• k8s集群dashboard创建

    kubernetes集群搭建完毕后,可以为集群创建dashboard,步骤如下

    生产客户端证书

    [root@k8s-master ~]# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
[root@k8s-master ~]# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
[root@k8s-master ~]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-web-client"
Enter Export Password: 设置证书密码,浏览器导入证书时需要
Verifying - Enter Export Password:

    创建kubernetes-dashboard.yaml

    [root@k8s-master ~]# wget http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yaml
[root@k8s-master ~]# kubectl create -f kubernetes-dashboard.yaml

    查看POD状态

    [root@k8s-master ~]# kubectl get po -n kube-system |grep dashboard
kubernetes-dashboard-5f7b999d65-66rrw 1/1 Running 0 91m

    创建访问账户

    [root@k8s-master ~]# cat dashboard_service_account_admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system

    创建集群角色绑定

    [root@k8s-master ~]# cat dashboard_cluster_role_binding_admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system

    创建资源

    [root@k8s-master ~]# kubectl apply -f dashboard_service_account_admin.yaml
serviceaccount/admin-user created
[root@k8s-master ~]# kubectl apply -f dashboard_cluster_role_binding_admin.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

    获取TOKEN

    [root@k8s-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name: admin-user-token-8dsjg
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 45c6f835-bccd-11e9-8459-0050569ce87d

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXA5OW1xIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwOTM5Zjg2NS0xMDI1LTExZWEtYjZjZS0wMDE2M2UwOGU0ZjciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.OXrohzkndc3iafyLkdNZjssWMjYRIS5RaghcX1e5JDN_09HklTk3WwXSiG7zf1EeFuytnOTQzlzlUfvAW3lBevTANtiReiNdRcFrjIQl_JYOH3clgxXizZKkEnsBcQ_sYhFOz-I-NKjN9AL8PhlV1Mfuv-sfOSlF6uUOM7AfXjL9JFF1DFqFF1I2OZZh1DlUuJVlMhkzW3j4VJnCc-kS4kWPdt3kYkeJM6vCjkZjlr75bD3w6NwK3d0K_yjWJ6vOr7MhmhoAlIoe2IvAGYC4b7Db_203y8xtX0_J9w-VdpYiP5_Bc4HxaXA6pKObs0BIwM8oWGlWnfqFMzGr8jGCvg

    将证书kubecfg.p12导出来,在浏览器导入证书

    登录dashboard
    https://x.x.x.x:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

    跳转后选择令牌方式登录输入token即可
  • 相关阅读:
    【洛谷 1144】最短路计数
    【洛谷 1608】路径统计
    【洛谷 1491】集合位置
    【洛谷 3110】驮运 Piggy Back
    【洛谷 1734】最大约束和
    【洛谷 1910】L国的战斗之间谍
    【洛谷 1048】采药
    【洛谷 1186】玛丽卡
    GeoServer(地图服务器)
    git cherry-pick 教程
  • 原文地址:https://www.cnblogs.com/golinux/p/11968951.html
Copyright © 2020-2023  润新知