如何从 kubectl 获取管理员用户令牌

tag-icon tag-icon docker kubernetes
如何从 kubectl 获取管理员用户令牌

作为 Kubernetes 的新手,我很难登录 kubernetes 仪表板。

我跟着: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

kubectl get clusterrolebinding admin-user -n kube-system -o yaml 显示:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"admin-user"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"admin-user","namespace":"kube-system"}]}
  creationTimestamp: "2019-01-15T15:48:33Z"
  name: admin-user
  resourceVersion: "2096"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/admin-user
  uid: 0361cb77-18dd-11e9-b02d-bc305b9f3aeb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

现在kubectl -n kube-system get secret | egrep admin没有显示任何东西(与上面页面的陈述相矛盾......)我错过了什么?

短暂性脑缺血!

答案1

以下是创建管理员用户和获取令牌的完整示例:

创建名为的管理员/服务帐户用户k8sadmin

sudo kubectl create serviceaccount k8sadmin -n kube-system

授予用户管理员权限

sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin

获取令牌

sudo kubectl -n kube-system describe secret $(sudo kubectl -n kube-system get secret | (grep k8sadmin || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'

答案2

一行解决方案:

kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode

在官方文档中找到:https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy

答案3

有点晚了,

将 Kubernetes CLI(kubectl)更新至 > 1.24(这解决了我的问题。)

安装仪表板并设置集群角色:

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

并运行以下命令:

kubectl -n kubernetes-dashboard create token admin-user

答案4

Wiki 现在包含使用 token 描述机密的命令。但如果您只想获取 token,则可以使用类似下面的命令。这将为用户打印 token admin-user

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | (grep admin-user || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'

如果无法找到秘密,您将获得:

Error from server (NotFound): secrets "admin-user" not found

相关内容