13-kubernetes dashboard认证及分级授权
kubernets核心附件 Dashboard
项目地址:https://github.com/kubernetes/dashboard 安装方式可参考此项目地址
一、制作一个证书
1.生成私钥
cd /etc/kubernetes/pki (umask 077; openssl genrsa -out dashboard.key 2048)
2.生成证书
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=kuberusers/CN=dashboard"
3.由ca.key 签署
openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
4.查看
openssl x509 -in dashboard.crt -text -noout
二、把签署好的证书 加入secret 中
kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key #1.添加集群信息 kubectl config set-cluster kubernetes --embed-certs=true \ --certificate-authority=./ca.crt \ --server="https://192.168.1.90:6443" #2.配置客户端证书及密钥 kubectl config set-credentials dashboard --embed-certs=true \ --client-certificate=/etc/kubernetes/pki/dashboard.crt \ --client-key=/etc/kubernetes/pki/dashboard.key #设置context集群上下文 kubectl config set-context dashboard@kubernetes --cluster=kubernetes --user=dashboard #查看 kubectl config view #切换到新建的dashboard用户上 kubectl config use-context dashboard@kubernetes
三.安装dashboard 并暴露端口至节点外
#安装dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
#把dashboard访问地址暴露至外网
#方式1:
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
#查看node端口
kubectl get svc -n kube-system
#访问地址
https://NodeIP:Port
#方式2:
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' --disable-filter=true
http://MasterIP:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
四、创建SA账号,并查看Token
#创建SA账号 kubectl create serviceaccount dashboard-admin -n kube-system kubectl get sa -n kube-system #绑定SA账号至集群管理员 kubectl create rolebinding dash-admin --clusterrole=admin --serviceaccount=kube-system:dashboard-admin #查看Toke令牌,拿去登录 kubectl get secret -n kube-system kubectl describe secret dashboard-admin-token-nzrl2 -n kube-system
桂ICP备16010384号-1
停留在世界边缘,与之惜别