k8s集群dashboard创建

kubernetes集群搭建完毕后，可以为集群创建dashboard,步骤如下

生产客户端证书

[root@k8s-master ~]# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
[root@k8s-master ~]# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
[root@k8s-master ~]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-web-client"
Enter Export Password: 设置证书密码，浏览器导入证书时需要
Verifying - Enter Export Password:

创建kubernetes-dashboard.yaml

[root@k8s-master ~]# wget http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml
[root@k8s-master ~]# kubectl create -f kubernetes-dashboard.yaml

查看POD状态

[root@k8s-master ~]# kubectl get po -n kube-system |grep dashboard
kubernetes-dashboard-5f7b999d65-66rrw 1/1 Running 0 91m

创建访问账户

[root@k8s-master ~]# cat dashboard_service_account_admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system

创建集群角色绑定

[root@k8s-master ~]# cat dashboard_cluster_role_binding_admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system

创建资源

[root@k8s-master ~]# kubectl apply -f dashboard_service_account_admin.yaml
serviceaccount/admin-user created
[root@k8s-master ~]# kubectl apply -f dashboard_cluster_role_binding_admin.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

获取TOKEN

[root@k8s-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name: admin-user-token-8dsjg
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 45c6f835-bccd-11e9-8459-0050569ce87d

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXA5OW1xIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwOTM5Zjg2NS0xMDI1LTExZWEtYjZjZS0wMDE2M2UwOGU0ZjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.OXrohzkndc3iafyLkdNZjssWMjYRIS5RaghcX1e5JDN_09HklTk3WwXSiG7zf1EeFuytnOTQzlzlUfvAW3lBevTANtiReiNdRcFrjIQl_JYOH3clgxXizZKkEnsBcQ_sYhFOz-I-NKjN9AL8PhlV1Mfuv-sfOSlF6uUOM7AfXjL9JFF1DFqFF1I2OZZh1DlUuJVlMhkzW3j4VJnCc-kS4kWPdt3kYkeJM6vCjkZjlr75bD3w6NwK3d0K_yjWJ6vOr7MhmhoAlIoe2IvAGYC4b7Db_203y8xtX0_J9w-VdpYiP5_Bc4HxaXA6pKObs0BIwM8oWGlWnfqFMzGr8jGCvg

 

将证书kubecfg.p12导出来，在浏览器导入证书

登录dashboard
https://x.x.x.x:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

跳转后选择令牌方式登录输入token即可