部署Dashboard
[root@k8s-master01 yaml]# cd [root@k8s-master01 ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created [root@k8s-master01 ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kubernetes-dashboard service/kubernetes-dashboard patched [root@k8s-master01 ~]# kubectl get services/kubernetes-dashboard -n kubernetes-dashboard -o jsonpath='{.spec.ports[0].nodePort}' 32757[root@k8s-master01 ~]#
浏览器访问: htps://ip:32757
显然每次登陆输入token值比较麻烦,下面是通过创建kubeconfig文件即可完成认证
kubectl config set-cluster kubernetes --embed-certs=true \ --certificate-authority=/etc/kubernetes/pki/ca.crt \ --server="https://10.122.138.244:6443" \ --kubeconfig=$HOME/.kube/admin-user.config kubectl config set-credentials admin-user --token=$ADMIN_TOKEN \ --kubeconfig=$HOME/.kube/admin-user.config kubectl config set-context admin-user@kubernetes --cluster=kubernetes \ --user=admin-user --kubeconfig=$HOME/.kube/admin-user.config kubectl config use-context admin-user@kubernetes \ --kubeconfig=$HOME/.kube/admin-user.config
获取token
[root@k8s-master01 ~]# kubectl create serviceaccount admin-user -n kubernetes-dashboard serviceaccount/admin-user created [root@k8s-master01 ~]# kubectl create clusterrolebinding admin-user --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-user clusterrolebinding.rbac.authorization.k8s.io/admin-user created [root@k8s-master01 ~]# ADMIN_SECRET=$(kubectl -n kubernetes-dashboard get secret | awk '/^admin-user/{print $1}') [root@k8s-master01 ~]# ADMIN_TOKEN=$(kubectl get secrets $ADMIN_SECRET -n kubernetes-dashboard -o jsonpath='{.data.token}' |base64 -d) [root@k8s-master01 ~]# echo $ADMIN_TOKEN eyJhbGciOiJSUzI1NiIsImtpZCI6IlF0dXd0cjVqdGJJYXJkLUF1c3dUeHpNY05nLUQySXNaV2RqWF9mRzF6bUEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXc2bDljIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNDZmMjg0Ni1lNmQzLTRmOWMtOTlkNC02NjY3YzMxMGU5OTQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.JUCL5ebC5T8VP1a5M7rXYsGd4U6HGiuLm5ltCKq4npibppU0cSnnreMOMXZ2T8xPE59TXKKbCek0Yxr7N2wDN9Sgc_93EJnz6lcZlByoASyua6myMkHWXhD1DMVpmb-puDC_L4kyOVsUrXMSp9bg3fgpFAmlh70WxUMD3l3ZKTV2qLhsqASTsyLkjbnbLykKSZbY1eo5COmeVvaMABa27zgTkFIg1dA5PlzO-dT9TgX8ELG9yMsGU9z9hlZuaFulrliiKfjt_kGuY_iN0UjwHXNoy81xWOhsQ-wdV3flG795_TSeM1LfdcFpAF7GYosNRISar32CMc5fHtJdSauD8w
浙公网安备 33010602011771号