dashboard
安装
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml参考: https://github.com/kubernetes/dashboard
指定命名空间去查询安装情况:
kubectl get all -n kubernetes-dashboard配置证书
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crtgrep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.keyopenssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"输入配置证书的密码
我是Mac电脑,双击生成的p12证书,导入到钥匙链,再在钥匙链中打开导入的证书,调整为<始终信任>。
配置admin用户
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
EOFcat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOFkubectl -n kubernetes-dashboard create token admin-user这一步得到的就是Bearer Token
参考:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
访问服务
查看集群相关信息:
kubectl cluster-info得到:
Kubernetes control plane is running at https://kubernetes.docker.internal:6443
KubeDNS is running at https://kubernetes.docker.internal:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy运行dashboard服务:
kubectl proxy拿到集群信息当中的域名(https://kubernetes.docker.internal:6443)访问服务:
https://kubernetes.docker.internal:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
输入上一步得到的Bearer Token即可
使用kubeconfig登录
$ cp .kube/config ~/admin.kubeconfig # 直接用k8s系统用户配置文件拷贝一个出来
$ vim ~/admin.kubeconfig # 在文件最后给kubernetes-admin用户的user字段下再添加token字段,把Bearer Token填进去
$ cat ~/admin.kubeconfig
...
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyLast updated
Was this helpful?