Kubernetes 新手我很难登录到 kubernetes 仪表板。
我跟着:https : //github.com/kubernetes/dashboard/wiki/Creating-sample-user
和
kubectl get clusterrolebinding admin-user -n kube-system -o yaml
显示:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"admin-user"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"admin-user","namespace":"kube-system"}]}
creationTimestamp: "2019-01-15T15:48:33Z"
name: admin-user
resourceVersion: "2096"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/admin-user
uid: 0361cb77-18dd-11e9-b02d-bc305b9f3aeb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
现在kubectl -n kube-system get secret | egrep admin没有显示任何内容(与上面页面的声明相矛盾......)我错过了什么?
蒂亚!
小智 8
一条线解决方案:
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode
在官方文档中找到:https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy
小智 5
这是创建管理员用户和获取令牌的完整示例:
创建一个名为的管理员/服务帐户用户 k8sadmin
sudo kubectl create serviceaccount k8sadmin -n kube-system
赋予用户管理员权限
sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin
获取令牌
sudo kubectl -n kube-system describe secret $(sudo kubectl -n kube-system get secret | (grep k8sadmin || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'
| 归档时间: |
|
| 查看次数: |
8875 次 |
| 最近记录: |