17.kubernete的dashboard

部署dashboard 

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

遇到镜像无法下载可在dockerHup中搜索，国内良心用户提供资源

dashbord创建以下几个资源

secret/kubernetes-dashboard-certs unchanged
serviceaccount/kubernetes-dashboard unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal unchanged
deployment.apps/kubernetes-dashboard unchanged
service/kubernetes-dashboard unchanged

对service 进行patch  修改默认类型为 node port

[root@master ~]# kubectl get svc kubernetes-dashboard  -n kube-system 
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   10.99.191.247   <none>        443/TCP   18d
[root@master ~]# kubectl patch svc kubernetes-dashboard  -p '{"spec":{"type":"NodePort"}}'  -n kube-system  
service/kubernetes-dashboard patched
[root@master ~]# kubectl get svc kubernetes-dashboard  -n kube-system 
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.99.191.247   <none>        443:30338/TCP   18d

 访问节目显示验证类型

这里做一下描述，我们的验证集群的两个方式你要知道。dashbord 默认部署为一个pod  pod和apiservier 直接进行交互达到控制集群的方式 是通过 user 和 serviceAcountName 中的后者。

首席我们体验使用token 验证集群。

这里因为使用 的版本过新有一个匿名用户问题需要修正

在api-server配置文件中添加–anonymous-auth=false，重启apiserver；文件路径/etc/kubernetes/manifests/kube-apiserver.yaml 。

 kubectl create sa lele -n kube-system 
 kubectl create clusterrolebinding  lele-kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:lele
 kubectl describe secrets lele-token-jrgc6 -n kube-system 
Name:         lele-token-jrgc6
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: lele
              kubernetes.io/service-account.uid: 54c42156-4d34-11e9-bd9e-52540062b2ca

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsZWxlLXRva2VuLWpyZ2M2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImxlbGUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NGM0MjE1Ni00ZDM0LTExZTktYmQ5ZS01MjU0MDA2MmIyY2EiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bGVsZSJ9.ppvts7CcqvmUkMvxFYlC2rfl2gCI2TiEtaZ9f3uN4R9IFzcPgrN7FyQ8RQwP9PyRI_D-Ug020W6ztCjvCpAVpJ2RC8AEDIVcLk2bU6t_WAVnqjvRS6l_je_MGDtuKuxvGLDSlwQ-B1XqPA8e7RDkykGY-VsaqXcxZ-GAdozaX78hKHKzWunJ-lKjfauJi6pdYUnmg9q4ev4jQbYZKg3kWbwKTi3nai8za_vwQlTn9_qboe-0ajwULIah4tibYHyT7rRpqKjHvqwKJgsOQzOCFjZ_3c997uRbqSrELyOA4gg7IzCtK5WvdKgO-88MjbE1pAd32yPox9IjTU9HZIyIsQ
ca.crt:     1025 bytes

复制这一串token 即可搞定dashboard。

 使用 conf文件进行认证

[root@master ~]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.crt   --server="https://172.20.0.91:6443"  --kubeconfig=/tmp/dash.conf
Cluster "kubernetes" set.
[root@master ~]# kubectl config view --kubeconfig=/tmp/dash.conf
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://172.20.0.91:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []
[root@master ~]# song=`kubectl get  secret lele-token-jrgc6   -o jsonpath={.data.token} -n kube-system| ba
[root@master ~]# kubectl config set-credentials lele --token=$song --kubeconfig=/tmp/dash.conf
User "lele" set.
[root@master ~]# kubectl config set-context lele@kubernetes --kubeconfig=/tmp/dash.conf
Context "lele@kubernetes" created.
[root@master ~]# kubectl config view --kubeconfig=/tmp/dash.conf
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/pki/ca.crt
    server: https://172.20.0.91:6443
  name: kubernetes
contexts:
- context:
    cluster: ""
    user: ""
  name: lele@kubernetes
current-context: ""
kind: Config
preferences: {}
users:
- name: lele
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsZWxlLXRva2VuLWpyZ2M2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImxlbGUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NGM0MjE1Ni00ZDM0LTExZTktYmQ5ZS01MjU0MDA2MmIyY2EiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bGVsZSJ9.ppvts7CcqvmUkMvxFYlC2rfl2gCI2TiEtaZ9f3uN4R9IFzcPgrN7FyQ8RQwP9PyRI_D-Ug020W6ztCjvCpAVpJ2RC8AEDIVcLk2bU6t_WAVnqjvRS6l_je_MGDtuKuxvGLDSlwQ-B1XqPA8e7RDkykGY-VsaqXcxZ-GAdozaX78hKHKzWunJ-lKjfauJi6pdYUnmg9q4ev4jQbYZKg3kWbwKTi3nai8za_vwQlTn9_qboe-0ajwULIah4tibYHyT7rRpqKjHvqwKJgsOQzOCFjZ_3c997uRbqSrELyOA4gg7IzCtK5WvdKgO-88MjbE1pAd32yPox9IjTU9HZIyIsQ
[root@master ~]# kubectl config use-context lele@kubernetes --kubeconfig=/tmp/dash.conf
Switched to context "lele@kubernetes".

然后这个配置文件就可以用了