k8s部署Dashboard
下载Dashboard所需的yaml文件
wget https://www.cloudelf.cn/kubernetes/kubernetes-dashboard.yaml
修改yaml文件:
1.将service type字段设置为nodeport
2.所有的ns修改为kube-system
注意:所有ns也可不必修改为kube-system,也可使用kubernetes-dashboard,后续证书以及授权使用相对应的ns即可。
3.镜像地址修改为aliyun
4.注释kubernetes-dashboard-certs,否则后面会显示网页不安全,证书过期
生成证书
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048
#ip为node节点ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.26.207.183'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
#查看pod
kubectl get pod -n kube-system
#重启pod
kubectl delete pod kubernetes-dashboard-78dc5f9d6b-zgvr6 -n kube-system
#再一次创建dashboard pod
kubectl apply -f kubernetes-dashboard.yaml
创建并绑定用户
#创建一个叫admin-user的服务账号:
cat admin-user.yaml
#直接绑定admin角色:
cat admin-user-role-binding.yaml
kubectl create -f admin-user-role-binding.yaml
#查看绑定信息
kubectl get clusterrolebinding
NAME AGE
admin-user 21h
cluster-admin 7d3h
dashboard-admin 6d9h
dashboard-cluster-admin 5d8h
flannel 7d2h
kubeadm:kubelet-bootstrap 7d3h
kubeadm:node-autoapprove-bootstrap 7d3h
kubeadm:node-autoapprove-certificate-rotation 7d3h
kubeadm:node-proxier 7d3h
kubernetes-dashboard 167m
kubernetes-dashboard-admin 6h53m
system:basic-user 7d3h
system:controller:attachdetach-controller 7d3h
#查看token
kubectl -n kube-system get secret
NAME TYPE DATA AGE
admin-user-token-7rsx9 kubernetes.io/service-account-token 3 6d2h
#根据上述token名查看token值
kubectl -n kube-system describe secret admin-user-token-7rsx9
token值为:
eyJhbGciOiJSUzI1NiIsImtpZCI6Imo2UmxvYTZuTnJFQ0Z2NnFUWENqZVVlbEhfdHZDMjVxQjlXMHR4RHlNZzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTdyc3g5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NWM3YTBhNy00YTc2LTQ4ZmItYjZhYi1jYjIyZWFhODhmY2IiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Q9nqtPwBQOhyJXlsTDUmSoxEn-jtPR0-1fYGhDCnkvGV4yWRA4s-XFmRnsJ-veakGYtUlZrVYdmQwBebBU-ktAnU009kx6dWNnk-bOf8WgBAxHBBnl87fPQVr-0-FiyGaBLIbWt-FteBaMiLa0PFBA_SzvTXUmjolYZFKPmL6KJugXLWXdukV76ooF6uKBwafuuI0-bsF9IKs5hh3kAcF6k5PvJ-X6eZSCr7mohZWXw4tm6hDJRcu989lXqDGJ-i8AyOsBRBjQH2fyC1x-i66Kr8p79GHqO2tH0MSaUHmy-irXgj5uw_BrV569h7L4UVraSr8C5hgKScdghgnWdcrw
#查看 Dashboard 端口号
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.103.251.200 <none> 8000/TCP 174m
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 7d3h
kubernetes-dashboard NodePort 10.104.90.235 <none> 443:30001/TCP 174m
Dashboard端口号:30001
访问Dashboard:
https://39.98.157.125:30001/#!/login
选择令牌,并输入上token值即可登录
参考文献:https://blog.csdn.net/luhost/article/details/99191469