从github上获取k8s网页资源文件
GitHub地址
将6个yaml文件上传至k8s的master节点上
[root@master01 k8s]# mkdir /root/k8s/dashborad
[root@master01 k8s]# cd dashborad/
[root@master01 dashborad]# ls
dashboard-configmap.yaml dashboard-controller.yaml dashboard-rbac.yaml dashboard-secret.yaml dashboard-service.yaml k8s-admin.yaml
# 使用yaml文件创建
# 这些yaml文件创建需按顺序
# 不能任意创建
kubectl create -f dashboard-rbac.yaml
kubectl create -f dashboard-secret.yaml
kubectl create -f dashboard-configmap.yaml
kubectl create -f dashboard-controller.yaml
kubectl create -f dashboard-service.yaml
[root@master01 dashborad]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/kubernetes-dashboard-65f974f565-vvfh2 1/1 Running 0 112s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes-dashboard NodePort 10.0.0.154 <none> 443:30001/TCP 103s
使用kubectl get pod -o wide -n kube-system命令查看dashboard的pod运行在k8s的哪个节点上
访问节点IP地址的30001端口进入网页
谷歌浏览器访问出现问题,证书无法认证
# 解决谷歌浏览器无法访问问题
# 需要配置证书
[root@master01 dashborad]# vim dashboard-cert.sh
# 写入
cat > dashboard-csr.json <<EOF
{
"CN": "Dashboard",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF
K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system
# 添加证书配置
[root@master01 dashborad]# vim dashboard-controller.yaml
...
args:
# PLATFORM-SPECIFIC ARGS HERE
- --auto-generate-certificates
- --tls-key-file=dashboard-key.pem
- --tls-cert-file=dashboard.pem
...
[root@master01 dashborad]# bash dashboard-cert.sh /root/k8s/k8s-cert/
2020/03/16 23:30:44 [INFO] generate received request
2020/03/16 23:30:44 [INFO] received CSR
2020/03/16 23:30:44 [INFO] generating key: rsa-2048
2020/03/16 23:30:45 [INFO] encoded CSR
2020/03/16 23:30:45 [INFO] signed certificate with serial number 552615628355143829518244419300925036195197540386
2020/03/16 23:30:45 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
secret "kubernetes-dashboard-certs" deleted
secret/kubernetes-dashboard-certs created
# apply 重新应用修改过的dashboard-controller.yaml
[root@master01 dashborad]# kubectl apply -f dashboard-controller.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
serviceaccount/kubernetes-dashboard configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
deployment.apps/kubernetes-dashboard configured
重新应用资源后可能会使资源运行节点发生改变,
使用kubectl get pod -n kube-system -o wide命令查看节点IP
再访问相应的节点IP进入网页
登陆认证使用令牌
下面获取令牌
# 生成令牌
[root@master01 dashborad]# kubectl create -f k8s-admin.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@master01 dashborad]# kubectl get secret -n kube-system
NAME TYPE DATA AGE
dashboard-admin-token-lzzfl kubernetes.io/service-account-token 3 10s
default-token-bt8hf kubernetes.io/service-account-token 3 6h6m
kubernetes-dashboard-certs Opaque 11 12m
kubernetes-dashboard-key-holder Opaque 2 21m
kubernetes-dashboard-token-9zblr kubernetes.io/service-account-token 3 20m
# 从secret列表中
# kubernetes-dashboard-token通过获取token
[root@master01 dashborad]# kubectl describe secret dashboard-admin-token-lzzfl -n kube-system
...
token: eyJhbGciOiJSUzI1NiIsImtpZC..........
把输出信息中的token填入令牌,就可以登陆k8s的网页端了