1. 下载配置文件

    
    cd /opt/k8s/yml
    wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc4/aio/deploy/recommended.yaml
    mv  recommended.yaml dashboard-recommended.yaml
    

    从 1.7 开始,dashboard 只允许通过 https 访问,采用自动生成的证书有的浏览器不支持,所以需要生成自签名的证书

  2. 生成自签名证书

    mkdir -p /opt/k8s/yml/dashbaord
    cd /opt/k8s/yml/dashbaord
    
    openssl genrsa -des3 -passout pass:over4chars -out dashboard.pass.key 2048
    openssl rsa -passin pass:over4chars -in dashboard.pass.key -out dashboard.key
    rm dashboard.pass.key
    openssl req -new -key dashboard.key -out dashboard.csr
    openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
    
  3. 使用自签名证书生成secret

    cd /opt/k8s/yml/dashbaord
    
    root@master:/opt/k8s/yml/dashbaord# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
    
  4. 修改配置文件

    把dashboard-recommended.yaml中创建kubernetes-dashboard-certs的部分去掉

    
     #---
    
    #apiVersion: v1
    #kind: Secret
    #metadata:
    #  labels:
    #    k8s-app: kubernetes-dashboard
    #  name: kubernetes-dashboard-certs
    #  namespace: kubernetes-dashboard
    #type: Opaque
    
    
  5. 启动dashboard

    cd /opt/k8s/yml
    root@master:/opt/k8s/yml# kubectl create -f dashboard-recommended.yaml  
    
  6. 通过 port forward 访问 dashboard

    cd /opt/k8s/yml
    kubectl port-forward -n kubernetes-dashboard  svc/kubernetes-dashboard 4443:443 --address 0.0.0.0
    
  7. 浏览器访问 URL:https://192.168.0.107:4443

  8. 创建登录 Dashboard 的 token

    kubectl create sa dashboard-admin -n kube-system
    kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
    ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}')
    DASHBOARD_LOGIN_TOKEN=$(kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}')
    echo ${DASHBOARD_LOGIN_TOKEN}
    
  9. 使用token值登陆

版权声明:本文为gaofeng-henu原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://www.cnblogs.com/gaofeng-henu/p/12302462.html