Kubernetes dashboard Deploy

Kubernetes 1.15でのお話

#yaml download

mkdir dashboard
cd dashboard
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dashboard/dashboard-controller.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dashboard/dashboard-rbac.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dashboard/dashboard-service.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dashboard/dashboard-configmap.yaml
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dashboard/dashboard-secret.yaml

#deploy dashboard

kubectl create -f ./

make certificate and token

mkdir certs
cd certs/
openssl genrsa -out dashboard.key 2048
openssl req -subj "/C=JP/ST=Tokyo/L=Tokyo/O=test/OU=test Software/CN=test.jp/emailAddress=test@test.jp" -new -key dashboard.key -out dashboard.csr
openssl x509 -req -days 3650 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
cd ../
kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kube-system
cat > admin-token.yaml << EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: admin
 annotations:
   rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
 kind: ClusterRole
 name: cluster-admin
 apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
 name: admin
 namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
 name: admin
 namespace: kube-system
 labels:
   kubernetes.io/cluster-service: "true"
   addonmanager.kubernetes.io/mode: Reconcile
EOF

#deploy token

kubectl apply -f admin-token.yaml
kubectl get secret -n kube-system | grep admin | awk -F ' ' '{print $1}' | xargs kubectl -n kube-system describe secret