# kubectl create namespace kubernetes-dashboard
# mkdir $HOME/certs
# kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kubernetes-dashboard
# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml
$ vim recommended.yaml
# 把创建 kubernetes-dashboard-certs Secret 注释掉,前面已通过命令创建
#apiVersion: v1
#kind: Secret
#metadata:
# labels:
# k8s-app: kubernetes-dashboard
# name: kubernetes-dashboard-certs
# namespace: kubernetes-dashboard
#type: Opaque
# 添加ssl证书路径,关闭自动更新证书,添加多长时间登出
containers:
- args:
#- --auto-generate-certificates
- --tls-cert-file=/tls.crt
- --tls-key-file=/tls.key
- --token-ttl=3600 #这个是登陆token的过期时间,如果不想重复输入token,可以设置长点
# kubectl apply -f recommended.yaml
[root@VM_1_4_centos ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-555dc8bbb4-c8wtd 1/1 Running 0 24h
kubernetes-dashboard-755c66fc9f-p4tjd 1/1 Running 0 135m
# vim create-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
# kubectl apply -f create-admin.yaml
# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')