yaml 文件获取
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
安装
kubectl apply -f kubernetes-dashboard.yaml
创建访问凭证
创建普通用户访问凭证
参考 https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
创建管理员访问凭证
kubernetes-dashboard-admin-rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
使用集群管理员身份cluster-admin
获取token
kubectl describe secret kubernetes-dashboard-admin-token-rxkfb -n kube-system
Name: kubernetes-dashboard-token-qvgd6
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 5c19333b-3fec-11e9-ae9f-000c29370646
Type: kubernetes.io/service-account-token
Data
====
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1xdmdkNiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjVjMTkzMzNiLTNmZWMtMTFlOS1hZTlmLTAwMGMyOTM3MDY0NiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.NewpsPhXKuvBKjAkpnWInkPVn1FwYKnfZrmVCHCgHI7vRgdVjc_dzElVcccCfcU1UJ69k8lvCbp-enyLkNxIR3lFfn0ocyFexWVckQOUQf0iJA1MkKXwQ1vgCUlNa-_77Bjc71ds13eJkHlhtI6L7XgmS7MXtyxA8uPG5Mio2LY4kLY4pzR_0-FknWYAwMjVKoHQZSoxyryHwgeH6TW6VEey6YUpxT5emzWtCfpoJ7d_2Kj8LjidOdx5RM_r7WoNXcuP54x1KBP4ZsljMkNVV15jqEou1qJ0npVDymGgBqAyBh1_tfjpxTrcj01cPRD4dzGAQd8-O5vf5B-BCWZJJA
ca.crt: 1025 bytes
namespace: 11 bytes
将token追加到config文件之后,即可访问dashboard
追加后的config如下:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: ************************BDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVWGRFMkozQ0RGdmZmcmRDbS9Ua2ROSE9pZ3Ywd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNZMjR4RURBT0JnTlZCQWdUQjNScFlXNXFhV*****RBT0JnTlZCQWNUQjNScApZVzVxYVc0eEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HYzNsemRHVnRNUk13RVFZRF**********************
server: https://*.*.*.*:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: cms
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: cms
user:
as-user-extra: {}
client-certificate-data: ******************************nVGUGVrcjRhaG5VbVEvc2s1YXZQa3MyMgo3aEVvRFh6TUwwbzUxL3I5TTRFdVRqdTZQb0V1SFFSZHIydy9IaFZZaGM5SEdKamlyR1J2a1lTYWZLMnRmZ1dLCjhyZ3o5WVdnOUpvWXJvQTllWUFvV21DR2hERFpmeVNvSmFMQ2tqVThCK3U3TXJSV********************
client-key-data: *******************************kQTh3L1RPS3hsMXRoTU43ZGFoVHYzQm1CclJnNnNGd1VwQy9yS0Y3Ci9BWFNzM2ZBczVzZmJCOTZQN3lXeXNrQ2dZRUFqd0REWEZVWWdjcllJY1B6UEhtRGtkYU1scnBnNmR2UmlDeEEKRUdKb295Z2Q1cUFGU3hHQ1orODY4ZEt0YVZ6VTZ4WFh********************
token: ****************************************8YQPdhiRvaKlwq1o1vX1ROX_L8GZpy0Ech-kCk9DfPpGuiPDedWxiLCbS6TaCVUH2v1LDpQwCutWLsknbaxv_-TnlQeXQs1***************