k8s dashboard 解决secret自建证书导致浏览器访问限制
熟悉dashboard yaml文件所创建的资源
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml
查看recommended.yaml文件,dashboard secret对象为自动生成,证书无效,需要手动修改替换
生成证书
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=stage.navinfo.sg'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
openssl x509 -in dashboard.crt -text -noout
根据证书和秘钥创建 secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt
修改recommended.yaml 的service为NodePort,创建dashboard其他资源对象
web访问https://IP:NodePort
使用token登录dashboard,查看namaspace中的 ServiceAccount
recommend.yaml创建的用户权限不够,需要创建一个admin用户,登录dashboard
dashboard-adminuser.yaml 参考: https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
