###基于token
#新版本的kuberbetes将dashboard的相关配置放到了新建的kubernetes-dashboard名称空间下,访问输入这里
#使用变量 k=kubernetes-dashboard,
#在线应用dashboard的配置,其中创建的service的类型为clusterIP需要修改为NodePort类型
[root@master dashboard]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
#service资源的类型由clusterIP修改为NodePort类型
[root@master dashboard]# kubectl edit svc kubernetes-dashboard -n $k
service/kubernetes-dashboard edited
[root@master dashboard]# kubectl get svc -n $k
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.104.29.89 <none> 8000/TCP 4m37s
kubernetes-dashboard NodePort 10.107.136.104 <none> 80:31527/TCP 4m38s
#创建sa用户admin-user在kubernetes-dashboard名称空间下,$k代替
[root@master dashboard]# kubectl create sa admin-user -n $k
serviceaccount/admin-user created
#系统用户admin-user和集群角色cluster-admin绑定,从而获取了集群级别的管理权限
[root@master dashboard]# kubectl create clusterrolebinding admin-user --serviceaccount=$k:admin-user --clusterrole=cluster-admin -n $k
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
[root@master dashboard]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-5q87x
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 62cc04eb-abca-11ea-b076-000c29cddc18
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTVxODd4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2MmNjMDRlYi1hYmNhLTExZWEtYjA3Ni0wMDBjMjljZGRjMTgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.GFcxh6GIaaq6tBNLFdYAxnEuA0191CIXZ-h9L6o7_sH7WqGqsv8zZPY7CHslTGF0GnSAf636xOmdLAmIOKCl_qowmq_4s3WjLmHmffgrVTYP4hU4iie-l3j8fec-Qd_pyPjsqMi_PjUraR_6ay86t-0BSOx0Koo6GwOIQBHVwNljM6QZN923mGpulHH0WZ1QCjTNUkiBuVXnGjYM1dHEYBHnupzwH33TbZdQa_CHLuV5IzRmxbtIeIoPu23N8FXwBd9wv5aSnoJO9slFYWQspH4ztGnAemBJXJxNTvbzJ3exwPwh0cKZRYxa_T5Vq6Ed0n3BfM5K6B3Cay6ac2KYpw
#浏览器访问https://node_ip:node_port
#https://192.168.100.2:31527/#/login,将token复制进去,
#基于kubeconfig