K8S部署Dashboard通过NodePort暴露端口，配置Token登录

简介

部署K8S Dashboard，可以更加方便的管理K8S

参考资料

K8S Dashboard部署: https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/

坑

1. 最新版的K8S部署Dashboard时，不会自动创建Secret:kubernetes.io/service-account-token，已经在admin-user.yaml中补充

部署K8S Dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml

开放NodePort外网访问

编辑SVC

kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard
...
  type: NodePort #修改类型
...

获取对外暴露端口，此时PORT处的3xxxx就是对外暴露的端口

kubectl -n kubernetes-dashboard get svc kubernetes-dashboard

配置Token登录

cat > admin-user.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard


---
apiVersion: v1
kind: Secret
metadata:
  name: kubernetes-dashboard-admin-token-secret
  namenamespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: admin-user
type: kubernetes.io/service-account-token
EOF

# 部署
kubectl apply -f admin-user.yaml

获取登录Token

kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-admin-token-secret