一、目标

  1. 使用Helm3快速完成Dashboard部署
  2. 调整session的默认失效时间
  3. 本次部署的dashboard版本2.0.4

二、Helm部署

1. chart地址

https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard/2.8.1

2. 参数示例

  1. extraArgs:
  2.   - --token-ttl=0
  3.   - --system-banner="Welcome to 3IN Kubernetes Cluster. 操作需谨慎!!!"
  4. ingress:
  5.   enabled: true
  6.   annotations:
  7.     kubernetes.io/ingress.class: nginx
  8.     kubernetes.io/tls-acme: 'true'
  9.     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  10.   paths:
  11.   - /
  12.   hosts:
  13.   - kube-dashboard.3incloud.cn
  14.   tls:
  15.   - secretName: tls-3incloudcn
  16.     hosts:
  17.     - kube-dashboard.3incloud.cn
  18. metricsScraper:
  19.   enabled: true
  20. metrics-server:
  21.   enabled: true
  22.   args:
  23.   - --kubelet-preferred-address-types=InternalIP
  24.   - --kubelet-insecure-tls
  • token-ttl=0配置用来表示登陆后session不失效

3. 安装

# add repo
helm repo add k8s-dashboard https://kubernetes.github.io/dashboard/
# install
helm install kube-dashboard k8s-dashboard/kubernetes-dashboard -n kube-dashboard -f value.yaml

4. 错误修正

修改Deployment kube-dashboard-metrics-server 镜像为
registry.cn-hangzhou.aliyuncs.com/vcors/metrics-server-amd64:v0.3.6,gcr仓库镜像国内访问不到。

三、创建账户

1. 创建账户

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: test
  namespace: kube-dashboard
EOF

2. 绑定角色

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: test
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: test
  namespace: kube-dashboard
EOF

3. 获取Token

kubectl -n kube-dashboard describe secret $(kubectl -n monitor get secret | grep wuyuexin | awk '{print $1}')

四、大功告成

image.png

  1. https://github.com/kubernetes/dashboard