概述

Kubernetes基础环境的安装部署请参照:https://www.ym68.cc/linux/kubernetes/2020/18878.html

开始准备部署

下载配置文件

由于特殊原因,国内无法直接访问外网。请提前下载好文件后拷贝。

[root@master-all ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
开始导入配置
[root@master-all ~]#  kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看pod状态
[root@master-all ~]# kubectl get pod -n kubernetes-dashboard -o wide
NAME                                         READY   STATUS    RESTARTS   AGE    IP               NODE     NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-66b49655d4-g8g4z   1/1     Running   0          2m8s   10.103.119.130   node-1   <none>           <none>
kubernetes-dashboard-74b4487bfc-vsr2z        1/1     Running   0          2m8s   10.103.119.129   node-1   <none>           <none>
查看服务状态
[root@master-all ~]# kubectl get service -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.102.112.220   <none>        8000/TCP   9m31s
kubernetes-dashboard        ClusterIP   10.111.1.77      <none>        443/TCP    9m32s

配置用户

创建用户配置

创建一个admin-user用户,编辑dashboard-adminuser.yaml文件,内容如下:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kube-system
导入仪表盘配置
[root@master-all ~]# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

生成证书

生成根证书及用户证书
[root@master-all ~]# awk '/client-certificate-data/ {print $2}' ~/.kube/config |head -n 1 |base64 -d >> kubecfg.crt
[root@master-all ~]# awk '/client-key-data/ {print $2}' ~/.kube/config|head -n 1 | base64 -d >> kubecfg.key
生成个人证书

如不设置密码则回车即可。

[root@master-all ~]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
Enter Export Password:
Verifying - Enter Export Password:

拷贝刚刚生成的证书至你的客户端。

浏览器证书信任配置

Google浏览器证书信任配置

浏览器地址栏访问:chrome://settings/security

导入生成的个人证书
设置密码

如生成时未设置密码则无需设置,其他无特殊要求则默认下一步即可。

登陆仪表盘

仪表盘地址为:https://部署IP:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

选择刚刚导入的证书
获取登录Token
[root@master-all ~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | awk '/kubernetes-dashboard/ {print $1}')
Name:         kubernetes-dashboard-certs
Namespace:    kubernetes-dashboard
Labels:       k8s-app=kubernetes-dashboard
Annotations:  
Type:         Opaque

Data
====


Name:         kubernetes-dashboard-csrf
Namespace:    kubernetes-dashboard
Labels:       k8s-app=kubernetes-dashboard
Annotations:  
Type:         Opaque

Data
====
csrf:  256 bytes


Name:         kubernetes-dashboard-key-holder
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
priv:  1679 bytes
pub:   459 bytes


Name:         kubernetes-dashboard-token-nrpl4
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 3e060e7b-a641-4b96-93ac-e620d29ec76f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImVKczRXVmFwcnNLWUZ5Wk1EcTI5ekVLWmhpMElsbXhtVFNSb18zWUJYVjQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1ucnBsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjNlMDYwZTdiLWE2NDEtNGI5Ni05M2FjLWU2MjBkMjllYzc2ZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.YPtLtnGN7mTdqaBWGRs2swL2AXL3pKC6sUdYhyh39Los5u1Bg8TyhhYXaEzFZ2XcUO1edKwYCdHa97i2gMLznyVNXhJR0Y6cKu92_CzmRIfdj7_n8XD3kGd99NX8LlYqEZ5SEj5aQBLuIe-CWO86Nd6-p3RLuDhbZN6P_mV6IluJZXbDECWd0iAXupC-OWybq-nFoUyPbQ22WNMoQ7byqAo0hXeohedwbqRUo4d6E7ZFmJkcj2nOi8Ohg-vYh2elK8hm71tkIACkcbLATOCQnjVrisl6m2Mio3eeFo5G5No9GvxHWwwdeHKylAI5jroPM61_EwUv5khAotSMek5Gug

填入生成的token进行登录

验证

到此文章已结束!


该文章采用「CC 协议」,转载必须注明作者和本文链接.