K8S集羣一套
[root@k8s-master ~]# cat /etc/hostsnode
51.0.1.213 k8s-master
51.0.1.214 k8s-node1
51.0.1.215 k8s-node2linux
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:02:58Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}git
生成客戶端證書
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
github
[root@k8s-master ~]# grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
[root@k8s-master ~]# grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
[root@k8s-master ~]# openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-web-client"
Enter Export Password: 設置證書密碼,瀏覽器導入證書時須要
Verifying - Enter Export Password:web
建立kubernetes-dashboard.yaml
此處有牆(若是不行就用下面的)api
[root@k8s-master ~]#kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml瀏覽器
或app
[root@k8s-master ~]# wget http://pencil-file.oss-cn-hangzhou.aliyuncs.com/blog/kubernetes-dashboard.yamlui
[root@k8s-master ~]# kubectl create -f kubernetes-dashboard.yamlspa
查看POD狀態
[root@k8s-master ~]# kubectl get po -n kube-system |grep dashboard
kubernetes-dashboard-5f7b999d65-66rrw 1/1 Running 0 91m
建立訪問帳戶
[root@k8s-master ~]# cat dashboard_service_account_admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
建立集羣角色綁定
[root@k8s-master ~]# cat dashboard_cluster_role_binding_admin.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
建立資源
[root@k8s-master ~]# kubectl apply -f dashboard_service_account_admin.yaml
serviceaccount/admin-user created
[root@k8s-master ~]# kubectl apply -f dashboard_cluster_role_binding_admin.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
獲取TOKEN
複製下面token
[root@k8s-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-8dsjg
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 45c6f835-bccd-11e9-8459-0050569ce87d
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8
vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLThkc2pnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm
5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0NWM2ZjgzNS1iY2NkLTExZTktODQ1OS0wMDUwNTY5Y2U4N2QiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YW
RtaW4tdXNlciJ9.iVTX3bEaXYidDUfCf4nTM8isAtp7PbjzxbiAYsqkKEwNV1TUh4GqRkaDo4kynA43cULpSmOhdtCi45lhWgLMfgjOgaOra-WOwT5JmkP4Cze5R1tt_Ukw7nSu13nSJ-_QsTXURqGDsHK6NBCyo2WKTeCAJzuJzeHpfsOCVgYP5jnDyG-MTKfeJgVipCnXlDw1duX0JYjsQLgNgDJLZ6SHNstjWeU85AE5xQ37K78Fciqq7mDmLjZ1dbWnNs8sUKttH76--TzqsORzr7zIySJAfDIS_dGuchlWi3s5tXJNX4BbaLAYIGPUM5ZKKVoOzIr1YiVRyp0bVIlnskVPPs4nVQ
導出證書
kubecfg.p12 導須要訪問的主機上,瀏覽器導入證書。我這是谷歌瀏覽器
登陸dashboard
https://xxxxxxxxx:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
跳轉後輸入token
顯示頁面
