minikube 安装dashboard

helm 安装 kubernetes dashboard

[kubernetes dashboard helm 传送门](https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard)

按照上方文档教程安装

#helm 3

helm repo add k8s-dashboard https://kubernetes.github.io/dashboard

helm install my-kubernetes-dashboard k8s-dashboard/kubernetes-dashboard --version 5.7.0

注意：

helm 默认安装的 dashboard svc 是 ClusterIP 模式，可根据环境需要，手动修改为 NodePort 模式，如下图两处修改

到此，安装后可以通过 https://192.168.137.21:30001 访问 dashboard

但是如果通过下面命令获取token，可以正常登录，但登录后集群内所有操作都提示没有权限

#kubectl -n kubernetes-dashboard describe secrets $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard-token | awk '{print $1}')

kubectl describe secrets kubernetes-dashboard-token-8dtgb

如果遇到下面错误：

statefulsets.apps is forbidden: User "system:serviceaccount:default:kubernetes-dashboard" cannot list resource "statefulsets" in API group "apps" in the namespace "default"

解决办法：

在k8s集群内创建 ClusterRoleBinding ,关联 name: kubernetes-dashboard 的 ServiceAccount 到 name: cluster-admin 的 ClusterRole

即：

[root@control-plane minikube]# cat dashboard-crb.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: default

下面为创建crb和token

[root@control-plane minikube]# kubectl apply -f dashboard-crb.yml
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created

[root@control-plane minikube]# cat create-token.sh
kubectl -n kubernetes-dashboard create token admin-user

[root@control-plane minikube]# kubectl -n default create token kubernetes-dashboard
eyJhbGciOiJSUzI1NiIsImtpZCI6Im9keTJuQnBoek5lWW1ZWkVfSFBvSUNvVVNWNnNkZERTeHlJcFNrQVZ6cGcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjU1MzUwNTQ5LCJpYXQiOjE2NTUzNDY5NDksImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJkZWZhdWx0Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6Imt1YmVybmV0ZXMtZGFzaGJvYXJkIiwidWlkIjoiMGVmNzQ5ZjQtMzMxYi00MThmLThiMjAtZmNlZTY2Zjg3YjcxIn19LCJuYmYiOjE2NTUzNDY5NDksInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0Omt1YmVybmV0ZXMtZGFzaGJvYXJkIn0.E13Te7b77hEe0Y6C3K5uC5waMfeD7Wp4GpGD9RIAFl5jAPwexPuAf3M_F1c7neUAtCsHz8LDraAuhM4VcI3sXD4TW7y4DumObcxK152WKhHIpgcpRSY9zyc0IJmNdVwzNiDkaNexigcIq9PFRSjd3ZQLPL_JuZOMz-490G4K5t38WDoAO1o39RYi9ZocY6MvksSZft1bbi5jCJ96OGvQzE_8dgxGZTqmDb73d29cfNWLYBttAcWZNbLhWYb_TGBHTi-Xfkhgb-74mKdelmVVA680ZkwrdUroR7lgEawWNBtwGJ-qeu1rGAoM1oUOxHKuoHnnrxyYYuG0WbcaquQQnQ

创建了 CRB 后，再获取登录 dashboard 的 token 可以使用命令获取

kubectl describe secrets kubernetes-dashboard-token-8dtgb