软件 | 版本 |
---|---|
centos | 7.4-1708 |
docker | 18.03.0-ce |
kubernetes | 1.17.0 |
最新的配置文件v2.0.0-beta8
版本recommended.yaml
官方UI文档
[root@master k8syaml]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
--2020-01-07 14:39:38-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.0.133, 151.101.64.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.0.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.64.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.128.133|:443... failed: Connection timed out.
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7568 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’
100%[====================================================================================================================================================================================================================================>] 7,568 3.02KB/s in 2.4s
2020-01-07 14:46:03 (3.02 KB/s) - ‘recommended.yaml’ saved [7568/7568]
原文件内容
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
修改为
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort #新增
ports:
- port: 443
nodePort: 30001 #新增
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
原文件内容
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
修改为
spec:
# nodeName: master.node 指定到master节点,指不指定根据需要
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.0.0-beta8
# imagePullPolicy: Always
imagePullPolicy: IfNotPresent #不存在再下载
ports:
- containerPort: 8443
protocol: TCP
在master节点执行
[root@master k8syaml]# docker pull kubernetesui/dashboard:v2.0.0-beta8
v2.0.0-beta8: Pulling from kubernetesui/dashboard
5cd0d71945f0: Pull complete
Digest: sha256:fc90baec4fb62b809051a3227e71266c0427240685139bbd5673282715924ea7
Status: Downloaded newer image for kubernetesui/dashboard:v2.0.0-beta8
[root@master k8syaml]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
查看pod和service状态
[root@master k8syaml]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-76585494d8-gbkzp 1/1 Running 0 2m9s 10.200.2.4 worker2.node <none> <none>
pod/kubernetes-dashboard-5f698b69fb-dxv8z 1/1 Running 0 2m9s 10.200.0.5 master.node <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.96.98.114 <none> 8000/TCP 2m9s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.96.97.104 <none> 443:30001/TCP 2m9s k8s-app=kubernetes-dashboard
浏览器上输入master节点https://IP:30001
选择用默认用户kubernetes-dashboard
的token登陆
查看serviceaccount和secrets
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/default 1 25m
serviceaccount/kubernetes-dashboard 1 25m
NAME TYPE DATA AGE
secret/default-token-rf26t kubernetes.io/service-account-token 3 25m
secret/kubernetes-dashboard-certs Opaque 0 25m
secret/kubernetes-dashboard-csrf Opaque 1 25m
secret/kubernetes-dashboard-key-holder Opaque 2 25m
secret/kubernetes-dashboard-token-ls8l4 kubernetes.io/service-account-token 3 25m
查看token
[root@master k8syaml]# kubectl describe secrets kubernetes-dashboard-token-ls8l4 -n kubernetes-dashboard
Name: kubernetes-dashboard-token-ls8l4
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: ec58717f-ae47-4bfb-bff3-ffb677e73f2f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sczhsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVjNTg3MTdmLWFlNDctNGJmYi1iZmYzLWZmYjY3N2U3M2YyZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.K-_hKDZfnjgHAK4b_a3Umm9deFtLJzI0pAown0vyNa8Gofx8pcyUkfT0IDMrkxnPLONbTUjom433WmR6e8TP0DlE0YKc_UgkhIY-viHEqdngrYujmJRC6thduITo5ysLoh6tI2h7XcgDoGfoWoUhJOl_SecoV45BpuEXF8xhxacXerHMSWKfaSCtI36gGkmz3yU6ds1MgabG2PTkU0yDEIgqm0YLoucM66Hp_4eL2M0mtbhDKsqERZhC67A2d13jRBwMmRCtk-8ogry1qf1iCXWcaZy2TV6Sj8Az3_0NDm6IqdEEHEMp0_eEDJDgCf9a6ZG0Dm4PK8vtoFX7LrW5GQ
或者
