1.helm安装kubernetes-dashboard
# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
2.配置dashboard用户
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
3.配置kubernetes-dashboard证书
root@master:~/ingress-nginx/secrets# cat kubernetes-dashboard-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: k3s-seclabs-tls
namespace: kubernetes-dashboard
type: kubernetes.io/tls
data:
tls.crt: LS0tLS1CRUdJTi………省略………
tls.key: LS0tLS1CRUdJTi………省略………
root@master:~/ingress-nginx/secrets# kubectl apply -f kubernetes-dashboard-secret.yaml
secret/k3s-seclabs-tls created
root@master:~/ingress-nginx/secrets#
root@master:~/ingress-nginx/secrets# kubectl get secrets
NAME TYPE DATA AGE
k3s-seclabs-tls kubernetes.io/tls 2 128m
root@master:~/ingress-nginx/secrets#
4.通过ingress-nginx发布
root@master:~/ingress-nginx# cat kubernetes-dashboard-ingress.yaml
# kubernetes-dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingress
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- host: dashboard.k3s.seclabs.top
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard-kong-proxy
port:
number: 443
tls:
- hosts:
- dashboard.k3s.seclabs.top
secretName: k3s-seclabs-tls
root@master:~/ingress-nginx#
root@master:~/ingress-nginx# kubectl apply -f kubernetes-dashboard-ingress.yaml
ingress.networking.k8s.io/kubernetes-dashboard-ingress created
root@master:~/ingress-nginx#
root@master:~/ingress-nginx# kubectl get ingress -A
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
default nginx-service-ingress nginx nginx.k3s.seclabs.top 10.22.4.21,10.22.4.22,10.22.4.23,10.22.4.24 80, 443 142m
kubernetes-dashboard kubernetes-dashboard-ingress nginx dashboard.k3s.seclabs.top 10.22.4.21,10.22.4.22,10.22.4.23,10.22.4.24 80, 443 20s
root@master:~/ingress-nginx#
5.获取用户token
$ kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath="{.data.token}" | base64 -d
6.登录kubernetes-dashboard
浙公网安备 33010602011771号