Kubernetes-v1.17集群安装dashboard
文章目录环境说明下载官方yaml文件编辑文件修改接口指定服务启动节点下载镜像和启动浏览器访问火狐浏览器默认用户新增管理员用户谷歌浏览器参考环境说明下载官方yaml文件编辑文件修改接口原文件内容kind: ServiceapiVersion: v1metadata:labels:k8s-app: kubernetes-dashboardname: kuberne...
·
环境说明
| 软件 | 版本 |
|---|---|
| centos | 7.4-1708 |
| docker | 18.03.0-ce |
| kubernetes | 1.17.0 |
下载官方yaml文件
最新的配置文件v2.0.0-beta8版本recommended.yaml
[root@master k8syaml]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
--2020-01-07 14:39:38-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.64.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.128.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7568 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’
100%[====================================================================================================================================================================================================================================>] 7,568 3.02KB/s in 2.4s
2020-01-07 14:46:03 (3.02 KB/s) - ‘recommended.yaml’ saved [7568/7568]
编辑文件
修改接口
原文件内容
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
修改为
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新增
ports:
- port: 443
nodePort: 30001 #新增
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
原文件内容
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
修改为
spec:
# nodeName: master.node 指定到master节点,指不指定根据需要
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
# imagePullPolicy: Always
imagePullPolicy: IfNotPresent #不存在再下载
ports:
- containerPort: 8443
protocol: TCP
下载镜像和启动
在master节点执行
[root@master k8syaml]# docker pull kubernetesui/dashboard:v2.0.0-beta8
v2.0.0-beta8: Pulling from kubernetesui/dashboard
5cd0d71945f0: Pull complete
Digest: sha256:fc90baec4fb62b809051a3227e71266c0427240685139bbd5673282715924ea7
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0-beta8
[root@master k8syaml]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看pod和service状态
[root@master k8syaml]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-76585494d8-gbkzp 1/1 Running 0 2m9s 10.200.2.4 worker2.node <none> <none>
pod/kubernetes-dashboard-5f698b69fb-dxv8z 1/1 Running 0 2m9s 10.200.0.5 master.node <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.96.98.114 <none> 8000/TCP 2m9s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.96.97.104 <none> 443:30001/TCP 2m9s k8s-app=kubernetes-dashboard
浏览器访问
浏览器上输入master节点https://IP:30001
火狐浏览器
firefox在接受风险并继续之后,可以打开界面
默认用户
选择用默认用户kubernetes-dashboard的token登陆
查看serviceaccount和secrets
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/default 1 25m
serviceaccount/kubernetes-dashboard 1 25m
NAME TYPE DATA AGE
secret/default-token-rf26t kubernetes.io/service-account-token 3 25m
secret/kubernetes-dashboard-certs Opaque 0 25m
secret/kubernetes-dashboard-csrf Opaque 1 25m
secret/kubernetes-dashboard-key-holder Opaque 2 25m
secret/kubernetes-dashboard-token-ls8l4 kubernetes.io/service-account-token 3 25m
查看token
[root@master k8syaml]# kubectl describe secrets kubernetes-dashboard-token-ls8l4 -n kubernetes-dashboard
Name: kubernetes-dashboard-token-ls8l4
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: ec58717f-ae47-4bfb-bff3-ffb677e73f2f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sczhsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVjNTg3MTdmLWFlNDctNGJmYi1iZmYzLWZmYjY3N2U3M2YyZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.K-_hKDZfnjgHAK4b_a3Umm9deFtLJzI0pAown0vyNa8Gofx8pcyUkfT0IDMrkxnPLONbTUjom433WmR6e8TP0DlE0YKc_UgkhIY-viHEqdngrYujmJRC6thduITo5ysLoh6tI2h7XcgDoGfoWoUhJOl_SecoV45BpuEXF8xhxacXerHMSWKfaSCtI36gGkmz3yU6ds1MgabG2PTkU0yDEIgqm0YLoucM66Hp_4eL2M0mtbhDKsqERZhC67A2d13jRBwMmRCtk-8ogry1qf1iCXWcaZy2TV6Sj8Az3_0NDm6IqdEEHEMp0_eEDJDgCf9a6ZG0Dm4PK8vtoFX7LrW5GQ
