● 创建能列出名称空间的集群角色
因为dashboard默认进入的界面是default，名称空间级别用户无法查看和切换到其它名称空间

[root@hdss7-200 ~]# cat /data/k8s-yaml/dashboard/dashboard_1.10.1/list-namespace.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata: 
  name: list-namespace
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - list

RBAC授权

[root@hdss7-200 ~]# cat /data/k8s-yaml/dashboard/dashboard_1.10.1/namespace-admin.yaml 
# 创建service account 账户
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
  name: ns-admin
  namespace: kube-system
---
# 授权default名称空间的管理员权限
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ns-admin-default
  namespace: default
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: ns-admin
  namespace: kube-system
---
# 授予app名称空间的管理员权限
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ns-admin-app
  namespace: app
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: ns-admin
  namespace: kube-system
---
# 可以查到到其它名称空间，方便切换。不受该权限时，需要手动修改URL中namespace完成切换
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ns-admin-list-namespace
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: list-namespace
subjects:
- kind: ServiceAccount
  name: ns-admin
  namespace: kube-system