k8s dashboard 部署并使用 kubeconfig 登陆

部署
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
# 获取 token 登陆 
kubectl -n kubernetes-dashboard  get  secret  default-token-7kjvr 
此时获取的结果可以用于 token 登陆，为方便用 Kubeconfig登陆 dashboard
# 创建需要的证书
mkdir -p /usr/local/src/kubernetes/certs
cd /usr/local/src/kubernetes
openssl genrsa -des3 -passout pass:x -out certs/dashboard.pass.key 2048
openssl rsa -passin pass:x -in certs/dashboard.pass.key -out certs/dashboard.key
openssl req -new -key certs/dashboard.key -out certs/dashboard.csr -subj '/CN=kube-dashboard'
openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt
rm certs/dashboard.pass.key
kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system

# 获取token 
DASH_TOCKEN=$(kubectl -n kubernetes-dashboard  get  secret  default-token-7kjvr  -o jsonpath={.data.token} |base64 -d)
# 设置 kubeconfig 文件中的一个集群条目
kubectl config set-cluster kubernetes --server=172.24.119.227:8443 --kubeconfig=/usr/local/src/dashbord-admin.conf
# 设置 kubeconfig 文件中的一个用户条目
kubectl config set-credentials dashboard-admin --token=$DASH_TOCKEN --kubeconfig=/usr/local/src/dashbord-admin.conf 
# 设置 kubeconfig 文件中的一个上下文条目
kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/usr/local/src/dashbord-admin.conf 
#设置 kubeconfig 文件中的当前上下文
kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/usr/local/src/dashbord-admin.conf 
sz /usr/local/src/dashbord-admin.conf 


# ingress 配置
$ cat dash-ingress.yaml 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  rules:
  - host: rjddsdashr.tagtic.cn
    http:
      paths:
      - path: /
        backend:
          servicePort: 443
          serviceName: kubernetes-dashboard
  tls:
  - hosts:
    - rjddsdashr.tagtic.cn
    secretName: kubernetes-dashboard-certs