kebernetes dashboard使用config和Token

最新推荐文章于 2024-04-27 00:41:45 发布
最新推荐文章于 2024-04-27 00:41:45 发布
阅读量1.7k 收藏
点赞数
分类专栏: Docker 运维 Kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_36171533/article/details/82726464
版权
运维 同时被 3 个专栏收录
74 篇文章 3 订阅
订阅专栏
Docker
30 篇文章 2 订阅
订阅专栏
Kubernetes
19 篇文章 1 订阅
订阅专栏

安装yaml:

kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

删除yaml:

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

kubectl get pods -n kube-system

查看使用已经安装
[root@master ~]# kubectl get pods -n kube-system
NAME                                   READY     STATUS    RESTARTS   AGE
coredns-78fcdf6894-27npt               1/1       Running   1          9d
coredns-78fcdf6894-mbg8n               1/1       Running   1          9d
etcd-master                            1/1       Running   1          9d
kube-apiserver-master                  1/1       Running   1          9d
kube-controller-manager-master         1/1       Running   1          9d
kube-flannel-ds-amd64-qdmsx            1/1       Running   0          9d
kube-flannel-ds-amd64-rhb49            1/1       Running   6          9d
kube-flannel-ds-amd64-sd6mr            1/1       Running   1          9d
kube-proxy-g9n4d                       1/1       Running   1          9d
kube-proxy-wrqt8                       1/1       Running   2          9d
kube-proxy-x7vc2                       1/1       Running   0          9d
kube-scheduler-master                  1/1       Running   1          9d
kubernetes-dashboard-767dc7d4d-k4dbh   1/1       Running   0          2m
安装成功
[root@master ~]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP   9d
kubernetes-dashboard   ClusterIP   10.97.213.220   <none>        443/TCP         1m

使用打补丁的方式,给定一个端口

kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

[root@master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system
service/kubernetes-dashboard patched

然后再次查看:
[root@master ~]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP   9d
kubernetes-dashboard   NodePort    10.97.213.220   <none>        443:31198/TCP   7m

然后可以在节点的任何ip都可以访问web界面
https://192.168.68.10:31198
注意:认证的主用户上有什么权限,这里就有什么权限

[root@master ~]# cd .kube/
[root@master .kube]# ls
cache  config  http-cache
[root@master .kube]# cp config kubernetes-admin.conf
拷贝出来,直接上传,发现无法登录

删除dashboard
kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

[root@master .kube]# kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" deleted
serviceaccount "kubernetes-dashboard" deleted
role.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" deleted
rolebinding.rbac.authorization.k8s.io "kubernetes-dashboard-minimal" deleted
deployment.apps "kubernetes-dashboard" deleted
service "kubernetes-dashboard" deleted

######################################################
我们给dashboard单独创建一个证书

[root@master .kube]# cd /etc/kubernetes/pki/
[root@master pki]# ls
apiserver.crt              apiserver.key                 ca.crt  front-proxy-ca.crt      front-proxy-client.key  jesse.key
apiserver-etcd-client.crt  apiserver-kubelet-client.crt  ca.key  front-proxy-ca.key      jesse.crt               sa.key
apiserver-etcd-client.key  apiserver-kubelet-client.key  etcd    front-proxy-client.crt  jesse.csr               sa.pub

生成证书:

[root@master pki]# (umask 077; openssl genrsa -out dashboard.key 2048)
Generating RSA private key, 2048 bit long modulus
.................................................................................+++
..............+++
e is 65537 (0x10001)


建立证书签署请求:
openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=jesse/CN=dashboard"
dashboard如果有域名的话,一定写域名

利用ca.crt和ca.key给刚刚创建的签证
openssl x509 -req -in dashboard.csr -CA ca.crt  -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365

[root@master pki]# openssl x509 -req -in dashboard.csr -CA ca.crt  -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
Signature ok
subject=/O=jesse/CN=dashboard
Getting CA Private Key
签署完成


我们现在将刚刚创建的私钥和证书创建一个secret
kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key

[root@master pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt=./dashboard.crt --from-file=dashboard.key=./dashboard.key
secret/dashboard-cert created

