k8s-1:dashboard使用用户名，密码登录以及使用http方式登录

目录

一、安装

二、设置用户名密码登录

三、报错：

四、http方式登录

---

一、安装

访问地址：

https://192.168.50.26:30001/

admin/admin

项目下载地址:

https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dashboard

本次安装的版本是2.4.0,最下面是修改后的yaml可直接复制使用

install

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

最好是先下载到本地,在修改service的端口

kubectl proxy

 

创建一个cluster-admin角色的service account , 和一个clusterrolebinding, 以便访问所有的k8s资源

kubectl create serviceaccount cluster-admin-dashboard-sa    kubectl create clusterrolebinding cluster-admin-dashboard-sa \   --clusterrole=cluster-admin \   --serviceaccount=default:cluster-admin-dashboard-sa

Copy产生的Token，并使用此Token登录到dashboard中

root@master24:/opt/yaml# vim recommended.yaml root@master24:/opt/yaml#  kubectl get secret | grep cluster-admin-dashboard-sa cluster-admin-dashboard-sa-token-wlb74   kubernetes.io/service-account-token   3      12m root@master24:/opt/yaml#  kubectl describe secrets/cluster-admin-dashboard-sa-token-wlb74 Name:         cluster-admin-dashboard-sa-token-wlb74 Namespace:    default Labels:       Annotations:  kubernetes.io/service-account.name: cluster-admin-dashboard-sa               kubernetes.io/service-account.uid: c143a476-e401-43d2-8f5e-bc75ad7ffbbd Type:  kubernetes.io/service-account-token Data ==== namespace:  7 bytes token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1UMk1jWWM4X2FkeHphNWNtREtYeUVSR1lpX1BSQlZRMk5ieTVMVHB1RkEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImNsdXN0ZXItYWRtaW4tZGFzaGJvYXJkLXNhLXRva2VuLXdsYjc0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNsdXN0ZXItYWRtaW4tZGFzaGJvYXJkLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYzE0M2E0NzYtZTQwMS00M2QyLThmNWUtYmM3NWFkN2ZmYmJkIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6Y2x1c3Rlci1hZG1pbi1kYXNoYm9hcmQtc2EifQ.FAOYWZT2zIYEnOm1nnXBH5g1EFG6LWXDas1xvBUIhEIuvhOK15T3X-J23cmnWyo-vCP1LwiWGYkzwsM2KH52roiCobPtEd9fCQwrUTvj1Gr9PEItV-PiXWEZRFPXdvtVFbi9QE4JwHogRuQ1x8N-acYxgxdJ5QMESiPljSMUMg7LjeFkjZWa3_h7Prx8RR1aSFaNxFQw_wzH6Lgu1VHXnmyxJi5bwjuUG1Kycu1Gt8Mokl_FlRTIQO3sEI0jlq_1A4d1c6UyxA6r_tbQu2CWHBYQo3FVVN85y_SLHUbxBEvSkGpT3Trc-UJbDm9r0vS1rPlJvsXnhBkhnX_l1KTgMg ca.crt:     1099 bytes

看到界面:

 

 

二、设置用户名密码登录

A。备份kube-apiserver.yaml（重要）

cp /etc/kubernetes/manifests/kube-apiserver.yaml  /etc/kubernetes/manifests/kube-apiserver.yaml-bake-20211129

B。新增密码

账户admin密码admin，唯一id是1

echo "admin,admin,1" > /etc/kubernetes/pki/basic_auth_file echo "feng.yuqing,fyq@123,2" >> /etc/kubernetes/pki/basic_auth_file

每行写一个账号，id不能重复 

C。修改apiserver.yaml

vim /etc/kubernetes/manifests/kube-apiserver.yaml #加入这一行 - --token-auth-file=/etc/kubernetes/pki/basic_auth_file #保存退出

D。查看状态

apiserver.yaml被修改后会自动重启（十秒左右），查看状态有报错

 

E。为admin/fengyuqing用户绑定权限

# admin绑定权限 kubectl create clusterrolebinding login-on-dashboard-with-cluster-admin --clusterrole=cluster-admin --user=admin # 查看绑定结果 kubectl get clusterrolebinding login-on-dashboard-with-cluster-admin

F。修改recommended.yaml

recommended.yaml 是dashboard相关部署文件。

- --token-ttl=21600 - --authentication-mode=basic

 

G。浏览器查看结果

报错：

configmaps is forbidden: User  system:anonymous cannot list resource configmaps in API g_wangmiaoyan
解决：

kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous

 

解决：

kubectl create clusterrolebinding gitlab-cluster-admin --clusterrole=cluster-admin --group=system:serviceaccounts --namespace=dev

三、http方式登录

 很简单的就是把之前的https的端口改成非https的，话不多说直接上代码

cat Deployment-https.yaml

 

kind: Deployment apiVersion: apps/v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard spec:   replicas: 1   revisionHistoryLimit: 10   selector:     matchLabels:       k8s-app: kubernetes-dashboard   template:     metadata:       labels:         k8s-app: kubernetes-dashboard     spec:       containers:         - name: kubernetes-dashboard           image: kubernetesui/dashboard:v2.4.0           imagePullPolicy: Always           ports:             - containerPort: 9090               protocol: TCP              # name: https             #- containerPort: 9090             #  protocol: TCP             #  name: http           args:            # - --auto-generate-certificates             - --namespace=kubernetes-dashboard           #  - --token-ttl=21600           #  - --authentication-mode=basic             # Uncomment the following line to manually specify Kubernetes API server Host             # If not specified, Dashboard will attempt to auto discover the API server and connect             # to it. Uncomment only if the default does not work.  #           - --apiserver-host=http://kubernetes-dashboard.kubernetes-dashboard:80           volumeMounts:             - name: kubernetes-dashboard-certs               mountPath: /certs               # Create on-disk volume to store exec logs             - mountPath: /tmp               name: tmp-volume           livenessProbe:             httpGet:              # scheme: HTTP               path: /               port: 9090             initialDelaySeconds: 30             timeoutSeconds: 30           securityContext:             allowPrivilegeEscalation: false             readOnlyRootFilesystem: true             runAsUser: 1001             runAsGroup: 2001       volumes:         - name: kubernetes-dashboard-certs           secret:             secretName: kubernetes-dashboard-certs         - name: tmp-volume           emptyDir: {}       serviceAccountName: kubernetes-dashboard       nodeSelector:         "kubernetes.io/os": linux       # Comment the following tolerations if Dashboard must not be deployed on master       tolerations:         - key: node-role.kubernetes.io/master           effect: NoSchedule

 cat  service-http.yaml

--- kind: Service apiVersion: v1 metadata:   labels:     k8s-app: kubernetes-dashboard   name: kubernetes-dashboard   namespace: kubernetes-dashboard spec:   type: NodePort   ports:  #W   - port: 443  #     targetPort: 8443  #     name: https  #     nodePort: 30001     - port: 80       targetPort: 9090       nodePort: 30001 #      name: http   selector:     k8s-app: kubernetes-dashboard