[root@master k8syaml]# kubectl describe secrets $(kubectl get secrets -n kubernetes-dashboard | awk '/kubernetes-dashboard-token/{print $1}' ) -n kubernetes-dashboard |sed -n '/token:.*/p'
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sczhsNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImVjNTg3MTdmLWFlNDctNGJmYi1iZmYzLWZmYjY3N2U3M2YyZiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.K-_hKDZfnjgHAK4b_a3Umm9deFtLJzI0pAown0vyNa8Gofx8pcyUkfT0IDMrkxnPLONbTUjom433WmR6e8TP0DlE0YKc_UgkhIY-viHEqdngrYujmJRC6thduITo5ysLoh6tI2h7XcgDoGfoWoUhJOl_SecoV45BpuEXF8xhxacXerHMSWKfaSCtI36gGkmz3yU6ds1MgabG2PTkU0yDEIgqm0YLoucM66Hp_4eL2M0mtbhDKsqERZhC67A2d13jRBwMmRCtk-8ogry1qf1iCXWcaZy2TV6Sj8Az3_0NDm6IqdEEHEMp0_eEDJDgCf9a6ZG0Dm4PK8vtoFX7LrW5GQ
用上面得到的token登陆之后,界面上数据显示不出来
并提示权限不足
新建一个create-admin.yaml
填入以下内容
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
保存退出,并执行
[root@master k8syaml]# kubectl apply -f create-admin.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
查看sa和secret
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/admin-user 1 64s
serviceaccount/default 1 42m
serviceaccount/kubernetes-dashboard 1 42m
NAME TYPE DATA AGE
secret/admin-user-token-t79xh kubernetes.io/service-account-token 3 64s
secret/default-token-rf26t kubernetes.io/service-account-token 3 42m
secret/kubernetes-dashboard-certs Opaque 0 42m
secret/kubernetes-dashboard-csrf Opaque 1 42m
secret/kubernetes-dashboard-key-holder Opaque 2 42m
secret/kubernetes-dashboard-token-ls8l4 kubernetes.io/service-account-token 3 42m
[root@master k8syaml]# kubectl describe secret admin-user-token-t79xh -n kubernetes-dashboard
Name: admin-user-token-t79xh
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 0723ea98-f2e7-47ce-a954-eb99013dda47
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXQ3OXhoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNzIzZWE5OC1mMmU3LTQ3Y2UtYTk1NC1lYjk5MDEzZGRhNDciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.aaQgyqDJ217d4sxv0uPL6lSVntQmq3NLM2g5w3newhj4rBkXW1RGmKJQtuqSEx4CeGlbPknl1nsFrG4Z0WOSa2ZHj8zDI1YXaxNmpuOPYC94TMYpfK1p1tSVXYJhrnPggQmsa-O7m3S7cNkPgFtpS_GMgGqdh6zWTzQVQyvMHrWcczCe3kW4XJzU7F-v8uEzD5m7Kn7iivV9L4PMqtOb7_qeeDzuMLmAnmJREDyiE7lumc_ZfdoDdHS6jbmv_J4yFf0YWu_lqXbM1mLFdfTVjVcsIuGqGwXM2YZ7nnuIrZwNTiXoJcL4rK8sBvbgfrgIt-iqA3VlcbYYqLiNeTxLNQ
或者用下面这种方法
# 创建serviceaccount
[root@master k8syaml]# kubectl create serviceaccount admin-myuser -n kubernetes-dashboard
serviceaccount/admin-myuser created
# sa绑定集群管理员
[root@master k8syaml]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-myuser
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/admin-myuser 1 84s
serviceaccount/default 1 58m
serviceaccount/kubernetes-dashboard 1 58m
NAME TYPE DATA AGE
secret/admin-myuser-token-275f9 kubernetes.io/service-account-token 3 87s
secret/default-token-rf26t kubernetes.io/service-account-token 3 58m
secret/kubernetes-dashboard-certs Opaque 0 58m
secret/kubernetes-dashboard-csrf Opaque 1 58m
secret/kubernetes-dashboard-key-holder Opaque 2 58m
secret/kubernetes-dashboard-token-ls8l4 kubernetes.io/service-account-token 3 58m
查看token
[root@master k8syaml]# kubectl describe secret admin-myuser-token-275f9 -n kubernetes-dashboard
Name: admin-myuser-token-275f9
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-myuser
kubernetes.io/service-account.uid: bfcb1bdc-4740-4c3a-9e36-2602842b96a7
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ikh0ZVdaNkxaMkJtQ0Rpb3FZS1ZkRmxvTDhyWnNwRHV0VmtMLXk1ZlE2YzgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi1teXVzZXItdG9rZW4tMjc1ZjkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYWRtaW4tbXl1c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmZjYjFiZGMtNDc0MC00YzNhLTllMzYtMjYwMjg0MmI5NmE3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLW15dXNlciJ9.ysqLRFHBXOPOZjLDbn8Vd02hvhPnS7Tt4XhQRscXBTY7D8b57R2Lz7AR-uF6k7hP5cU15we7bVXMVjGelezFpblLMxiB0EM0w6HN82yucPZRGFW4S8SPN2Mz6CoIYBHT72wwSvgKXtNqnhezG1RaQ-R4dPrZBVKVNBNIqBaHbmD8wOq-GJQ49FOdLMQZ1Rj_UCALoJlxLPC5xlQGrtQQHzgbx4bbwqaswG_wN-uIUp8Q-5re1be1E9qpior4f6gwGYJLG2-kfcum3aBEC7AK9tqLhcOuEEnFY73HMUfS2ha-vrEXEDIs5T72YQ7JFr2njJMvBw9fK-HZfi2CyWkQrQ
