场景
在本地简单安装好k8s(mac环境)后,就打算使用kubernetes dashboard的网页版控制看一看,就遇到登录需要token。
安装启动 dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml
运行dashboard:
kubectl proxy
这里就会遇到登录需要如下token问题:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
创建简单用户
这里需要创建一个简单的管理用户,通过这个用户来获得到token,来访问dashboard页面。
dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
运行如下命令:
kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created
dashboard-cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
运行如下命令:
kubectl apply -f dashboard-cluster-role-binding.yaml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
获得Token
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
这样就可以复制这个token,然后去网页上面去登录了。