|
|
@@ -0,0 +1,151 @@
|
|
|
+#!/bin/bash
|
|
|
+# create-dashboard-kubeconfig-fixed.sh
|
|
|
+
|
|
|
+echo "🔧 创建 Kubernetes Dashboard 可用的 kubeconfig 文件..."
|
|
|
+
|
|
|
+# 1. 确保 dashboard-user 存在并具有权限
|
|
|
+cat <<EOF | kubectl apply -f -
|
|
|
+apiVersion: v1
|
|
|
+kind: ServiceAccount
|
|
|
+metadata:
|
|
|
+ name: dashboard-user
|
|
|
+ namespace: kubernetes-dashboard
|
|
|
+---
|
|
|
+apiVersion: rbac.authorization.k8s.io/v1
|
|
|
+kind: ClusterRoleBinding
|
|
|
+metadata:
|
|
|
+ name: dashboard-user-binding
|
|
|
+roleRef:
|
|
|
+ apiGroup: rbac.authorization.k8s.io
|
|
|
+ kind: ClusterRole
|
|
|
+ name: cluster-admin
|
|
|
+subjects:
|
|
|
+- kind: ServiceAccount
|
|
|
+ name: dashboard-user
|
|
|
+ namespace: kubernetes-dashboard
|
|
|
+EOF
|
|
|
+
|
|
|
+# 2. 等待 secret 创建完成
|
|
|
+sleep 3
|
|
|
+
|
|
|
+# 3. 获取正确的 token
|
|
|
+# 方法1:使用 create token 命令(推荐)
|
|
|
+TOKEN=$(kubectl create token dashboard-user -n kubernetes-dashboard --duration=8760h)
|
|
|
+
|
|
|
+# 如果方法1失败,使用方法2
|
|
|
+if [ -z "$TOKEN" ] || [ "$TOKEN" == "" ]; then
|
|
|
+ echo "⚠️ 方法1失败,尝试方法2..."
|
|
|
+ SECRET_NAME=$(kubectl get serviceaccount dashboard-user -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}')
|
|
|
+ TOKEN=$(kubectl get secret $SECRET_NAME -n kubernetes-dashboard -o jsonpath='{.data.token}' | base64 --decode)
|
|
|
+fi
|
|
|
+
|
|
|
+# 验证 token 是否有效
|
|
|
+if [ -z "$TOKEN" ] || [ "$TOKEN" == "" ]; then
|
|
|
+ echo "❌ 无法获取 token,正在创建新的 secret..."
|
|
|
+
|
|
|
+ # 删除现有的 secret(如果有)
|
|
|
+ kubectl delete secret dashboard-user-token -n kubernetes-dashboard 2>/dev/null || true
|
|
|
+
|
|
|
+ # 创建新的 secret
|
|
|
+ kubectl apply -f - <<EOF
|
|
|
+apiVersion: v1
|
|
|
+kind: Secret
|
|
|
+metadata:
|
|
|
+ name: dashboard-user-token
|
|
|
+ namespace: kubernetes-dashboard
|
|
|
+ annotations:
|
|
|
+ kubernetes.io/service-account.name: dashboard-user
|
|
|
+type: kubernetes.io/service-account-token
|
|
|
+EOF
|
|
|
+
|
|
|
+ # 关联 secret 到 service account
|
|
|
+ kubectl patch serviceaccount dashboard-user -n kubernetes-dashboard --patch "{\"secrets\": [{\"name\": \"dashboard-user-token\"}]}"
|
|
|
+
|
|
|
+ sleep 3
|
|
|
+ TOKEN=$(kubectl get secret dashboard-user-token -n kubernetes-dashboard -o jsonpath='{.data.token}' | base64 --decode)
|
|
|
+fi
|
|
|
+
|
|
|
+# 4. 获取集群信息
|
|
|
+SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
|
|
|
+
|
|
|
+# 如果 server 地址是 localhost,需要改为节点 IP
|
|
|
+if [[ $SERVER == *"localhost"* ]] || [[ $SERVER == *"127.0.0.1"* ]]; then
