其他分享
首页 > 其他分享> > kubernetes搭建dashboard-v1.10.1

kubernetes搭建dashboard-v1.10.1

作者:互联网

一键部署脚本(或者可使用helm安装):

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

若连接不到镜像仓库,可提前下载好镜像,再执行脚本。

生成私钥和证书签名请求

openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
...
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
#编写RSA密钥
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr

生成SSL证书

自签名SSL证书是从dashboard.key私钥和dashboard.csr文件生成的。

openssl x509 -req -sha256 -days 365-in dashboard.csr -signkey dashboard.key -out dashboard.crt

创建登陆账号

vi admin-user-role-binding.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

kubectl create -f admin-user-role-binding.yaml

获取登陆token

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

输出类似:

Name:         admin-user-token-qrj82
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=6cd60673-4d13-11e8-a548-00155d000529

Type:  kubernetes.io/service-account-token

Data
====
token:  

访问dashboard

第一种:kubectl proxy

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

第二种:kube port-forward

 

第二种:设置service nodeport

 

参考:

kubernetes dashboard部署流程:https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html

证书创建参考:https://github.com/kubernetes/dashboard/wiki/Certificate-management

github地址:https://github.com/kubernetes/dashboard

标签:kubernetes,admin,v1.10,user,key,kube,dashboard
来源: https://www.cnblogs.com/xulingjie/p/10812126.html