作为 Kubernetes 的新手,我很难登录 kubernetes 仪表板。
我跟着: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
和
kubectl get clusterrolebinding admin-user -n kube-system -o yaml
显示:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"admin-user"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"admin-user","namespace":"kube-system"}]}
creationTimestamp: "2019-01-15T15:48:33Z"
name: admin-user
resourceVersion: "2096"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/admin-user
uid: 0361cb77-18dd-11e9-b02d-bc305b9f3aeb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
现在kubectl -n kube-system get secret | egrep admin
没有显示任何东西(与上面页面的陈述相矛盾......)我错过了什么?
短暂性脑缺血!
答案1
以下是创建管理员用户和获取令牌的完整示例:
创建名为的管理员/服务帐户用户k8sadmin
sudo kubectl create serviceaccount k8sadmin -n kube-system
授予用户管理员权限
sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin
获取令牌
sudo kubectl -n kube-system describe secret $(sudo kubectl -n kube-system get secret | (grep k8sadmin || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'
答案2
一行解决方案:
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode
在官方文档中找到:https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy
答案3
有点晚了,
将 Kubernetes CLI(kubectl)更新至 > 1.24(这解决了我的问题。)
安装仪表板并设置集群角色:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
并运行以下命令:
kubectl -n kubernetes-dashboard create token admin-user
答案4
Wiki 现在包含使用 token 描述机密的命令。但如果您只想获取 token,则可以使用类似下面的命令。这将为用户打印 token admin-user
。
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | (grep admin-user || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'
如果无法找到秘密,您将获得:
Error from server (NotFound): secrets "admin-user" not found