或者
[root@master k8syaml]# kubectl describe secrets $(kubectl get secrets -n kubernetes-dashboard | awk '/kubernetes-dashboard-token/{print $1}' ) -n kubernetes-dashboard |sed -n '/token:.*/p'
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sczhsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVjNTg3MTdmLWFlNDctNGJmYi1iZmYzLWZmYjY3N2U3M2YyZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.K-_hKDZfnjgHAK4b_a3Umm9deFtLJzI0pAown0vyNa8Gofx8pcyUkfT0IDMrkxnPLONbTUjom433WmR6e8TP0DlE0YKc_UgkhIY-viHEqdngrYujmJRC6thduITo5ysLoh6tI2h7XcgDoGfoWoUhJOl_SecoV45BpuEXF8xhxacXerHMSWKfaSCtI36gGkmz3yU6ds1MgabG2PTkU0yDEIgqm0YLoucM66Hp_4eL2M0mtbhDKsqERZhC67A2d13jRBwMmRCtk-8ogry1qf1iCXWcaZy2TV6Sj8Az3_0NDm6IqdEEHEMp0_eEDJDgCf9a6ZG0Dm4PK8vtoFX7LrW5GQ
用上面得到的token登陆之后,界面上数据显示不出来
并提示权限不足
新增管理员用户
新建一个create-admin.yaml
填入以下内容
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
保存退出,并执行
[root@master k8syaml]# kubectl apply -f create-admin.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
查看sa和secret
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/admin-user 1 64s
serviceaccount/default 1 42m
serviceaccount/kubernetes-dashboard 1 42m
NAME TYPE DATA AGE
secret/admin-user-token-t79xh kubernetes.io/service-account-token 3 64s
secret/default-token-rf26t kubernetes.io/service-account-token 3 42m
secret/kubernetes-dashboard-certs Opaque 0 42m
secret/kubernetes-dashboard-csrf Opaque 1 42m
secret/kubernetes-dashboard-key-holder Opaque 2 42m
secret/kubernetes-dashboard-token-ls8l4 kubernetes.io/service-account-token 3 42m
[root@master k8syaml]# kubectl describe secret admin-user-token-t79xh -n kubernetes-dashboard
Name: admin-user-token-t79xh
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 0723ea98-f2e7-47ce-a954-eb99013dda47
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXQ3OXhoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNzIzZWE5OC1mMmU3LTQ3Y2UtYTk1NC1lYjk5MDEzZGRhNDciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.aaQgyqDJ217d4sxv0uPL6lSVntQmq3NLM2g5w3newhj4rBkXW1RGmKJQtuqSEx4CeGlbPknl1nsFrG4Z0WOSa2ZHj8zDI1YXaxNmpuOPYC94TMYpfK1p1tSVXYJhrnPggQmsa-O7m3S7cNkPgFtpS_GMgGqdh6zWTzQVQyvMHrWcczCe3kW4XJzU7F-v8uEzD5m7Kn7iivV9L4PMqtOb7_qeeDzuMLmAnmJREDyiE7lumc_ZfdoDdHS6jbmv_J4yFf0YWu_lqXbM1mLFdfTVjVcsIuGqGwXM2YZ7nnuIrZwNTiXoJcL4rK8sBvbgfrgIt-iqA3VlcbYYqLiNeTxLNQ
或者用下面这种方法
# 创建serviceaccount
[root@master k8syaml]# kubectl create serviceaccount admin-myuser -n kubernetes-dashboard
serviceaccount/admin-myuser created
# sa绑定集群管理员
[root@master k8syaml]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-myuser
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/admin-myuser 1 84s
serviceaccount/default 1 58m
serviceaccount/kubernetes-dashboard 1 58m
NAME TYPE DATA AGE
secret/admin-myuser-token-275f9 kubernetes.io/service-account-token 3 87s
secret/default-token-rf26t kubernetes.io/service-account-token 3 58m
secret/kubernetes-dashboard-certs Opaque 0 58m
secret/kubernetes-dashboard-csrf Opaque 1 58m
secret/kubernetes-dashboard-key-holder Opaque 2 58m
secret/kubernetes-dashboard-token-ls8l4 kubernetes.io/service-account-token 3 58m
查看token
[root@master k8syaml]# kubectl describe secret admin-myuser-token-275f9 -n kubernetes-dashboard
Name: admin-myuser-token-275f9
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-myuser
kubernetes.io/service-account.uid: bfcb1bdc-4740-4c3a-9e36-2602842b96a7
