kubernetes搭建dashboard-v1.10.1
作者:互联网
一键部署脚本(或者可使用helm安装):
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
若连接不到镜像仓库,可提前下载好镜像,再执行脚本。
生成私钥和证书签名请求
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048 ... openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key #编写RSA密钥 rm dashboard.pass.key openssl req -new -key dashboard.key -out dashboard.csr
生成SSL证书
自签名SSL证书是从dashboard.key私钥和dashboard.csr文件生成的。
openssl x509 -req -sha256 -days 365-in dashboard.csr -signkey dashboard.key -out dashboard.crt
创建登陆账号
vi admin-user-role-binding.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
kubectl create -f admin-user-role-binding.yaml
获取登陆token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
输出类似:
Name: admin-user-token-qrj82 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name=admin-user kubernetes.io/service-account.uid=6cd60673-4d13-11e8-a548-00155d000529 Type: kubernetes.io/service-account-token Data ==== token:
访问dashboard
第一种:kubectl proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
第二种:kube port-forward
第二种:设置service nodeport
参考:
kubernetes dashboard部署流程:https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html
证书创建参考:https://github.com/kubernetes/dashboard/wiki/Certificate-management
github地址:https://github.com/kubernetes/dashboard
标签:kubernetes,admin,v1.10,user,key,kube,dashboard 来源: https://www.cnblogs.com/xulingjie/p/10812126.html