k8s的dashboard搭建以及chrome浏览器不能访问问题解决

自己个人笔记，借鉴了网上文章，时间太久也找不到链接了，就不放了
1.下载yaml文件

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

2.修改yaml文件

修改源文件
containers:
  - name: kubernetes-dashboard
    #image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
    image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1

修改port类型
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort    # 这里
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
    
# ------------------- Dashboard Secret ------------------- #
将这些都注释掉
#apiVersion: v1
#kind: Secret
#metadata:
#  labels:
#    k8s-app: kubernetes-dashboard
#  name: kubernetes-dashboard-certs
#  namespace: kube-system
#type: Opaque
因为生成的证书有问题，导致chrome访问不了

3.生成pod资源

生成pod
kubectl apply -f kubernetes-dashboard.yaml

4.生成有效的证书

mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048 
#写自己的ip
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=10.10.9.201'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 
#删除原有的证书secret，这步因为注释了yaml中证书的配置，所以不需要
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
#查看pod
kubectl get pod -n kube-system
#重启pod
kubectl delete pod kubernetes-dashboard-78dc5f9d6b-zgvr6  -n kube-system

5.创建绑定用户

1.创建一个叫admin-user的服务账号:
[root@k8s01 ~]# cat admin-user.yaml 
# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
[root@k8s01 ~]# kubectl create -f admin-user.yaml

2.直接绑定admin角色:
[root@k8s01 ~]# cat admin-user-role-binding.yaml 
# admin-user-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
[root@k8s01 ~]# kubectl create -f  admin-user-role-binding.yaml

6.登录访问

地址：https://10.10.9.201:30001
自己的ip和自己配置的端口

获取登录需要的token
[root@master dashboard]# kubectl get secrets -n kube-system 
NAME                               TYPE                                  DATA   AGE
admin-user-token-h7t2g             kubernetes.io/service-account-token   3      26m
default-token-xlsch                kubernetes.io/service-account-token   3      3d18h
kubernetes-dashboard-certs         Opaque                                2      3h25m
kubernetes-dashboard-key-holder    Opaque                                2      3h52m
kubernetes-dashboard-token-zbv8v   kubernetes.io/service-account-token   3      3h29m
You have new mail in /var/spool/mail/root
[root@master dashboard]# kubectl describe secrets admin-user-token-h7t2g  -n kube-system