查看是否在系统中添加:
kubectl get secret -n kube-system

[root@master pki]# kubectl get secret -n kube-system
NAME                                             TYPE                                  DATA      AGE
attachdetach-controller-token-9dtnk              kubernetes.io/service-account-token   3         9d
bootstrap-signer-token-rcd26                     kubernetes.io/service-account-token   3         9d
certificate-controller-token-6kxxj               kubernetes.io/service-account-token   3         9d
clusterrole-aggregation-controller-token-6czpt   kubernetes.io/service-account-token   3         9d
coredns-token-shzjx                              kubernetes.io/service-account-token   3         9d
cronjob-controller-token-d6rv2                   kubernetes.io/service-account-token   3         9d
daemon-set-controller-token-vm2zh                kubernetes.io/service-account-token   3         9d
dashboard-cert                                   Opaque                                2         1m  #已经生效
default-token-svvdz                              kubernetes.io/service-account-token   3         9d
deployment-controller-token-tjkk6                kubernetes.io/service-account-token   3         9d
disruption-controller-token-k95r5                kubernetes.io/service-account-token   3         9d
endpoint-controller-token-t92ng                  kubernetes.io/service-account-token   3         9d
expand-controller-token-zhv94                    kubernetes.io/service-account-token   3         9d
flannel-token-4m6lp                              kubernetes.io/service-account-token   3         9d
generic-garbage-collector-token-q44gt            kubernetes.io/service-account-token   3         9d
horizontal-pod-autoscaler-token-7lr9r            kubernetes.io/service-account-token   3         9d
job-controller-token-m2wtt                       kubernetes.io/service-account-token   3         9d
kube-proxy-token-t57kk                           kubernetes.io/service-account-token   3         9d
kubernetes-dashboard-key-holder                  Opaque                                2         38m
namespace-controller-token-q52hc                 kubernetes.io/service-account-token   3         9d
node-controller-token-t4rhn                      kubernetes.io/service-account-token   3         9d
persistent-volume-binder-token-4wjnc             kubernetes.io/service-account-token   3         9d
pod-garbage-collector-token-p9csq                kubernetes.io/service-account-token   3         9d
pv-protection-controller-token-9xz9s             kubernetes.io/service-account-token   3         9d
pvc-protection-controller-token-ptq5x            kubernetes.io/service-account-token   3         9d
replicaset-controller-token-k9bnc                kubernetes.io/service-account-token   3         9d
replication-controller-token-4v225               kubernetes.io/service-account-token   3         9d
resourcequota-controller-token-g4k4r             kubernetes.io/service-account-token   3         9d
service-account-controller-token-s99cb           kubernetes.io/service-account-token   3         9d
service-controller-token-ljtdf                   kubernetes.io/service-account-token   3         9d
statefulset-controller-token-zb4rp               kubernetes.io/service-account-token   3         9d
token-cleaner-token-x8vd6                        kubernetes.io/service-account-token   3         9d
ttl-controller-token-tvdfx                       kubernetes.io/service-account-token   3         9d

继续创建:
[root@master pki]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
使用Token认证的方式
[root@master pki]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@master pki]# kubectl get sa -n kube-system
NAME                                 SECRETS   AGE
attachdetach-controller              1         9d
bootstrap-signer                     1         9d
certificate-controller               1         9d
clusterrole-aggregation-controller   1         9d
coredns                              1         9d
cronjob-controller                   1         9d
daemon-set-controller                1         9d
dashboard-admin                      1         49s  #成功
default                              1         9d
deployment-controller                1         9d
disruption-controller                1         9d
endpoint-controller                  1         9d
expand-controller                    1         9d
flannel                              1         9d
generic-garbage-collector            1         9d
horizontal-pod-autoscaler            1         9d
job-controller                       1         9d
kube-proxy                           1         9d
kubernetes-dashboard                 1         16m
namespace-controller                 1         9d
node-controller                      1         9d
persistent-volume-binder             1         9d
pod-garbage-collector                1         9d
pv-protection-controller             1         9d
pvc-protection-controller            1         9d
replicaset-controller                1         9d
replication-controller               1         9d
resourcequota-controller             1         9d
service-account-controller           1         9d
service-controller                   1         9d
statefulset-controller               1         9d
token-cleaner                        1         9d
ttl-controller                       1         9d


kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

[root@master pki]# kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created


[root@master pki]# kubectl get secret -n kube-system
NAME                                             TYPE                                  DATA      AGE
attachdetach-controller-token-9dtnk              kubernetes.io/service-account-token   3         10d
bootstrap-signer-token-rcd26                     kubernetes.io/service-account-token   3         10d
certificate-controller-token-6kxxj               kubernetes.io/service-account-token   3         10d
clusterrole-aggregation-controller-token-6czpt   kubernetes.io/service-account-token   3         10d
coredns-token-shzjx                              kubernetes.io/service-account-token   3         10d
cronjob-controller-token-d6rv2                   kubernetes.io/service-account-token   3         10d
daemon-set-controller-token-vm2zh                kubernetes.io/service-account-token   3         10d
dashboard-admin-token-8bnk8                      kubernetes.io/service-account-token   3         8m   #创建成功
dashboard-cert                                   Opaque                                2         30m
default-token-svvdz                              kubernetes.io/service-account-token   3         10d
deployment-controller-token-tjkk6                kubernetes.io/service-account-token   3         10d
disruption-controller-token-k95r5                kubernetes.io/service-account-token   3         10d
endpoint-controller-token-t92ng                  kubernetes.io/service-account-token   3         10d
expand-controller-token-zhv94                    kubernetes.io/service-account-token   3         10d
flannel-token-4m6lp                              kubernetes.io/service-account-token   3         9d
generic-garbage-collector-token-q44gt            kubernetes.io/service-account-token   3         10d
horizontal-pod-autoscaler-token-7lr9r            kubernetes.io/service-account-token   3         10d
job-controller-token-m2wtt                       kubernetes.io/service-account-token   3         10d
kube-proxy-token-t57kk                           kubernetes.io/service-account-token   3         10d
kubernetes-dashboard-certs                       Opaque                                0         24m
kubernetes-dashboard-key-holder                  Opaque                                2         1h
kubernetes-dashboard-token-qf87c                 kubernetes.io/service-account-token   3         24m
namespace-controller-token-q52hc                 kubernetes.io/service-account-token   3         10d
node-controller-token-t4rhn                      kubernetes.io/service-account-token   3         10d
persistent-volume-binder-token-4wjnc             kubernetes.io/service-account-token   3         10d
pod-garbage-collector-token-p9csq                kubernetes.io/service-account-token   3         10d
pv-protection-controller-token-9xz9s             kubernetes.io/service-account-token   3         10d
pvc-protection-controller-token-ptq5x            kubernetes.io/service-account-token   3         10d
replicaset-controller-token-k9bnc                kubernetes.io/service-account-token   3         10d
replication-controller-token-4v225               kubernetes.io/service-account-token   3         10d
resourcequota-controller-token-g4k4r             kubernetes.io/service-account-token   3         10d
service-account-controller-token-s99cb           kubernetes.io/service-account-token   3         10d
service-controller-token-ljtdf                   kubernetes.io/service-account-token   3         10d
statefulset-controller-token-zb4rp               kubernetes.io/service-account-token   3         10d
token-cleaner-token-x8vd6                        kubernetes.io/service-account-token   3         10d
ttl-controller-token-tvdfx                       kubernetes.io/service-account-token   3         10d

查看一下Token信息:

kubectl describe secret dashboard-admin-token-8bnk8 -n kube-system

[root@master pki]# kubectl describe secret dashboard-admin-token-8bnk8 -n kube-system
Name:         dashboard-admin-token-8bnk8
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=dashboard-admin
              kubernetes.io/service-account.uid=1fe0b1f6-b830-11e8-9195-000c29f33006

