共計 4093 個字符,預計需要花費 11 分鐘才能閱讀完成。
如何部署 k8s-dashborad-Token 登錄方式,很多新手對此不是很清楚,為了幫助大家解決這個難題,下面丸趣 TV 小編將為大家詳細講解,有這方面需求的人可以來學習下,希望你能有所收獲。
1 部署 dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml2 修改 dashborad 以 nodeport 方式訪問
kubectl patch svc kubernetes-dashboard -p {spec :{ type : NodePort}} -n kube-system3 創建屬于 dashboard 的 serviceaccount
kubectl create serviceaccount dashboard-admin -n kube-system
查看 serviceaccount
kubectl get serviceaccount -n kube-system | grep dashboard-admin4 創建 clusterrolebinding
創建 clusterrolebinding 綁定 clusterrole 使用 serviceaccount 認證
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
我們使用 clusterrolebinding 綁定了 clusterrole 基本上擁有了跟個集群資源的所有權限, 如果細化授權需要使用 rolebinding 綁定 clusterrole 指定命名空間即可 5 查看生成的 token
查看生成的 token
# kubectl get secret -n kube-system | grep dashboard-admin*
dashboard-admin-token-97wz7 kubernetes.io/service-account-token 3 19h6 查看令牌
kubectl describe secret dashboard-admin-token-97wz7 -n kube-system
Name: dashboard-admin-token-97wz7
Namespace: kube-system
Labels: none
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 7e681606-684b-11e9-b76a-000c29980aee
Type: kubernetes.io/service-account-token
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9yZC1hZG1pbi10b2tlbi05N3d6NyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkYXNoYm9yZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjdlNjgxNjA2LTY4NGItMTFlOS1iNzZhLTAwMGMyOTk4MGFlZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpkYXNoYm9yZC1hZG1pbiJ9.b67GEYZEK_KZC9decv6KeXGhp9PFCrew9xQTWQ_HkGaerjlEkSX2JE3OVRpPGF84hcbYgfBjvCrAIVNmJmjprMIZCsLeCx3-EXJ93zka4tv1huFaywWDsi4wF3TF9tfYfculHSRuZyAKFenN4UiLPVGK954zUZpM_Rpq3SBpiaw8-HM2CRz0ws8ELpRk5UGRRCAboRB_2hkHbtv36p6qyYbrdSG7gjj-xdw_ncAq6H-Vvdx2j3A6q7cgt9erYvGXwnPdfXePcxPr7BfVwFxm4w2tkb4k-fNxWfQYe6wiJiV907tMpwooX_nx_WQ-dIGtiDEDVJU0sOP85Fy1XI4yxw6 查看 nodeport 端口
kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 none 53/UDP,53/TCP,9153/TCP 10d
kubernetes-dashboard NodePort 10.98.179.47 none 443:31559/TCP 19h7 使用令牌登錄 dashboard
https://10.10.25.150:31559
8 如果只給 default 命名空間的權限呢?
1) 創建一個 default 的 serviceaccount
kubectl create serviceaccount default-admin
2) 使用 rolebinding 綁定 clusterrole
kubectl create rolebinding default-admin --clusterrole=admin --serviceaccount=default:default-admin
3) 獲取 secret
kubectl get secret | grep default-admin*
NAME TYPE DATA AGE
default-admin-token-476jp kubernetes.io/service-account-token 3 3m2s
4) 查看 token 值
kubectl describe secret default-admin-token-476jp
Name: default-admin-token-476jp
Namespace: default
Labels: none
Annotations: kubernetes.io/service-account.name: default-admin
kubernetes.io/service-account.uid: 609fe45a-68da-11e9-b76a-000c29980aee
Type: kubernetes.io/service-account-token
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtYWRtaW4tdG9rZW4tNDc2anAiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjYwOWZlNDVhLTY4ZGEtMTFlOS1iNzZhLTAwMGMyOTk4MGFlZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQtYWRtaW4ifQ.D-0fw1cqEsp1xu98hBMv9fNyuF_lu2BGMWEUhvcEiC55po55Kml0p8D92tCe88RMeuh8no_a-WN2hX44DWibMUioxUFIEtiSVztGBlhDMWEQkFjQDkLtRX5_AefYXkVTk6vS-3KyUCieExPtmNKH87oScIOKmVmulK0qT3gZ1mNsuiwPo_w6muZ4n90PUT1oK-QhH7gms1J5kwU5y0TYVzcqTcck9OSVMcD5CQ3QhfrK_gU_vEYk7P1G5oqaYYKMZMlxg3aH-Q15mfMzyvLDTnNepGIJHXlZv7IZDScmAJgfbT3w5var86LimNXQ92cMemBmbRAywSMm8Gimizd6Jg
5) 使用 token 登錄即可
看完上述內容是否對您有幫助呢?如果還想對相關知識有進一步的了解或閱讀更多相關文章,請關注丸趣 TV 行業資訊頻道,感謝您對丸趣 TV 的支持。
正文完
