Dashboard是一个基于Web的Kubernetes用户界面。您可以使用仪表板将容器化应用程序部署到Kubernetes集群,对容器化应用程序进行故障排除,并管理集群本身及其附带的资源。您可以使用仪表板获取集群上运行的应用程序的概览,??并创建或修改单个Kubernetes资源。默认通过yaml文件安装k8s集群和Dashboard服务后,使用token或者Kubeconfig文件登录,使用更安全。但是如果我们部署的是测试或者实验环境,每次输入一长串token是很不方便的。所以,这里我们介绍如何使用用户名和密码登录Dashboard服务。集群环境集群版本搭建方法dashboardversionmasterv1.20.4kubeadmdashboard:v2.0.4node01v1.20.4kubeadmdashboard:v2.0.4node02v1.20.4kubeadmdashboard:v2.0.4createuserfileformat:user,password,userID,"group1,group2"注意:userID不能重复#创建用户名和密码配置文件#在所有master节点上配置用户名和密码$echo'admin,admin,1'|sudotee/etc/kubernetes/pki/basic_auth_file修改配置文件会将上面创建的用户名和密码文件添加到如下文件#配置修改$sudovim/etc/kubernetes/manifests/kube-apiserver.yamlspec:containers:-command:-kube-apiserver---advertise-address=192.168。30.30---basic-auth-file=/etc/kubernetes/pki/basic_auth_file...volumeMounts:–mountPath:/etc/kubernetes/basic_auth_filename:basic-auth-filereadOnly:truevolumes:–hostPath:name:basic-auth-文件路径:/etc/kubernetes/basic_auth_file重启apiserver服务使修改生效#Restart$kubectlapply-f/etc/kubernetes/manifests/kube-apiserver.yaml#查看$kubectlgetpod-nkube-system|grepapiserverkube-apiserver-k8s-011/1Running024skube-apiserver-k8s-021/1Running044skube-apiserver-k8s-031/1Running050s使用权限绑定用户创建集群管理员角色绑定#权限绑定$kubectlcreateclusterrolebinding\login-on-dashboard-with-cluster-admin\--clusterrole=cluster-admin--user=admin#Viewbinding$kubectlgetclusterrolebindinglogin-on-dashboard-with-cluster-adminNAMEROLEAGElogin-on-dashboard-with-cluster-adminClusterRole/cluster-admin2m23s打开基础配置修改kubernetes-dashboard.yaml配置文件$sudovimkubernetes-dashboard.yamlargs:---auto-generate-certificates---namespace=kubernetes-dashboard---token-ttl=43200#Expiredseconds---authentication-mode=basic#Enablebasiclogin#Update$kubectlapply-fkubernetes-dashboard.yaml登录验证使用用户名和password登录DashboardServiceDashboardEnableusernameandpasswordlogin