|
|
|
+ NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
|
|
|
+ SERVER="https://${NODE_IP}:6443"
|
|
|
+fi
|
|
|
+
|
|
|
+# 5. 创建 kubeconfig 文件
|
|
|
+cat > dashboard-kubeconfig.yaml <<EOF
|
|
|
+apiVersion: v1
|
|
|
+clusters:
|
|
|
+- cluster:
|
|
|
+ insecure-skip-tls-verify: true
|
|
|
+ server: ${SERVER}
|
|
|
+ name: kubernetes-cluster
|
|
|
+contexts:
|
|
|
+- context:
|
|
|
+ cluster: kubernetes-cluster
|
|
|
+ user: dashboard-user
|
|
|
+ namespace: kubernetes-dashboard
|
|
|
+ name: dashboard-context
|
|
|
+current-context: dashboard-context
|
|
|
+kind: Config
|
|
|
+preferences: {}
|
|
|
+users:
|
|
|
+- name: dashboard-user
|
|
|
+ user:
|
|
|
+ token: ${TOKEN}
|
|
|
+EOF
|
|
|
+
|
|
|
+# 6. 验证 kubeconfig
|
|
|
+echo "🔍 验证 kubeconfig 文件内容..."
|
|
|
+echo "=========================================="
|
|
|
+cat dashboard-kubeconfig.yaml
|
|
|
+echo "=========================================="
|
|
|
+
|
|
|
+# 7. 测试 kubeconfig
|
|
|
+echo "🧪 测试 kubeconfig 是否有效..."
|
|
|
+if kubectl --kubeconfig=dashboard-kubeconfig.yaml get nodes > /dev/null 2>&1; then
|
|
|
+ echo "✅ kubeconfig 测试成功!"
|
|
|
+else
|
|
|
+ echo "⚠️ kubeconfig 测试失败,尝试另一种格式..."
|
|
|
+
|
|
|
+ # 尝试使用证书方式
|
|
|
+ cat > dashboard-kubeconfig-alternative.yaml <<EOF
|
|
|
+apiVersion: v1
|
|
|
+clusters:
|
|
|
+- cluster:
|
|
|
+ certificate-authority-data: $(kubectl get secret $(kubectl get serviceaccount dashboard-user -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}') -n kubernetes-dashboard -o jsonpath='{.data.ca\.crt}')
|
|
|
+ server: ${SERVER}
|
|
|
+ name: kubernetes-cluster
|
|
|
+contexts:
|
|
|
+- context:
|
|
|
+ cluster: kubernetes-cluster
|
|
|
+ user: dashboard-user
|
|
|
+ name: dashboard-context
|
|
|
+current-context: dashboard-context
|
|
|
+kind: Config
|
|
|
+users:
|
|
|
+- name: dashboard-user
|
|
|
+ user:
|
|
|
+ token: ${TOKEN}
|
|
|
+EOF
|
|
|
+
|
|
|
+ echo "🔄 已创建替代格式的 kubeconfig"
|
|
|
+ mv dashboard-kubeconfig-alternative.yaml dashboard-kubeconfig.yaml
|
|
|
+fi
|
|
|
+
|
|
|
+echo ""
|
|
|
+echo "📋 使用说明:"
|
|
|
+echo "1. 文件已创建: $(pwd)/dashboard-kubeconfig.yaml"
|
|
|
+echo "2. 访问 Dashboard: https://192.168.92.96:8443"
|
|
|
+echo "3. 选择 'Kubeconfig' 登录方式"
|
|
|
+echo "4. 选择刚才创建的文件"
|
|
|
+echo ""
|
|
|
+echo "🔑 Token 值(备用):"
|
|
|
+echo "${TOKEN:0:50}..."
|
|
|
+echo ""
|
|
|
+echo "📝 如果仍然失败,请尝试以下步骤:"
|
|
|
+echo " a. 检查 token 长度: ${#TOKEN} 字符"
|
|
|
+echo " b. 确保 token 不为空"
|
|
|
+echo " c. 尝试使用 Token 方式直接登录"
|
