部署dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
遇到镜像无法下载可在dockerHup中搜索,国内良心用户提供资源
dashbord创建以下几个资源
secret/kubernetes-dashboard-certs unchanged serviceaccount/kubernetes-dashboard unchanged role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal unchanged rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal unchanged deployment.apps/kubernetes-dashboard unchanged service/kubernetes-dashboard unchanged
对service 进行patch 修改默认类型为 node port
[root@master ~]# kubectl get svc kubernetes-dashboard -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes-dashboard ClusterIP 10.99.191.247 <none> 443/TCP 18d [root@master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system service/kubernetes-dashboard patched [root@master ~]# kubectl get svc kubernetes-dashboard -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes-dashboard NodePort 10.99.191.247 <none> 443:30338/TCP 18d
访问节目显示验证类型
这里做一下描述,我们的验证集群的两个方式你要知道。dashbord 默认部署为一个pod pod和apiservier 直接进行交互达到控制集群的方式 是通过 user 和 serviceAcountName 中的后者。
首席我们体验使用token 验证集群。
这里因为使用 的版本过新有一个匿名用户问题需要修正
在api-server配置文件中添加–anonymous-auth=false,重启apiserver;文件路径/etc/kubernetes/manifests/kube-apiserver.yaml 。
kubectl create sa lele -n kube-system kubectl create clusterrolebinding lele-kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:lele kubectl describe secrets lele-token-jrgc6 -n kube-system Name: lele-token-jrgc6 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: lele kubernetes.io/service-account.uid: 54c42156-4d34-11e9-bd9e-52540062b2ca Type: kubernetes.io/service-account-token Data ==== namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsZWxlLXRva2VuLWpyZ2M2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImxlbGUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NGM0MjE1Ni00ZDM0LTExZTktYmQ5ZS01MjU0MDA2MmIyY2EiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bGVsZSJ9.ppvts7CcqvmUkMvxFYlC2rfl2gCI2TiEtaZ9f3uN4R9IFzcPgrN7FyQ8RQwP9PyRI_D-Ug020W6ztCjvCpAVpJ2RC8AEDIVcLk2bU6t_WAVnqjvRS6l_je_MGDtuKuxvGLDSlwQ-B1XqPA8e7RDkykGY-VsaqXcxZ-GAdozaX78hKHKzWunJ-lKjfauJi6pdYUnmg9q4ev4jQbYZKg3kWbwKTi3nai8za_vwQlTn9_qboe-0ajwULIah4tibYHyT7rRpqKjHvqwKJgsOQzOCFjZ_3c997uRbqSrELyOA4gg7IzCtK5WvdKgO-88MjbE1pAd32yPox9IjTU9HZIyIsQ ca.crt: 1025 bytes
复制这一串token 即可搞定dashboard。
使用 conf文件进行认证
[root@master ~]# kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.crt --server="https://172.20.0.91:6443" --kubeconfig=/tmp/dash.conf Cluster "kubernetes" set. [root@master ~]# kubectl config view --kubeconfig=/tmp/dash.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crt server: https://172.20.0.91:6443 name: kubernetes contexts: [] current-context: "" kind: Config preferences: {} users: [] [root@master ~]# song=`kubectl get secret lele-token-jrgc6 -o jsonpath={.data.token} -n kube-system| ba [root@master ~]# kubectl config set-credentials lele --token=$song --kubeconfig=/tmp/dash.conf User "lele" set. [root@master ~]# kubectl config set-context lele@kubernetes --kubeconfig=/tmp/dash.conf Context "lele@kubernetes" created. [root@master ~]# kubectl config view --kubeconfig=/tmp/dash.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crt server: https://172.20.0.91:6443 name: kubernetes contexts: - context: cluster: "" user: "" name: lele@kubernetes current-context: "" kind: Config preferences: {} users: - name: lele user: token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsZWxlLXRva2VuLWpyZ2M2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImxlbGUiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NGM0MjE1Ni00ZDM0LTExZTktYmQ5ZS01MjU0MDA2MmIyY2EiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bGVsZSJ9.ppvts7CcqvmUkMvxFYlC2rfl2gCI2TiEtaZ9f3uN4R9IFzcPgrN7FyQ8RQwP9PyRI_D-Ug020W6ztCjvCpAVpJ2RC8AEDIVcLk2bU6t_WAVnqjvRS6l_je_MGDtuKuxvGLDSlwQ-B1XqPA8e7RDkykGY-VsaqXcxZ-GAdozaX78hKHKzWunJ-lKjfauJi6pdYUnmg9q4ev4jQbYZKg3kWbwKTi3nai8za_vwQlTn9_qboe-0ajwULIah4tibYHyT7rRpqKjHvqwKJgsOQzOCFjZ_3c997uRbqSrELyOA4gg7IzCtK5WvdKgO-88MjbE1pAd32yPox9IjTU9HZIyIsQ [root@master ~]# kubectl config use-context lele@kubernetes --kubeconfig=/tmp/dash.conf Switched to context "lele@kubernetes".
然后这个配置文件就可以用了