一、目标
- 使用Helm3快速完成Dashboard部署
- 调整session的默认失效时间
- 本次部署的dashboard版本2.0.4
二、Helm部署
1. chart地址
https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard/2.8.1
2. 参数示例
extraArgs:
- --token-ttl=0
- --system-banner="Welcome to 3IN Kubernetes Cluster. 操作需谨慎!!!"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
paths:
- /
hosts:
- kube-dashboard.3incloud.cn
tls:
- secretName: tls-3incloudcn
hosts:
- kube-dashboard.3incloud.cn
metricsScraper:
enabled: true
metrics-server:
enabled: true
args:
- --kubelet-preferred-address-types=InternalIP
- --kubelet-insecure-tls
- token-ttl=0配置用来表示登陆后session不失效
3. 安装
# add repo
helm repo add k8s-dashboard https://kubernetes.github.io/dashboard/
# install
helm install kube-dashboard k8s-dashboard/kubernetes-dashboard -n kube-dashboard -f value.yaml
4. 错误修正
修改Deployment kube-dashboard-metrics-server 镜像为
registry.cn-hangzhou.aliyuncs.com/vcors/metrics-server-amd64:v0.3.6,gcr仓库镜像国内访问不到。
三、创建账户
1. 创建账户
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: test
namespace: kube-dashboard
EOF
2. 绑定角色
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: test
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: test
namespace: kube-dashboard
EOF
3. 获取Token
kubectl -n kube-dashboard describe secret $(kubectl -n monitor get secret | grep wuyuexin | awk '{print $1}')