEnter tokenfield on the login screen.
Click theSign inbutton and that’s it. You are now logged in as an admin.
Clean up and next steps
Remove the adminServiceAccountandClusterRoleBinding.
kubectl -n kubernetes-dashboard delete serviceaccount admin-user
kubectl -n kubernetes-dashboard delete clusterrolebinding admin-userIn order to find out more about how to grant/deny permissions in Kubernetes read the officialauthentication&authorizationdocumentation.
服务器托管,北京服务器托管,服务器租用 http://www.fwqtg.net
机房租用,北京机房租用,IDC机房托管, http://www.fwqtg.net
CMake 学习笔记 CMake 已经是 C++ 构建系统的事实标准。 主要是对小彭老师的 C++ 视频课程中 CMake 相关部分的一些笔记和整理,视频链接如下 学 C++ 从 CMake 学起 现代 CMake 高级教程 包含视频中的代码和 PPT 的仓库…
