kubernetes搭建dashboard-v1.10.1
一键部署脚本(或者可使用helm安装):
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
若连接不到镜像仓库,可提前下载好镜像,再执行脚本。
生成私钥和证书签名请求
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048 ... openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key #编写RSA密钥 rm dashboard.pass.key openssl req -new -key dashboard.key -out dashboard.csr
生成SSL证书
自签名SSL证书是从dashboard.key私钥和dashboard.csr文件生成的。
openssl x509 -req -sha256 -days 365-in dashboard.csr -signkey dashboard.key -out dashboard.crt
挂载证书到Dashboard
--- 删除已经部署的dashboard ---
kubectl delete -f kubernetes-dashboard.yml secret "kubernetes-dashboard-certs" deleted serviceaccount "kubernetes-dashboard" deleted role "kubernetes-dashboard-minimal" deleted rolebinding "kubernetes-dashboard-minimal" deleted deployment "kubernetes-dashboard" deleted service "kubernetes-dashboard" deleted
--- 创建 secret "kubernetes-dashboard-certs" ---
kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system secret "kubernetes-dashboard-certs" created
--- 查看secret内容 ---
kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml apiVersion: v1 data: dashboard.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwVENDQXJtZ0F3SUJBZ0lKQUo3QzdhRjVjdG1mTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTh4Q3pBSkJnTlYKQkFZVEFrTk9NUXN3Q1FZRFZRUUlEQUpJUWpFTE1Ba0dBMVVFQnd3Q1YwZ3hDekFKQmdOVkJBb01Ba1JOTVF3dwpDZ1lEVlFRTERBTlpVRlF4Q3pBSkJnTlZCQU1NQWtOQk1CNFhEVEU0TURnd056QTVNVGN5TTFvWERUSTRNRGd3Ck5EQTVNVGN5TTFvd1hERUxNQWtHQTFVRUJoTUNRMDR4Q3pBSkJnTlZCQWdNQWtoQ01Rc3dDUVlEVlFRSERBSlgKU0RFTE1Ba0dBMVVFQ2d3Q1JFMHhEREFLQmdOVkJBc01BMWxRVkRFWU1CWUdBMVVFQXd3UE1Ua3lMakUyT0M0eApNVGt1TVRZd01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdTJNUWpFVFVtS2RrCmZ5SjNPVXdyZGhrTnZTRk1CVGNhSTF3T3piTXI3SFJwSWFVQjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUYKYmpDVWVwM3pQaVlWYkkyeUlROXJ2OXRjakRjc1dFT2NONzNFN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUgpSejI3R01rdjltckJHUUU1c2NnTVQyMUJ2bjRkdDBJNjJIQWNVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Cks3emJrNW1wK1pmZllXa3FKZkE1V3hRWWlUZ0xIZ05wLy9uRzhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUkKTEl1VExNbzdxcGw4YW5wb3dzbzhpU3JZYUk5bFRGUkN3ZXJjRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeQp3OS9qeDNwYjh3SURBUUFCbzRHaU1JR2ZNQXNHQTFVZER3UUVBd0lIZ0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGCkJRY0RBZ1lJS3dZQkJRVUhBd0V3SFFZRFZSME9CQllFRkZOeGpWbUNqcG5ZK2Y3K3ZIZlJUSzU2L2FEak1COEcKQTFVZEl3UVlNQmFBRkpsVUVkcmZBcDEvdGcxRFE4TVVEbmtESnljTU1ERUdBMVVkRVFRcU1DaUhCTUNvZDZDSApCSDhBQUFHQ0R6RTVNaTR4TmpndU1URTVMakUyTUlJSmJHOWpZV3hvYjNOME1BMEdDU3FHU0liM0RRRUJDd1VBCkE0SUJBUUJ4T2U2UkhISG5ZL2IweFVKWjZDUDMramZxcjNXaFZYdlhoNkZEQzEvM2RlYmVkK1UvN0JudWpMdjkKOXlzODRreWo5Z1VCMzNxMHNCbzYwMExXZ1ZUZnZTSHlqbE5TMXhWRGhOWjlUTm5IaENqcEs1Q1RsSXgyV0RnawpMaGVXZjMyU1dLUkFXVnhpeEdtMHVDMks0MWk1SWFXOW1za0pNaFpEcnh1Y2ZTNDNnRWJ3M1dlZkpla3ZGZHhxCk9wKysvREoyMURVaTVqdG1oSjBrWEZuRXVXUjd4UTJIWmM5aFNPbmVWRDJNSVFQcE1RaUhVd2ttTm5saGxNNC8KY3pXeldXY1NKODR4MCtRSy80b3A1UGNCL21LcGZCaC9YbkZlYmlRa2ExaVBzUm11QkJKUUJSRzZPTjI4OThVYwpyaWRISG5ZT29TWGlUN2Q4MXJRMUFTbWxaNGJLCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K dashboard.