前提
假设已安装好 Kubernetes 集群以及 NGINX Ingress Controller, 信息如下:
cluster-info
[user@vm-centos-7 ~]$ kubectl cluster-info
Kubernetes master is running at https://192.168.2.120:6443
KubeDNS is running at https://192.168.2.120:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
ingress-nginx
[user@vm-centos-7 ~]$ kubectl get all -n ingress-nginx
NAME READY STATUS RESTARTS AGE
pod/ingress-nginx-admission-create-c9wfb 0/1 Completed 0 20d
pod/ingress-nginx-admission-patch-k9pvn 0/1 Completed 1 20d
pod/ingress-nginx-controller-64db99fb6-9tcnv 1/1 Running 1 20d
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ingress-nginx-controller NodePort 10.101.247.5 <none> 8080:30069/TCP,8443:32471/TCP,6379:32072/TCP,3306:32412/TCP 20d
service/ingress-nginx-controller-admission ClusterIP 10.98.210.145 <none> 443/TCP 20d
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ingress-nginx-controller 1/1 1 1 20d
NAME DESIRED CURRENT READY AGE
replicaset.apps/ingress-nginx-controller-64db99fb6 1 1 1 20d
NAME COMPLETIONS DURATION AGE
job.batch/ingress-nginx-admission-create 1/1 3s 20d
job.batch/ingress-nginx-admission-patch 1/1 4s 20d
部署 Deployment/Service
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
部署 Ingress
kubectl apply -f ingress.yaml
-
ingress.yaml内容如下:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/configuration-snippet: |-
proxy_ssl_server_name on;
proxy_ssl_name $host;
spec:
rules:
- host: dashboard.k8s.local
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
创建示例帐号
创建 Service Account
kubectl apply -f service-account.yaml
-
service-account.yaml内容如下:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
创建 Cluster Role Binding
kubectl apply -f cluster-role-binding.yaml
-
cluster-role-binding.yaml内容如下:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
获取 Bearer Token
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
结果如下:
[user@vm-centos-7 ~]$ kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
eyJhbGciOiJSUzI1NiIsImtpZCI6IkVXeDJFaU84RFkwc1BiU1c2VEpIZDZ3aUVsUDEzaENwX0d2NG9qZWtLODQifQ.eyJpc3MiOiJrdWJlcmas5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyasZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pasdfbi11c2VyLXRva2VuLWZ3NGJtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjasdb3VudC9zZXJ2aWNlLWFjY291bsnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyZWQ0NTlmZS1kNzEzLTQ1ZDgtYjc4Ni1hZjZkMTNjNGMxZjUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.saFr6kSsvopHH-OGUEaJKvi8KcZbh_gLL9S49siTQa5r8zm2n-MQY9E2yjGdg-ZHZk6e75nKEsjP6NDd864BcD11_NFZaFcG5RT0MvaHJoRvqFTRVrq_yJ9L5FqpYeFoRlaImOaGrsIN7JIoTyqrr6meRhjWC2RAATAGD4VGout1JZ5Aj7faSezwVoWrsaevxe1qIWgx0q7LotTiP3Tjh1Aijw2pMCbuJEDv-TpWsrL_ThByIJCQvLW77Xinj-aebdhlDSUdFcROkaLx43jZ0qI5uO66IGT9s1tLuQ2V1YFuIqK7tJ_fczxuwoB4Dj4qoxWoacxtp43fmWGtCFSySg
登录
打开 URL:http://dashboard.k8s.local, 选择 Token 并使用上一步得到的 Bearer Token 登录:
k8s-dashboard-login.png
结果如下:
k8s-dashboard.png
网友评论