Kubernetes 1.20.15 部署 K8s Dashboard 应用并创建只读访问 Token

以下是部署 K8s Dashboard 应用的代码：

1. 创建一个 dashboard.yaml 文件，内容如下：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubernetes-dashboard
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

---
apiVersion: v1
kind: Secret
metadata:
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubernetes-dashboard-settings
  namespace: kube-system
data:
  metricsScraperInterval: '30s'
  enableInsecureLogin: 'true'

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  replicas: 1
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      serviceAccountName: kubernetes-dashboard
      containers:
      - name: kubernetes-dashboard
        image: kubernetesui/dashboard:v2.2.0
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
        - --tls-cert-file=certs/kubernetes-dashboard.crt
        - --tls-private-key-file=certs/kubernetes-dashboard.key
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          readOnly: true
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs

---
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - port: 443
    targetPort: 8443

2. 执行以下命令部署 K8s Dashboard 应用：

kubectl apply -f dashboard.yaml

3. 生成一个访问的 token，赋予只读权限：

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secret $(kubectl get secret -n kube-system | grep dashboard-admin | awk '{print $1}')

执行以上命令后，会输出一个 token，将该 token 复制下来，即可用于访问 K8s Dashboard 应用。