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdTJNUWpFVFVtS2RrZnlKM09Vd3JkaGtOdlNGTUJUY2FJMXdPemJNcjdIUnBJYVVCCjIxM3VWTXdvRXAvckNkLzg5d0duQUJxNjBQeUZiakNVZXAzelBpWVZiSTJ5SVE5cnY5dGNqRGNzV0VPY043M0UKN3k1eGc4ZDh5M0I4dW1nUGZPaUlxenplZDRSUlJ6MjdHTWt2OW1yQkdRRTVzY2dNVDIxQnZuNGR0MEk2MkhBYwpVNGlHRkNIaDAraW4ra0FuVGF6Y25pSWpjaG02Szd6Yms1bXArWmZmWVdrcUpmQTVXeFFZaVRnTEhnTnAvL25HCjhCVkRMOVZSTklKU2JXWmk3QWZUR2FsaWVYWUlMSXVUTE1vN3FwbDhhbnBvd3NvOGlTcllhSTlsVEZSQ3dlcmMKRlVjajV6ZmtWOGc4N29HWlhLeGRHZkZzVmJMeXc5L2p4M3BiOHdJREFRQUJBb0lCQUVnZHVoS2hzc2dGTkJJUgpxNXlyaWRacmtmUUZ5b0gvVU5ubTVmT1lUd0V6VS9xVXpJQW1TRUR1U1VYUnNkMGREUGZxOU9CL2FRSmhET0Q1ClpVdERXb2ZDbEdBd3NDczFDaHpPU1hIVkVnWHVEME1NajZ3VlRhNlBxYUdKNnhhNlVhdWF1bTVjZ0tteWpLMUUKUHFzdFVuNGRXNjlKMzNCaU13cW1XN1Q2U0dsc00vNmlVTElWdGpXclJkOUZrRU40SVkyUHBsRmhZckRvNEQveQpVQlBUK0laQjJ5b0Z6VDRDQ0JZZkVDOC9WT3lzSVN2ajhWbW5lbStaZy96aVdkQzBmZzY5U3JQRzBUYStQZmdJCjJHUzNBcGQxdGJ3YUhzL01UV0UvR1dQRzZtVm92dkVwTUorek9wR2lMZDBVVVdRaEpZeUpIT3hZRkVKWHNrYTYKQ2RZL09wRUNnWUVBOXFnNDFWNTBWNGxUNWViMExxbWUzeGJFTVA3MHp3SkhJOFpKQ0pwSi9HR2lNYlB2dm5FYwpKMlVIMkdFOEgrQ1JCakZyRzRIcCttSlNzdFlDTUpGclU1bmpTZ3BRdXJCY3pTdXFqSkFUcWV1UUhVZkpkUXdwCjFydXR2YnBSZGtmTVJPK0NDbGkxSDdPNW1YWGo0NkoxNjF4aHhFWUtLYWdHU3BCUkJQUFNPdmNDZ1lFQXdud2QKRG9VZkpBTlBJcnV4ZUJ0VzFTTnQ0T1hzdHd6STJpWUNrbGFNSmI3VWJ1NndBNkdzUGJuT2puMWVvb0dLc0xPNgo0K05VckxVSGZBNzdwaW1LK2kwa2xPZDJVdFhweUdObjJqTm5kK0V0ZmpkZ3pLTWdvN09BQ28zQ1hnM1JJTDBJClVRYjRiUVV1bWRDM2NPYXUvbzNBNk1zKzJRT1ZXTDV5R1pkMUMrVUNnWUFJbW9tUTk4QjdKVEVsL2M1YXFsUCsKV0I3enpwRGZmNmJYbXAwRmpjd3kzM3oyMnQzcitLb1F2YmR1VnNYd0hyY3dUaHo4VXFYRXRCVktZNmlqNVE2bgpWZURWdmxKZWtMUkwrOC94SXoxc1dla20vRkFNb3lYNmRZVno3c0hVckdCMXJ4ME1HMWdHQ1JEYVI0Qnhla00rCnVIUTRrbkRjVHg0WkQ3dWp2cFdBdFFLQmdCc3hGVEx4ZytBYUlsZGQzTHRKUDBPL2wxNUpaMlpVZ0VTWDZlWWgKK2FoUlhReEJqUlNFNXpzZUhuWW5xektYWUJmQ21VL0JlaFpIblV0SUlRRWpiODM0djlPZDVScEIxRlR6S1JNRgordUowOWxKZVZjZG15MnAzNzJBS1gvR2NodS9IM2tETjg2L3llSWlDK1JMcy9leVRUelI5TGtWVFRlOUJlVnlBCm81bk5Bb0dBTCsxYk4rTDVmRG5YS2RzdlYrSkdUM3pBT3BPdCsySndGc0huWTdacVFmV3NFcVFITE53c0VzNk4Kb3kxU3g1T0I1K0owaWlhampPS0dlQzl3Z1Y3dFNxNkJieUoxQnZSc1Ewb20yZGg2RGVIQ0pDN0VZQnhWb2oxQwpVMSszTXVBZHJvOE45R1BtRHZYdlhvTkhRVnBQTTlEQTJ4UDZZTkZuVEZKN1NVRTRRcDA9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== kind: Secret metadata: ......
--- 重新部署dashboard ---
kubectl apply -f kubernetes-dashboard.yml Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply secret "kubernetes-dashboard-certs" configured serviceaccount "kubernetes-dashboard" created role "kubernetes-dashboard-minimal" created rolebinding "kubernetes-dashboard-minimal" created deployment "kubernetes-dashboard" created service "kubernetes-dashboard" created
创建登陆账号
vi admin-user-role-binding.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
kubectl create -f admin-user-role-binding.yaml
获取登陆token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
输出类似:
Name: admin-user-token-qrj82 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name=admin-user kubernetes.io/service-account.uid=6cd60673-4d13-11e8-a548-00155d000529 Type: kubernetes.io/service-account-token Data ==== token: ......
访问dashboard
第一种:kubectl proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
第二种:kube -n kube-system port-forward pod名 8443:3000 &
http://loaclhost:3000
第二种:设置service nodeport
http://node_ip:nodeport
参考:
kubernetes dashboard部署流程:https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html
密钥挂载到dashboard:https://blog.csdn.net/chenleiking/article/details/81488028
证书创建参考:https://github.com/kubernetes/dashboard/wiki/Certificate-management
github地址:https://github.com/kubernetes/dashboard