Kubernetes容器集群部署WebUI(六)

创建dashboard-rbac.yaml文件，基于认证权限

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard
  namespace: kube-system
---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kube-system

[root@master ui]# kubectl create -f dashboard-rbac.yaml

创建dashboard-deployment.yaml文件

apiVersion: apps/v1beta2
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      serviceAccountName: kubernetes-dashboard
      containers:
      - name: kubernetes-dashboard
        image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.7.1
        resources:
          limits:
            cpu: 100m
            memory: 300Mi
          requests:
            cpu: 100m
            memory: 100Mi
        ports:
        - containerPort: 9090
          protocol: TCP
        livenessProbe:
          httpGet:
            scheme: HTTP
            path: /
            port: 9090
          initialDelaySeconds: 30
          timeoutSeconds: 30
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"

[root@master ui]# kubectl create -f dashboard-deployment.yaml

创建dashboard-service.yaml文件

apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  type: NodePort
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 80
    targetPort: 9090

[root@master ui]# kubectl create -f dashboard-service.yaml

查看命名空间的元素

[root@master ui]# kubectl get all -n kube-system
NAME                                        READY     STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-698bb888c5-krqpq   1/1       Running   0          2m

NAME                           TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/kubernetes-dashboard   NodePort   10.10.10.135   <none>        80:47045/TCP   2m

NAME                                         DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/kubernetes-dashboard   1         1         1            1           2m

NAME                                                    DESIRED   CURRENT   READY     AGE
replicaset.extensions/kubernetes-dashboard-698bb888c5   1         1         1         2m

NAME                                   DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/kubernetes-dashboard   1         1         1            1           2m

NAME                                              DESIRED   CURRENT   READY     AGE
replicaset.apps/kubernetes-dashboard-698bb888c5   1         1         1         2m

查看命名空间

[root@master ui]# kubectl get ns
NAME          STATUS    AGE
default       Active    2h
kube-public   Active    2h
kube-system   Active    2h