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tOGJuazgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMWZlMGIxZjYtYjgzMC0xMWU4LTkxOTUtMDAwYzI5ZjMzMDA2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.eqXuTpMrkGj88HoxH4P5Ou0sponWDIE6Sw3c_zpJpcpCji54Vo3YHSQaspX2GoYX9t-WIMtGMXdqX4KE7AjKHqTwf3SDBvt9PZUOpH98QMnmg9q_9Bnd9sPpq5OOWAEXZpwWJYi_hK6gd61H1r2T5uau_TyDelsmZ0WP0AjSGVR39xuIcMzUIj4BONgyVBcU2cI0tR4svTJoICPWTO7pxGblZgON0iDISiXRua2kOeVymuOM7e5HpUutltn704AELjBLJck-zFjSGwz4WcnGBAa8H2-akNkjzl-vjog7mLef1He7AOCzUR49tUwPBYV5eeuCTAk3vSH-W7CCDORNoA
ca.crt:     1025 bytes
namespace:  11 bytes


[root@master pki]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP   10d
kubernetes-dashboard   ClusterIP   10.108.38.237   <none>        443/TCP         28m


重新生成端口:
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

[root@master pki]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kube-dns               ClusterIP   10.96.0.10      <none>        53/UDP,53/TCP   10d
kubernetes-dashboard   NodePort    10.108.38.237   <none>        443:31619/TCP   30m


kubeconfig登录

创建证书流程:
设置个权限小一些的,只能对名称空间有管理权限
在def-ns-admin中创建
kubectl create serviceaccount def-ns-admin -n default

[root@master pki]# kubectl create serviceaccount def-ns-admin -n default
serviceaccount/def-ns-admin created

kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin

[root@master pki]# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin
rolebinding.rbac.authorization.k8s.io/def-ns-admin created

获取secret:
[root@master pki]# kubectl get secret
NAME                       TYPE                                  DATA      AGE
def-ns-admin-token-87t8n   kubernetes.io/service-account-token   3         4m
default-token-2xnhm        kubernetes.io/service-account-token   3         7d


[root@master pki]# kubectl describe secret def-ns-admin-token-87t8n
Name:         def-ns-admin-token-87t8n
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=def-ns-admin
              kubernetes.io/service-account.uid=6445ddc0-b837-11e8-bcca-000c291251da

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA

使用上面的Token登录的话只能管理namespace命名空间
可以使用上面token 令牌登录,但是权限不多。

##############################

##############################
使用配置文件登录
cd /etc/kubernetes/pki
kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.146.10:6443" --embed-certs=true --kubeconfig=/root/def-ns-admin.conf

创建一个集群:
[root@master pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://192.168.146.10:6443" --embed-certs=true --kubeconfig=/root/def-ns-admin.conf
Cluster "kubernetes" set.


查看:
[root@master pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://192.168.146.10:6443
  name: kubernetes
contexts: []
current-context: ""
kind: Config
preferences: {}
users: []


设置用户账户:
kubectl get secret

[root@master pki]# kubectl get secret
NAME                       TYPE                                  DATA      AGE
def-ns-admin-token-87t8n   kubernetes.io/service-account-token   3         36m
default-token-2xnhm        kubernetes.io/service-account-token   3         7d
[root@master pki]# kubectl describe secret def-ns-admin-token-87t8n
Name:         def-ns-admin-token-87t8n
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=def-ns-admin
              kubernetes.io/service-account.uid=6445ddc0-b837-11e8-bcca-000c291251da

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA


DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-87t8n -o jsonpath={.data.token} | base64 -d)

[root@master pki]# DEF_NS_ADMIN_TOKEN=$(kubectl get secret def-ns-admin-token-87t8n -o jsonpath={.data.token} | base64 -d)
[root@master pki]# 


[root@master pki]# echo $DEF_NS_ADMIN_TOKEN
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi04N3Q4biIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NDQ1ZGRjMC1iODM3LTExZTgtYmNjYS0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.ab1Vi0RK304mWbHNUwUIK9K0vbWYcq8TTbwAp29wCqkPv5qf54A-ghJvG0VO3ezbDPAMoLE48HQ2ExyUHT0G3j8G7gd5854u4Wq0ceJEUuPaJGo1e3OikcMxAfigSfDeEYOPHyUY7my3Yqwg1gC90kiMIIvUA1jN51lbpWkRiiQ3lnYBLE_QfR36SettzKuljtveBLBpJz6eZJG1S4Pgqn_xaOny9UVButgjIivXB2Eh2g0bQQU2uuoZn_YzKQ-7Zjo4tazDxv0d1uiYtkttArJyHkXQ5_ODUXAtKEcEVfSo1XSw8eNHQe5V0WLBisMmenSRLz_Aoe1ZaYO0Y6BbAA



kubectl config set-credentials def-ns-admin --token=$DEF_NS_ADMIN_TOKEN  --kubeconfig=/root/def-ns-admin.conf

