dashboard是kebernetes“原装”web管理工具,对机器所有node,pod,service,rs等数据集中查看,管理,并指出创建各种资源。为方便管理k8s集群,所以推荐安装dashboard。
image

获取ca证书

生成ca证书

openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr
#填写相关参数
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:dashbroad
Organizational Unit Name (eg, section) []:dashboard
Common Name (eg, your name or your server's hostname) []:sunhaojie
Email Address []:sunhj000@163.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Sun_king18@#$
An optional company name []:sunhaojie

openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

dashboard安装

安装crt和key

$ mkdir ~/certs
mv dashboard.crt certs/
mv dashboard.key certs/
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system

安装dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

新增nodepord的访问方式

kubectl -n kube-system edit service kubernetes-dashboard
# 查看端口
kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.96.178.225   <none>        443:31551/TCP   26d

创建管理用户

创建用户

  • 创建dashboard_user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
  • 创建dashboard_role.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
  • 执行
kubectl create -f dashboard_user.yaml 
kubectl create -f dashboard_role.yaml

获取token

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name:         admin-user-token-d8pgt
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=798b08e9-95a2-11e8-ba5c-525400807673

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWQ4cGd0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3OThiMDhlOS05NWEyLTExZTgtYmE1Yy01MjU0MDA4MDc2NzMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.EH1oFHCaXzwSHzns4uqgWjhcO-jZpNqSBrxWs8opQk7M7Kl_6NCnoCFoOY5viSsX4bBEyw3TySgBMBLKSgBapzWNt5gPMxS9-1eyHlB0bM18NcsXJU7K6KIzhoqT1-W-EwkNLprK-swGcxQFiL1RIP_Jiq_6BEJ1tbIYwz23FXqTSSKVzsaRPJ2IyfkD9PNdps4cEVKX9ytuV2eHSfyB9I3Chcz_0Gfsf5qkFZtuC5p2NdkdEYFSfrm5pyomJUWmvsyBS0kbOfrd_mNqkuFf0VqGTBW6kMGnRO0gvD-y1QIze8h3WhACQXalTIjyjvjuO_vfNWVzsQjIEnK6XU7BYA

登录

访问https://CLUSTER-IP:31551/
端口随机分配的,所以请使用查询到的
登录页面
image
选择令牌,填写token

浏览