整体思路

用户访问一个页面,在该页面中设置一个超链接,点击跳转至K8S Dashboard;跳转后,使用剪贴板上已复制的Token粘贴到Dashboard页面中的输入框登录即可。
写个定时任务将Token复制到页面上,过期了重新再登录;
如果要对这个页面做权限控制,可考虑借助nginx。

使用nodejs搭建一个web容器用于展示该跳转页面

参考:https://www.jianshu.com/p/15971d243186

创建server.js,定义一个Web服务

vi server.jsvar url = require("url"),fs = require("fs"),http = require("http"),path = require("path");http.createServer(function (req, res) {var pathname = __dirname + url.parse("/dist"+req.url).pathname;//资源指向dist目录if (path.extname(pathname) == "") {pathname += "/";}if (pathname.charAt(pathname.length - 1) == "/") {pathname += "index.html";}fs.exists(pathname, function (exists) {if (exists) {switch(path.extname(pathname)){case ".html":res.writeHead(200, {"Content-Type": "text/html"});break;default:res.writeHead(200, {"Content-Type": "application/octet-stream"});}fs.readFile(pathname, function (err, data) {res.end(data);});} else {res.writeHead(404, {"Content-Type": "text/html"});res.end("

404 Not Found

");}});}).listen(3003);console.log("监听3003端口");

创建Dockerfile

vi Dockerfile# Pull base imageFROM docker.io/node:latest# Expose ports.EXPOSE 3003# Usage: USER [UID]USER root# Usage: WORKDIR /pathWORKDIR /http-server# addjsADDserver.js /http-server/RUN mkdir dist# modify confENTRYPOINT ["node","/http-server/server.js"]

创建镜像,并推送致仓库

– docker build -t yourharboraddr/lib/dashboard-token:v0.0.1 .
– docker push yourharboraddr/lib/dashboard-token:v0.0.1

定义Deployment和SVC,部署到kubernetes-dashboard空间,避免其它用户骚操作

vi deployment-token.yamlapiVersion: apps/v1kind: Deploymentmetadata:labels:app: dashboard-tokenname: dashboard-token-developernamespace: kubernetes-dashboardspec:replicas: 1selector:matchLabels:app: dashboard-tokentemplate:metadata:labels:app: dashboard-tokenspec:containers:- image: yourharboraddr/lib/dashboard-token:v0.0.1imagePullPolicy: IfNotPresentname: dashboard-token-containersports:- containerPort: 3003protocol: TCP---apiVersion: v1kind: Servicemetadata:labels:app: dashboard-tokenname: dashboard-token-developer-svcnamespace: kubernetes-dashboardspec:ports:- port: 3003protocol: TCPtargetPort: 3003nodePort: 3xxxxselector:app: dashboard-tokentype: NodePort

部署 kubectl apply -f deployment-token.yaml

定义一个用于展示跳转按钮的页面模板

自动复制token后跳转至Dashboard,href直接在URL中选择了develop命名空间,该用户没有授权查看命名空间的权限,只能在界面上选择default命名空间,但可以直接用URL中的命名空间跳转至有权限的命名空间develop

vi index.html.templeteGo to K8S Dashboard! Go to K8S Dashboard!

定义一个Shell脚本,复制一个index.html

– 获取普通用户的token,将token存入index.html
– 再将index.html复制到pod中

vi getToken4developer.sh#! /bin/bashexport POD_NAME=$(kubectl get pods --namespace kubernetes-dashboard -l "app=dashboard-token" -o jsonpath="{.items[0].metadata.name}")export K8S_DEVELOPER_TOKEN=$(kubectl -n develop create token developer)rm -f /root/dashboard/index.htmlcp/root/dashboard/index.html.templete /root/dashboard/index.html#将token添加到index.html中sed -i 's/k8stoken/'"$K8S_DEVELOPER_TOKEN"'/g' /root/dashboard/index.html#复制index.html至podkubectl cp /root/dashboard/index.html $POD_NAME:/http-server/dist/--namespace kubernetes-dashboard

定时任务

– Token不是老过期么,在linux上写个cronjob定时将新的token复制到index.html中
– crontab -e
– 每半个小时或者一个小时什么的更新一下,过期前更新一下就行
– */1 * * * bash /root/dashboard/getToken4developer.sh

测试

– 访问该pod的地址:http://yourk8sIP:3xxxx 自动打开index.html
– 点击Go to K8S Dashboard!按钮,跳转至k8s的dashboard中
– 粘贴Token登录即可