[root@master pki]# kubectl config set-credentials def-ns-admin --token=$DES_NS_ADMIN_TOKEN  --kubeconfig=/root/def-ns-admin.conf
User "def-ns-admin" set.


kubectl config view --kubeconfig=/root/def-ns-admin.conf 


kubectl config set-context def-ns-admin@kubernetes --cluster=kubernets --user=def-ns-admin --kubeconfig=/root/def-ns-admin.conf

[root@master pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://192.168.146.10:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernets
    user: def-ns-admin
  name: def-ns-admin@kubernetes
current-context: ""
kind: Config
preferences: {}
users:
- name: def-ns-admin
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi13c2NmNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZjBiOWRlYS1iMjNjLTExZTgtODI1Ny0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.sBkl_kKX_ILqVco_bRf5ceDDF-bxklnqDyVMj8gjXxD5LouEk2SjtP4IIKcRV7_c-smDH9Nc0OpZcQYtMR29fS3n1j2_UHTFMLc-uO8aSHKfI6EiM8wyaQQlz-5S5r2QLLSapMmlAE5ZIRpgPz1OAO59Cx15PeJOwckCSFQ3erEkDYUluXNv6KYpZfLsaOStxbxXOHG1oRdV1P1wcX0R0BxMqE658K7cbxv4x3LfOr2OH4kblfntugdw0z7Nkh9ClXmXbaKmOKSorat1mtnniW-Bb0w5HOPJbsKAhDXDlkMPIbwtE9XhNEd5Vl-omEKkQQtR--DJoblVvs34yA8XVA


[root@master pki]# kubectl config set-context def-ns-admin@kubernetes --cluster=kubernets --user=def-ns-admin --kubeconfig=/root/def-ns-admin.conf
Context "def-ns-admin@kubernetes" created.


切换用户:
kubectl config use-context def-ns-admin@kubernetes --kubeconfig=/root/def-ns-admin.conf

[root@master pki]# kubectl config use-context def-ns-admin@kubernetes --kubeconfig=/root/def-ns-admin.conf
Switched to context "def-ns-admin@kubernetes".

查看是否生效:
[root@master pki]# kubectl config view --kubeconfig=/root/def-ns-admin.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: REDACTED
    server: https://192.168.146.10:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernets
    user: def-ns-admin
  name: def-ns-admin@kubernetes
current-context: def-ns-admin@kubernetes
kind: Config
preferences: {}
users:
- name: def-ns-admin
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi13c2NmNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZjBiOWRlYS1iMjNjLTExZTgtODI1Ny0wMDBjMjkxMjUxZGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.sBkl_kKX_ILqVco_bRf5ceDDF-bxklnqDyVMj8gjXxD5LouEk2SjtP4IIKcRV7_c-smDH9Nc0OpZcQYtMR29fS3n1j2_UHTFMLc-uO8aSHKfI6EiM8wyaQQlz-5S5r2QLLSapMmlAE5ZIRpgPz1OAO59Cx15PeJOwckCSFQ3erEkDYUluXNv6KYpZfLsaOStxbxXOHG1oRdV1P1wcX0R0BxMqE658K7cbxv4x3LfOr2OH4kblfntugdw0z7Nkh9ClXmXbaKmOKSorat1mtnniW-Bb0w5HOPJbsKAhDXDlkMPIbwtE9XhNEd5Vl-omEKkQQtR--DJoblVvs34yA8XVA
已经生效

将上面的信息保存成.conf的文件或者将/root/def-ns-admin.conf 文件拷贝出来就可以直接使用配置文件登录

 

