k8s集群dashboard创建
kubernetes集群搭建完毕后,可以为集群创建dashboard,步骤如下
生产客户端证书
[root@k8s-master ~]# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt [root@k8s-master ~]# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key [root@k8s-master ~]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-web-client" Enter Export Password: 设置证书密码,浏览器导入证书时需要 Verifying - Enter Export Password:
创建kubernetes-dashboard.yaml
[root@k8s-master ~]# wget http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml [root@k8s-master ~]# kubectl create -f kubernetes-dashboard.yaml
查看POD状态
[root@k8s-master ~]# kubectl get po -n kube-system |grep dashboard kubernetes-dashboard-5f7b999d65-66rrw 1/1 Running 0 91m
创建访问账户
[root@k8s-master ~]# cat dashboard_service_account_admin.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
创建集群角色绑定
[root@k8s-master ~]# cat dashboard_cluster_role_binding_admin.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
创建资源
[root@k8s-master ~]# kubectl apply -f dashboard_service_account_admin.yaml serviceaccount/admin-user created [root@k8s-master ~]# kubectl apply -f dashboard_cluster_role_binding_admin.yaml clusterrolebinding.rbac.authorization.k8s.io/admin-user created
获取TOKEN
[root@k8s-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-8dsjg Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 45c6f835-bccd-11e9-8459-0050569ce87d Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXA5OW1xIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwOTM5Zjg2NS0xMDI1LTExZWEtYjZjZS0wMDE2M2UwOGU0ZjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.OXrohzkndc3iafyLkdNZjssWMjYRIS5RaghcX1e5JDN_09HklTk3WwXSiG7zf1EeFuytnOTQzlzlUfvAW3lBevTANtiReiNdRcFrjIQl_JYOH3clgxXizZKkEnsBcQ_sYhFOz-I-NKjN9AL8PhlV1Mfuv-sfOSlF6uUOM7AfXjL9JFF1DFqFF1I2OZZh1DlUuJVlMhkzW3j4VJnCc-kS4kWPdt3kYkeJM6vCjkZjlr75bD3w6NwK3d0K_yjWJ6vOr7MhmhoAlIoe2IvAGYC4b7Db_203y8xtX0_J9w-VdpYiP5_Bc4HxaXA6pKObs0BIwM8oWGlWnfqFMzGr8jGCvg
将证书kubecfg.p12导出来,在浏览器导入证书
登录dashboard
https://x.x.x.x:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
跳转后选择令牌方式登录输入token即可