1. 参考我的博客https://blog.csdn.net/u014365419/article/details/95385890部署kubernetes
2. 部署dashboard
# kubectl create -f http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
3. 查看部署状态
# kubectl get pods --all-namespaces
4. 仅限本地访问dashboard UI,运行以下命令
# kubectl proxy
5. 如果apiserver可以外网访问,推荐apiserver方式,可以在其他机器访问dashboard UI
确保/etc/kubernetes/admin.conf文件已经复制到了$HOME/.kube/config中,官网文档kubeadm安装应该已经复制过了
生成client-certificate-data
# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
生成client-key-data
# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
生成p12
# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
将证书下载到本机,导入到浏览器中(浏览器设置中安全设置部分可以支持证书导入)
本机访问如下网址可以访问dashboard UI
https://<master-ip>:<apiserver-port>/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login,其中<master-ip>是 Kubernetes 主服务器的 IP 地址或域名。<apiserver-port>是kube-apiserver的端口,一般是6443
看到如下界面,就说明成功了
6. 生成token
# vim admin-user.yaml
粘贴下列内容
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
# kubectl create -f admin-user.yaml
# vim admin-user-role.binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
# kubectl create -f admin-user-role-binding.yaml
获取token
# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-vchrh
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 727ee4ab-a478-11e9-b405-000c29e3e93b
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXZjaHJoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3MjdlZTRhYi1hNDc4LTExZTktYjQwNS0wMDBjMjllM2U5M2IiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.KNfMr4GJrxdVO3Egj4mtOGDk2sMoMdVssMMnFQv6-46h7HDmnuesVnvbATigKBw3cB6MHLv3aNYqI1O3ShBObUKceHfAErCahQR62eV0ntNIE4O1o1mqKQSxhrLfohMneG_1skc5UHAaAD5r84KK_n0cSX6pwpIEFNAKAXS5TKn1V9S1qZxGyvYJu4GDOIL_THRSxu-OKZqt-7J5ZKBWawLlZDUQIjf7KERmhmvzAdbC6q7b4vl6kscK5uXzAFhwc75nPuAuji4vr_gZHP0kbMRHPNxJsBwwR38gdlcWymufHjk5SoXf212TlCWzhefAZptWsGZ_asWqY7XZdpPrqg
将token填入登录框内,就可以登录了