JESSE_JAVA
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
使用ApacheSpark构建实时分析Dashboard
02-25
本篇文章中我们将学习如何使用ApacheSparkstreaming,Kafka,Node.js,Socket.IO和Highcharts构建实时分析Dashboard。电子商务门户希望构建一个实时分析仪表盘,对每分钟发货的订单数量做到可视化,从而优化物流的...
Kubernetes详解(五十七)——Dashboard令牌访问控制
永远是少年
05-11 2755
今天继续给大家介绍Linux运维相关知识,本文主要内容是Dashboard令牌访问控制。 一、Dashboard访问控制 二、生成访问证书 三、ServiceAccount创建 四、token访问
K8S的dashboard使用token登录
IT利刃出鞘的博客
12-28 2591
本文介绍K8S的dashboard如何使用token登录。
【Kubernetes】k8s的安全管理详细说明【k8s框架说明、token验证和kubeconfig验证详细说明】
最新发布
2301_82056337的博客
04-27 953
–server=https://192.168.59.142:6443——masterIP替换。
k8s--基础--23.5--认证-授权-准入控制--通过token令牌登陆dashboard界面
zhou920786312的博客
08-15 1865
以下步骤在k8s的master节点操作。
cookie 中没有csfrtoken的解决办法
weixin_30657541的博客
11-21 429
https://www.jianshu.com/p/9346bbc3a8f1 http://www.mamicode.com/info-detail-2062660.html 一般我们认为cookie里的csrftoken是由csrftoken middleware所设置的,事实确实如此,但也不完全是。贴一段CsrfViewMiddleware的代码: def process_res...
K8S-Dashbord部署、Token、Kubeconfig认证登录
weixin_45295678的博客
01-11 3051
K8S-Dashbord部署、Token、Kubeconfig认证登录 一、部署Dashbord 1.1、下载yaml文件 $wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml 1.2、修改端口资源类型 默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部30001端口 打开yaml文件找到这一段 kind: Service ap
dashboard v2.2.0镜像包和安装文件
03-07
使用Dashboard v2.2.0时,建议阅读官方文档,了解新特性、升级指南和最佳实践,以充分利用这个版本的功能,并确保系统的安全和高效运行。同时,保持对Kubernetes Dashboard更新的关注,以便及时获取安全补丁和新...
dashboard v2.5.0镜像包和安装文件
03-07
dashboard v2.5.0镜像包和安装文件
部署和操作使用kubernetes可视化插件dashboard操作手册.pdf
10-21
部署和操作使用kubernetes可视化插件dashboard操作手册,亲自操作整理,无坑。
k8s1.24.0 dashboard登录token的生成
code_feien的博客
03-07 1738
dashboard
kubernetes dashboard令牌登入获取token
weixin_44946147的博客
11-23 3989
kubernetes dashboard令牌登入获取token kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token
docker笔记
Arrogant_1的博客
06-17 357
docker安装msyql容器和mongodb容器,k8s初始化
kubernetes-dashboard 实现 http 访问以及免 token 登录
以梦为马|越骑越傻
02-01 2434
kubernetes-dashboard 实现 http 访问以及免 token 登录
Kubernetes Dashboard获取token的命令
weixin_47641681的博客
05-04 1325
kubectl create token dashboard-admin -n kubernetes-dashboard
K8S Dashboard登录Token过期问题处理
crabdave的博客
01-03 1107
K8S Dashboard登录Token过期问题处理
Kubernetes Dashboard token失效时间设置
linus.lin的博客
09-27 1951
参数名 默认值 说明 token-ttl 15 minutes Expiration time (in seconds) of JWE tokens generated by dashboard. Default: 15 min. 0 - never expires.首先我们查询资料得知默认的Token失效时间是900秒,也就是15分钟,这意味着你每隔15分钟就要认证一次。方式1、修改创建Dashboard的yaml文件,并重新创建即可。,显然我们可以设置更长的时间来满足需求。
Kubernetes Dashboard 生成token
12-24 7709
Kubernetes Dashboard Token
dashboard token
12-10
Dashboard Token是一种用于访问Kubernetes Dashboard的身份验证方式。您可以通过以下步骤获取Dashboard Token: 1. 创建一个ServiceAccount,用于访问Dashboard: ``` kubectl create serviceaccount dashboard-...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值