dashboard

Last updated 2 years ago

Was this helpful?

dashboard

安装

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

参考：

指定命名空间去查询安装情况：

kubectl get all -n kubernetes-dashboard

配置证书

grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt

grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key

openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

输入配置证书的密码

我是Mac电脑，双击生成的p12证书，导入到钥匙链，再在钥匙链中打开导入的证书，调整为<始终信任>。

配置admin用户

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
EOF

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
EOF

kubectl -n kubernetes-dashboard create token admin-user

这一步得到的就是Bearer Token

访问服务

查看集群相关信息：

kubectl cluster-info

得到：

Kubernetes control plane is running at https://kubernetes.docker.internal:6443
KubeDNS is running at https://kubernetes.docker.internal:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

运行dashboard服务：

kubectl proxy

拿到集群信息当中的域名（https://kubernetes.docker.internal:6443）访问服务：

https://kubernetes.docker.internal:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

输入上一步得到的Bearer Token即可

使用kubeconfig登录

$ cp .kube/config ~/admin.kubeconfig  # 直接用k8s系统用户配置文件拷贝一个出来
$ vim ~/admin.kubeconfig # 在文件最后给kubernetes-admin用户的user字段下再添加token字段，把Bearer Token填进去
$ cat ~/admin.kubeconfig
...
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.ey

PreviousService Next持久化存储