CRBC-MaaS-Platform-Project
/
LQDeployConfig


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
							#!/bin/bash
# create-dashboard-kubeconfig-fixed.sh

echo "🔧 创建 Kubernetes Dashboard 可用的 kubeconfig 文件..."

# 1. 确保 dashboard-user 存在并具有权限
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-user-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-user
  namespace: kubernetes-dashboard
EOF

# 2. 等待 secret 创建完成
sleep 3

# 3. 获取正确的 token
# 方法1：使用 create token 命令（推荐）
TOKEN=$(kubectl create token dashboard-user -n kubernetes-dashboard --duration=8760h)

# 如果方法1失败，使用方法2
if [ -z "$TOKEN" ] || [ "$TOKEN" == "" ]; then
    echo "⚠️  方法1失败，尝试方法2..."
    SECRET_NAME=$(kubectl get serviceaccount dashboard-user -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}')
    TOKEN=$(kubectl get secret $SECRET_NAME -n kubernetes-dashboard -o jsonpath='{.data.token}' | base64 --decode)
fi

# 验证 token 是否有效
if [ -z "$TOKEN" ] || [ "$TOKEN" == "" ]; then
    echo "❌ 无法获取 token，正在创建新的 secret..."
    
    # 删除现有的 secret（如果有）
    kubectl delete secret dashboard-user-token -n kubernetes-dashboard 2>/dev/null || true
    
    # 创建新的 secret
    kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: dashboard-user-token
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: dashboard-user
type: kubernetes.io/service-account-token
EOF
    
    # 关联 secret 到 service account
    kubectl patch serviceaccount dashboard-user -n kubernetes-dashboard --patch "{\"secrets\": [{\"name\": \"dashboard-user-token\"}]}"
    
    sleep 3
    TOKEN=$(kubectl get secret dashboard-user-token -n kubernetes-dashboard -o jsonpath='{.data.token}' | base64 --decode)
fi

# 4. 获取集群信息
SERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')

# 如果 server 地址是 localhost，需要改为节点 IP
if [[ $SERVER == *"localhost"* ]] || [[ $SERVER == *"127.0.0.1"* ]]; then
    NODE_IP=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}')
    SERVER="https://${NODE_IP}:6443"
fi

# 5. 创建 kubeconfig 文件
cat > dashboard-kubeconfig.yaml <<EOF
apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: ${SERVER}
  name: kubernetes-cluster
contexts:
- context:
    cluster: kubernetes-cluster
    user: dashboard-user
    namespace: kubernetes-dashboard
  name: dashboard-context
current-context: dashboard-context
kind: Config
preferences: {}
users:
- name: dashboard-user
  user:
    token: ${TOKEN}
EOF

# 6. 验证 kubeconfig
echo "🔍 验证 kubeconfig 文件内容..."
echo "=========================================="
cat dashboard-kubeconfig.yaml
echo "=========================================="

# 7. 测试 kubeconfig
echo "🧪 测试 kubeconfig 是否有效..."
if kubectl --kubeconfig=dashboard-kubeconfig.yaml get nodes > /dev/null 2>&1; then
    echo "✅ kubeconfig 测试成功！"
else
    echo "⚠️  kubeconfig 测试失败，尝试另一种格式..."
    
    # 尝试使用证书方式
    cat > dashboard-kubeconfig-alternative.yaml <<EOF
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: $(kubectl get secret $(kubectl get serviceaccount dashboard-user -n kubernetes-dashboard -o jsonpath='{.secrets[0].name}') -n kubernetes-dashboard -o jsonpath='{.data.ca\.crt}')
    server: ${SERVER}
  name: kubernetes-cluster
contexts:
- context:
    cluster: kubernetes-cluster
    user: dashboard-user
  name: dashboard-context
current-context: dashboard-context
kind: Config
users:
- name: dashboard-user
  user:
    token: ${TOKEN}
EOF
    
    echo "🔄 已创建替代格式的 kubeconfig"
    mv dashboard-kubeconfig-alternative.yaml dashboard-kubeconfig.yaml
fi

echo ""
echo "📋 使用说明："
echo "1. 文件已创建: $(pwd)/dashboard-kubeconfig.yaml"
echo "2. 访问 Dashboard: https://192.168.92.96:8443"
echo "3. 选择 'Kubeconfig' 登录方式"
echo "4. 选择刚才创建的文件"
echo ""
echo "🔑 Token 值（备用）:"
echo "${TOKEN:0:50}..."
echo ""
echo "📝 如果仍然失败，请尝试以下步骤："
echo "   a. 检查 token 长度: ${#TOKEN} 字符"
echo "   b. 确保 token 不为空"
echo "   c. 尝试使用 Token 方式直接登录"