使用上述两种方法任一均可,拿到token后重新登陆,可正常显示数据了
仅做上述修改无法打开,显示以下信息
10.XX.XX.52 通常会使用加密技术来保护您的信息。Google Chrome 此次尝试连接到 10.XX.XX.52 时,此网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 10.XX.XX.52,或 Wi-Fi
登录屏幕中断了此次连接。请放心,您的信息仍然是安全的,因为 Google Chrome 尚未进行任何数据交换便停止了连接。您目前无法访问 10.XX.XX.52,因为此网站发送了 Google Chrome
无法处理的杂乱凭据。网络错误和攻击通常是暂时的,因此,此网页稍后可能会恢复正常。
先把之前启动的资源全部删除掉
[root@master k8syaml]# kubectl delete -f recommended.yaml
namespace "kubernetes-dashboard" deleted
serviceaccount "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted
secret "kubernetes-dashboard-certs" deleted
secret "kubernetes-dashboard-csrf" deleted
secret "kubernetes-dashboard-key-holder" deleted
configmap "kubernetes-dashboard-settings" deleted
role.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
clusterrole.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
clusterrolebinding.rbac.authorization.k8s.io "kubernetes-dashboard" deleted
deployment.apps "kubernetes-dashboard" deleted
service "dashboard-metrics-scraper" deleted
deployment.apps "dashboard-metrics-scraper" deleted
需要额外修改recommended.yaml
以下内容全部注释掉
# apiVersion: v1
# kind: Secret
# metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
# type: Opaque
自己生成kubernetes-dashboard-certs
新建一个目录并进入
# 生成 key
[root@master create_cert]# openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
............................+++
.+++
e is 65537 (0x10001)
[root@master create_cert]# ll
total 4
-rw-r--r-- 1 root root 1675 Jan 7 17:31 dashboard.key
[root@master create_cert]# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=**10.180.249.52**'
[root@master create_cert]# ll
total 8
-rw-r--r-- 1 root root 903 Jan 7 17:32 dashboard.csr
-rw-r--r-- 1 root root 1675 Jan 7 17:31 dashboard.key
# 生成自签证书
[root@master create_cert]# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=**10.180.249.52**
Getting Private key
[root@master create_cert]# ll
total 12
-rw-r--r-- 1 root root 997 Jan 7 17:32 dashboard.crt
-rw-r--r-- 1 root root 903 Jan 7 17:32 dashboard.csr
-rw-r--r-- 1 root root 1675 Jan 7 17:31 dashboard.key
# 使用自签证书创建secret
[root@master create_cert]# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created
再次启动应用
[root@master k8syaml]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
稍等片刻查看pod和service信息
[root@master create_cert]# kubectl get pods,svc -n kubernetes-dashboard -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/dashboard-metrics-scraper-76585494d8-mq62z 1/1 Running 0 6m15s 10.200.1.4 worker1.node <none> <none>
pod/kubernetes-dashboard-5f698b69fb-44vxj 1/1 Running 0 6m15s 10.200.0.6 master.node <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/dashboard-metrics-scraper ClusterIP 10.96.183.245 <none> 8000/TCP 6m15s k8s-app=dashboard-metrics-scraper
service/kubernetes-dashboard NodePort 10.96.106.179 <none> 443:30001/TCP 6m15s k8s-app=kubernetes-dashboard
查看sa和secret信息
[root@master k8syaml]# kubectl get sa,secrets -n kubernetes-dashboard
NAME SECRETS AGE
serviceaccount/default 1 19m
serviceaccount/kubernetes-dashboard 1 19m
NAME TYPE DATA AGE
secret/default-token-kjrs9 kubernetes.io/service-account-token 3 19m
secret/kubernetes-dashboard-certs Opaque 2 14m
secret/kubernetes-dashboard-csrf Opaque 1 19m
secret/kubernetes-dashboard-key-holder Opaque 2 19m
secret/kubernetes-dashboard-token-bhcxb kubernetes.io/service-account-token 3 19m
在浏览器上打开https://IP:30001
,可以正常打开,选择高级-继续前往即可打开登陆页面
正常使用仍然需要新建管理员用户,参考火狐部分。