1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/ 2 [root@k8smaster01 kubernetes]# tar -xzvf kubernetes-src.tar.gz
1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard 2 [root@k8smaster01 dashboard]# vi dashboard-service.yaml 3 …… 4 type: nodeport #增加此行,使用node形式访问 5 …… 6 #使用node方式访问dashboard
1 [root@k8smaster01 dashboard]# vi dashboard-controller.yaml 2 …… 3 image: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 4 ……
1 [root@k8smaster01 ~]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard 2 [root@k8smaster01 dashboard]# kubectl apply -f .
1 [root@k8smaster01 ~]# kubectl get deployment kubernetes-dashboard -n kube-system 2 name ready up-to-date available age 3 kubernetes-dashboard 1/1 1 1 84s 4 [root@k8smaster01 ~]# kubectl --namespace kube-system get pods -o wide 5 [root@k8smaster01 ~]# kubectl get services kubernetes-dashboard -n kube-system
1 [root@k8smaster01 ~]# kubectl exec --namespace kube-system -it kubernetes-dashboard-7848d45466-bgz94 -- /dashboard --help
1 [root@k8smaster01 ~]# cd /opt/k8s/work/ 2 [root@k8smaster01 work]# openssl genrsa -out dashboard.key 2048 3 [root@k8smaster01 work]# openssl rsa -passin pass:x -in dashboard.key -out dashboard.key 4 [root@k8smaster01 work]# openssl req -new -key dashboard.key -out dashboard.csr 5 ----- 6 country name (2 letter code) [xx]:cn 7 state or province name (full name) []:shanghai 8 locality name (eg, city) [default city]:shanghai 9 organization name (eg, company) [default company ltd]:k8s 10 organizational unit name (eg, section) []:system 11 [root@k8smaster01 work]# openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt 12 [root@k8smaster01 work]# openssl x509 -noout -text -in ./dashboard.crt #查看证书
1 [root@k8smaster01 ~]# cd /opt/k8s/work 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# for all_ip in ${all_ips[@]} 4 do 5 echo ">>> ${all_ip}" 6 scp dashboard.* root@${all_ip}:/etc/kubernetes/cert 7 done
1 [root@k8smaster01 work]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard 2 [root@k8smaster01 dashboard]# kubectl delete -f . #删除使用默认证书所创建的dashboard 3 [root@k8smaster01 dashboard]# ll /etc/kubernetes/cert/dashboard.* 4 -rw-r--r-- 1 root root 1.2k jun 28 18:06 /etc/kubernetes/cert/dashboard.crt 5 -rw-r--r-- 1 root root 976 jun 28 18:06 /etc/kubernetes/cert/dashboard.csr 6 -rw-r--r-- 1 root root 1.7k jun 28 18:06 /etc/kubernetes/cert/dashboard.key 7 8 [root@master dashboard]# kubectl create secret generic kubernetes-dashboard-certs --from-file="/etc/kubernetes/cert/dashboard.crt,/etc/kubernetes/cert/dashboard.key" -n kube-system #挂载新证书到dashboard 9 [root@master dashboard]# kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml #查看新证书
1 [root@k8smaster01 work]# cd /opt/k8s/work/kubernetes/cluster/addons/dashboard 2 [root@master dashboard]# kubectl apply -f . 3 [root@master dashboard]# kubectl get pods --namespace=kube-system | grep dashboard #确认验证
1 [root@k8smaster01 ~]# kubectl get deployment kubernetes-dashboard -n kube-system 2 [root@k8smaster01 ~]# kubectl --namespace kube-system get pods -o wide 3 [root@k8smaster01 ~]# kubectl get services kubernetes-dashboard -n kube-system
1 [root@k8smaster01 ~]# kubectl create sa dashboard-admin -n kube-system 2 [root@k8smaster01 ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin 3 [root@k8smaster01 ~]# admin_secret=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}') 4 [root@k8smaster01 ~]# dashboard_login_token=$(kubectl describe secret -n kube-system ${admin_secret} | grep -e '^token' | awk '{print $2}') 5 [root@k8smaster01 ~]# echo ${dashboard_login_token} #输入登录的token 6 eyjhbgcioijsuzi1niisimtpzci6iij9.eyjpc3mioijrdwjlcm5ldgvzl3nlcnzpy2vhy2nvdw50iiwia3vizxjuzxrlcy5pby9zzxj2awnlywnjb3vudc9uyw1lc3bhy2uioijrdwjllxn5c3rlbsisimt1ymvybmv0zxmuaw8vc2vydmljzwfjy291bnqvc2vjcmv0lm5hbwuioijkyxnoym9hcmqtywrtaw4tdg9rzw4tdmc5bwgilcjrdwjlcm5ldgvzlmlvl3nlcnzpy2vhy2nvdw50l3nlcnzpy2utywnjb3vudc5uyw1lijoizgfzagjvyxjklwfkbwluiiwia3vizxjuzxrlcy5pby9zzxj2awnlywnjb3vudc9zzxj2awnllwfjy291bnqudwlkijoiztlkngrjngutotk3oc0xmwu5ltkzntitmdawyzi5zme3ytc5iiwic3viijoic3lzdgvtonnlcnzpy2vhy2nvdw50omt1ymutc3lzdgvtomrhc2hib2fyzc1hzg1pbij9.x1njspnaagv2tzjo0nlqowfofdyossdkeiyhfgqfk5nny0nbbnfnnoh0yumj_ld0ngpakijepsuq9dqgcazecpgk5esygd6ulsg5sya2stlswbdozds3qzrojy5mxwd3vdc_oqofd94mzqhmmw7iabvlfvsz0vmevhe-qtyt6eqlflhq5qjwdx8dcqdkrbwuicr-iy_dcwhhihat25bref2viei8sz497d8h4txgo_u2cgf3qxrgnxj26vsdd8bt-bfgiddyuxpbdhpu5lalvxf4wthchrfjo4zhli2foxq8bbf6djbjhtg4x8fluvjaxf4ywamvs_78ejhha3nvrg
1 [root@k8smaster01 ~]# cd /opt/k8s/work/ 2 [root@k8smaster01 work]# source /opt/k8s/bin/environment.sh 3 [root@k8smaster01 work]# kubectl config set-cluster kubernetes \ 4 --certificate-authority=/etc/kubernetes/cert/ca.pem \ 5 --embed-certs=true \ 6 --server=${kube_apiserver} \ 7 --kubeconfig=dashboard.kubeconfig # 设置集群参数 8 [root@k8smaster01 work]# kubectl config set-credentials dashboard_user \ 9 --token=${dashboard_login_token} \ 10 --kubeconfig=dashboard.kubeconfig # 设置客户端认证参数,使用上面创建的 token 11 [root@k8smaster01 work]# kubectl config set-context default \ 12 --cluster=kubernetes \ 13 --user=dashboard_user \ 14 --kubeconfig=dashboard.kubeconfig # 设置上下文参数 15 [root@k8smaster01 work]# kubectl config use-context default --kubeconfig=dashboard.kubeconfig # 设置默认上下文,将dashboard.kubeconfig文件导入,以便于浏览器使用该文件登录。
如对本文有疑问, 点击进行留言回复!!
linux下文本编辑器vim的使用方法(复制、粘贴、替换、行号、撤销、多文件操作)
网友评论