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi1teXVzZXItdG9rZW4tMjc1ZjkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYWRtaW4tbXl1c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmZjYjFiZGMtNDc0MC00YzNhLTllMzYtMjYwMjg0MmI5NmE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLW15dXNlciJ9.ysqLRFHBXOPOZjLDbn8Vd02hvhPnS7Tt4XhQRscXBTY7D8b57R2Lz7AR-uF6k7hP5cU15we7bVXMVjGelezFpblLMxiB0EM0w6HN82yucPZRGFW4S8SPN2Mz6CoIYBHT72wwSvgKXtNqnhezG1RaQ-R4dPrZBVKVNBNIqBaHbmD8wOq-GJQ49FOdLMQZ1Rj_UCALoJlxLPC5xlQGrtQQHzgbx4bbwqaswG_wN-uIUp8Q-5re1be1E9qpior4f6gwGYJLG2-kfcum3aBEC7AK9tqLhcOuEEnFY73HMUfS2ha-vrEXEDIs5T72YQ7JFr2njJMvBw9fK-HZfi2CyWkQrQ
使用上述两种方法任一均可,拿到token后重新登陆,可正常显示数据了
谷歌浏览器
仅做上述修改无法打开,显示以下信息
10.XX.XX.52 通常会使用加密技术来保护您的信息。Google Chrome 此次尝试连接到 10.XX.XX.52 时,此网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 10.XX.XX.52,或 Wi-Fi
登录屏幕中断了此次连接。请放心,您的信息仍然是安全的,因为 Google Chrome 尚未进行任何数据交换便停止了连接。您目前无法访问 10.XX.XX.52,因为此网站发送了 Google Chrome
无法处理的杂乱凭据。网络错误和攻击通常是暂时的,因此,此网页稍后可能会恢复正常。
先把之前启动的资源全部删除掉
[root@master k8syaml]# kubectl delete -f recommended.yaml
namespace "kubernetes-dashboard" deleted
serviceaccount "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted
secret "kubernetes-dashboard-certs" deleted
secret "kubernetes-dashboard-csrf" deleted
secret "kubernetes-dashboard-key-holder" deleted
configmap "kubernetes-dashboard-settings" deleted
role.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
clusterrole.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
deployment.apps "kubernetes-dashboard" deleted
service "dashboard-metrics-scraper" deleted
deployment.apps "dashboard-metrics-scraper" deleted
需要额外修改recommended.yaml
以下内容全部注释掉
# apiVersion: v1
# kind: Secret
# metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
# type: Opaque
自己生成kubernetes-dashboard-certs
新建一个目录并进入
# 生成 key
[root@master create_cert]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
............................+++
.+++
e is 65537 (0x10001)
[root@master create_cert]# ll
total 4
-rw-r--r-- 1 root root 1675 Jan 7 17:31 dashboard.key
[root@master create_cert]# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=**10.180.249.52**'
[root@master create_cert]# ll
total 8
-rw-r--r-- 1 root root 903 Jan 7 17:32 dashboard.csr
-rw-r--r-- 1 root root 1675 Jan 7 17:31 dashboard.key
# 生成自签证书
[root@master create_cert]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=**10.180.249.52**
Getting Private key
[root@master create_cert]# ll
total 12
-rw-r--r-- 1 root root 997 Jan 7 17:32 dashboard.crt
-rw-r--r-- 1 root root 903 Jan 7 17:32 dashboard.csr
-rw-r--r-- 1 root root 1675 Jan 7 17:31 dashboard.key
# 使用自签证书创建secret
[root@master create_cert]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created
再次启动应用
[root@master k8syaml]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
稍等片刻查看pod和service信息
[root@master create_cert]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-76585494d8-mq62z 1/1 Running 0 6m15s 10.200.1.4 worker1.node <none> <none>
pod/kubernetes-dashboard-5f698b69fb-44vxj 1/1 Running 0 6m15s 10.200.0.6 master.node <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.96.183.245 <none> 8000/TCP 6m15s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.96.106.179 <none> 443:30001/TCP 6m15s k8s-app=kubernetes-dashboard
查看sa和secret信息
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/default 1 19m
serviceaccount/kubernetes-dashboard 1 19m
NAME TYPE DATA AGE
secret/default-token-kjrs9 kubernetes.io/service-account-token 3 19m
secret/kubernetes-dashboard-certs Opaque 2 14m
secret/kubernetes-dashboard-csrf Opaque 1 19m
secret/kubernetes-dashboard-key-holder Opaque 2 19m
secret/kubernetes-dashboard-token-bhcxb kubernetes.io/service-account-token 3 19m
在浏览器上打开https://IP:30001,可以正常打开,选择高级-继续前往即可打开登陆页面
正常使用仍然需要新建管理员用户,参考火狐部分。
参考
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
7
0- 0
已为社区贡献3条内容
所有评论(0)