您好,登录后才能下订单哦!
密码登录
登录注册
点击 登录注册 即表示同意《亿速云用户服务条款》
如何部署k8s-dashborad-Token登录方式,很多新手对此不是很清楚,为了帮助大家解决这个难题,下面小编将为大家详细讲解,有这方面需求的人可以来学习下,希望你能有所收获。
1 部署 dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
2 修改dashborad以nodeport方式访问
kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system3 创建属于dashboard的 serviceaccount
kubectl create serviceaccount dashboard-admin -n kube-system 查看serviceaccount kubectl get serviceaccount -n kube-system | grep dashboard-admin
4 创建clusterrolebinding
创建clusterrolebinding 绑定clusterrole 使用serviceaccount认证
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin 我们使用clusterrolebinding 绑定了clusterrole基本上拥有了跟个集群资源的所有权限,如果细化授权需要使用rolebinding绑定clusterrole指定命名空间即可
5 查看生成的token
查看生成的token # kubectl get secret -n kube-system | grep dashboard-admin* dashboard-admin-token-97wz7 kubernetes.io/service-account-token 3 19h
6 查看令牌
kubectl describe secret dashboard-admin-token-97wz7 -n kube-system Name: dashboard-admin-token-97wz7 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 7e681606-684b-11e9-b76a-000c29980aee Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9yZC1hZG1pbi10b2tlbi05N3d6NyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkYXNoYm9yZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjdlNjgxNjA2LTY4NGItMTFlOS1iNzZhLTAwMGMyOTk4MGFlZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpkYXNoYm9yZC1hZG1pbiJ9.b67GEYZEK_KZC9decv6KeXGhp9PFCrew9xQTWQ_HkGaerjlEkSX2JE3OVRpPGF84hcbYgfBjvCrAIVNmJmjprMIZCsLeCx3-EXJ93zka4tv1huFaywWDsi4wF3TF9tfYfculHSRuZyAKFenN4UiLPVGK954zUZpM_Rpq3SBpiaw8-HM2CRz0ws8ELpRk5UGRRCAboRB_2hkHbtv36p6qyYbrdSG7gjj-xdw_ncAq6H-Vvdx2j3A6q7cgt9erYvGXwnPdfXePcxPr7BfVwFxm4w2tkb4k-fNxWfQYe6wiJiV907tMpwooX_nx_WQ-dIGtiDEDVJU0sOP85Fy1XI4yxw
6 查看nodeport端口
kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 10d kubernetes-dashboard NodePort 10.98.179.47 <none> 443:31559/TCP 19h
7 使用令牌登录dashboard
https://10.10.25.150:31559
8 如果只给default命名空间的权限呢?
1) 创建一个default的serviceaccount kubectl create serviceaccount default-admin 2)使用rolebinding绑定clusterrole kubectl create rolebinding default-admin --clusterrole=admin --serviceaccount=default:default-admin 3)获取secret kubectl get secret | grep default-admin* NAME TYPE DATA AGE default-admin-token-476jp kubernetes.io/service-account-token 3 3m2s 4)查看token值 kubectl describe secret default-admin-token-476jp Name: default-admin-token-476jp Namespace: default Labels: <none> Annotations: kubernetes.io/service-account.name: default-admin kubernetes.io/service-account.uid: 609fe45a-68da-11e9-b76a-000c29980aee Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 7 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtYWRtaW4tdG9rZW4tNDc2anAiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjYwOWZlNDVhLTY4ZGEtMTFlOS1iNzZhLTAwMGMyOTk4MGFlZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQtYWRtaW4ifQ.D-0fw1cqEsp1xu98hBMv9fNyuF_lu2BGMWEUhvcEiC55po55Kml0p8D92tCe88RMeuh8no_a-WN2hX44DWibMUioxUFIEtiSVztGBlhDMWEQkFjQDkLtRX5_AefYXkVTk6vS-3KyUCieExPtmNKH87oScIOKmVmulK0qT3gZ1mNsuiwPo_w6muZ4n90PUT1oK-QhH7gms1J5kwU5y0TYVzcqTcck9OSVMcD5CQ3QhfrK_gU_vEYk7P1G5oqaYYKMZMlxg3aH-Q15mfMzyvLDTnNepGIJHXlZv7IZDScmAJgfbT3w5var86LimNXQ92cMemBmbRAywSMm8Gimizd6Jg 5)使用token登录即可
看完上述内容是否对您有帮助呢?如果还想对相关知识有进一步的了解或阅读更多相关文章,请关注亿速云行业资讯频道,感谢您对亿速云的支持。
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。