文章目录
-----在master01上操作-----
1、创建dashborad工作目录
[root@master1 ~]# cd k8s/
[root@master1 k8s]# mkdir dashboard
2、拷贝官方的文件
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard
[root@master1 k8s]# cd dashboard/
[root@master1 dashboard]# ls
dashboard-configmap.yaml dashboard-secret.yaml
dashboard-controller.yaml dashboard-service.yaml
dashboard-rbac.yaml k8s-admin.yaml
[root@master1 dashboard]# kubectl create -f dashboard-rbac.yaml
[root@master1 dashboard]# kubectl create -f dashboard-secret.yaml
[root@master1 dashboard]# kubectl create -f dashboard-configmap.yaml
[root@master1 dashboard]# kubectl create -f dashboard-controller.yaml
[root@master1 dashboard]# kubectl create -f dashboard-service.yaml
3、完成后查看创建在指定的kube-system命名空间下
[root@master1 dashboard]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-65f974f565-sk2wl 1/1 Running 0 50s
[root@master1 dashboard]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-sk2wl 1/1 Running 0 57s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.238 <none> 443:30001/TCP 42s
4、访问nodeIP就可以访问(火狐浏览器可以直接访问)
https://192.168.200.40:30001/
谷歌浏览器无法访问的问题:
[root@master1 dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
#dashboard-controller.yaml 增加证书两行,然后apply
# args:
# # PLATFORM-SPECIFIC ARGS HERE
# - --auto-generate-certificates
# - --tls-key-file=dashboard-key.pem
# - --tls-cert-file=dashboard.pem
[root@master1 dashboard]# chmod +x dashboard-cert.sh
[root@master1 dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
[root@master1 dashboard]# vim dashboard-controller.yaml
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem #添加此行
- --tls-cert-file=dashboard.pem #添加此行
5、重新部署(注意:当apply不生效时,先使用delete清除资源,再apply创建资源)
[root@master1 dashboard]# kubectl delete -f dashboard-controller.yaml
[root@master1 dashboard]# kubectl apply -f dashboard-controller.yaml
6、使用谷歌浏览器访问:https://192.168.200.40:30001/
7、生成令牌
[root@master1 dashboard]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@master1 dashboard]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-g5hgp kubernetes.io/service-account-token 3 51s #复制该密钥dashboard-admin-token-g5hgp
default-token-jpwdf kubernetes.io/service-account-token 3 29h
kubernetes-dashboard-certs Opaque 11 2m36s
kubernetes-dashboard-key-holder Opaque 2 31m
kubernetes-dashboard-token-m8dtq kubernetes.io/service-account-token 3 119s
8、查看令牌
[root@master1 dashboard]# kubectl describe secret dashboard-admin-token-g5hgp -n kube-system
Name: dashboard-admin-token-g5hgp
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 3ce6da3a-9d34-11eb-beff-000c295d78bd
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1359 bytes
namespace: 11 bytes
token: #以下全部为令牌内容 eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZzVoZ3AiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2NlNmRhM2EtOWQzNC0xMWViLWJlZmYtMDAwYzI5NWQ3OGJkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.O7MZo-egPy5Yik-ySPuyMjKDuNYTs6YZSdtGx7jDGT2xvWCp_hGJM9g7ytKmowFx-WmapaNDIWgx52BS447eSO0tcdQ_drlVvc6Mn_bIOWiS5kA7HFv1X--l8r7083WOwjDQIM1ma43Pr1RqK0kx4zgIG8ILlF2OAZUR0aX5mcjGGOsBiyYRNiKTWhA_XzYLy4g0GTK4IB90soJB5-mhQeYgPGwVOB_0oge32U5HTc_s0AmkBoLl6LqA9M570IChOjwiknLUhPyRURPfcUzmrrKgQK25dADPf_2674xYXaGsqCpJa52I0YfFzRB12pduZ2WAPYiKhKK4G7mhHEzyBg