kubernetes dashboard 安装流程

参考:

访问设置相关:https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard—1.7.X-and-above

用户相关:https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

https无法访问的问题:https://github.com/kubernetes/dashboard/issues/2954

说明

NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

通过 kubectl proxy暴露的控制面板,如果不是从localhost或127.0.0.1访问的话,点击登陆按钮不会有任何反应……

1.准备证书,用于外部机器访问

$ mkdir certs
$ openssl req -nodes -newkey rsa:2048 -keyout certs/dashboard.key -out certs/dashboard.csr -subj "/CN=kubernetes-dashboard"
$ openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt
$ kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system
$ kubectl create -f kubernetes-dashboard.yaml

2.安装

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

3.生成访问token

创建account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

创建bind.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

apply

kubectl apply -f account.yaml
kubectl apply -f bind.yaml

查看token

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据