前言：

前面几篇博客演示了k8s的二进制部署，这篇博客做k8s页面部署

搭建部署

1、下载官方文档

2、创建资源（master01）

#创建dashboard工作目录
[root@localhost ~]# mkdir /root/k8s/dashboard
#将下载的官方文件放入此工作目录中
[root@localhost ~]# cd /root/k8s/dashboard
[root@localhost dashboard]# ls
dashboard-configmap.yaml   dashboard-rbac.yaml    dashboard-service.yaml
dashboard-controller.yaml  dashboard-secret.yaml
#创建身份角色
[root@localhost dashboard]# kubectl create -f dashboard-rbac.yaml 
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
#创建安全管理
[root@localhost dashboard]# kubectl create -f dashboard-secret.yaml 
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-key-holder created
#配置映射服务
[root@localhost dashboard]# kubectl create -f dashboard-configmap.yaml 
configmap/kubernetes-dashboard-settings created
#创建控制器
#本文创建的是1.84版本所以使用的是controller.yaml，在1.10版本使用的是deployment.yaml，两者都是一样的，都是控制器
[root@localhost dashboard]# kubectl create -f dashboard-controller.yaml 
serviceaccount/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
#创建服务
[root@localhost dashboard]# kubectl create -f dashboard-service.yaml 
service/kubernetes-dashboard created

3、完成后查看创建在指定的kube-system命名空间下

[root@localhost dashboard]# kubectl get pods -n kube-system
NAME                                    READY   STATUS              RESTARTS   AGE
kubernetes-dashboard-65f974f565-m9gm8   0/1     ContainerCreating   0          88s

4、查看如何访问

[root@localhost dashboard]# kubectl get pods,svc -n kube-system
NAME                                        READY   STATUS    RESTARTS   AGE
pod/kubernetes-dashboard-65f974f565-m9gm8   1/1     Running   0          2m49s


NAME                           TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
service/kubernetes-dashboard   NodePort   10.0.0.243   <none>        443:30001/TCP   2m24s

5、创建证书

[root@localhost dashboard]# vim dashboard-cert.sh
cat > dashboard-csr.json <<EOF
{
   "CN": "Dashboard",
   "hosts": [],
   "key": {
       "algo": "rsa",
       "size": 2048
   },
   "names": [
       {
           "C": "CN",
           "L": "BeiJing",
           "ST": "BeiJing"
       }
   ]
}
EOF

K8S_CA=$1
cfssl gencert -ca=$K8S_CA/ca.pem -ca-key=$K8S_CA/ca-key.pem -config=$K8S_CA/ca-config.json -profile=kubernetes dashboard-csr.json | cfssljson -bare dashboard
kubectl delete secret kubernetes-dashboard-certs -n kube-system
kubectl create secret generic kubernetes-dashboard-certs --from-file=./ -n kube-system

#执行生成认证证书
[root@localhost dashboard]# bash dashboard-cert.sh /root/k8s/k8s-cert/
#在dashboard-controller.yaml的args标签下面增加证书两行
[root@localhost dashboard]# vim dashboard-controller.yaml
args:
          # PLATFORM-SPECIFIC ARGS HERE
          - --auto-generate-certificates
          - --tls-key-file=dashboard-key.pem
          - --tls-cert-file=dashboard.pem

#重新部署
[root@localhost dashboard]# kubectl apply -f dashboard-controller.yaml

6、生成令牌

[root@localhost dashboard]# vim k8s-admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

[root@localhost dashboard]# kubectl create -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
#查看保存的信息
[root@localhost ~]# kubectl get secret -n kube-system
NAME                               TYPE                                  DATA   AGE
dashboard-admin-token-6lm44        kubernetes.io/service-account-token   3      2d5h
default-token-bmckf                kubernetes.io/service-account-token   3      6d5h
kubernetes-dashboard-certs         Opaque                                11     2d5h
kubernetes-dashboard-key-holder    Opaque                                2      2d6h
kubernetes-dashboard-token-xfdbj   kubernetes.io/service-account-token   3      2d6h
#查看令牌
[root@localhost ~]# kubectl describe secret dashboard-admin-token-6lm44 -n kube-system
Name:         dashboard-admin-token-6lm44
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 7f297fb4-90e2-11ea-848c-000c292477bd

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1359 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tNmxtNDQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiN2YyOTdmYjQtOTBlMi0xMWVhLTg0OGMtMDAwYzI5MjQ3N2JkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.k2IIgxh_rs50HGfZm2j5DE1azz84up-tr4gASKYRSR_bHpECtQ_kt567jlJm2bBx_QjkGbzrkTblh1QBYsl3iuINyV9xkCJzzJNsFjNRHKqRoaph6rZUsJBMnxE91a6MzWARR-ubuo7DQiPJ5Sh7hbKEps-MjYnxA2G0Ie579PdIZBzOxVF8m8dVtIJ4GKwRPBpoz3UyGcp5dnbMSNy20suRNZ6SqxtWMfRYCJrcAjJ4SE-6oZeuFe80irGaglWMjlPWsEP5sLxPR9V_27beZXgb-uVltUl7Q56UCGRVVxFNNbBrNQwfCAEIn57osdVak3WvFXsGuAVD2qu5cgRWRA