本文参考 https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
创建 Service Account
创建配置文件 dashboard-service-account.yaml
cat <<EOF > dashboard-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
应用配置文件 dashboard-service-account.yaml
kubectl apply -f dashboard-service-account.yaml
创建 ClusterRoleBinding
In most cases after provisioning our cluster using kops or kubeadm or any other popular tool, the ClusterRole admin-Role already exists in the cluster. We can use it and create only ClusterRoleBinding for our ServiceAccount.
大多数情况下,在使用kops、kubeadm或任何其他流行工具提供集群之后,集群角色admin-Role
已经在集群中存在。我们可以使用它,并仅为ServiceAccount创建ClusterRoleBinding。
创建配置文件 dashboard-cluster-role-binding.yaml
cat <<EOF > dashboard-cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
应用配置文件 dashboard-cluster-role-binding.yaml
kubectl apply -f dashboard-cluster-role-binding.yaml
NOTE: apiVersion of ClusterRoleBinding resource may differ between Kubernetes versions. Prior to Kubernetes v1.8 the apiVersion was rbac.authorization.k8s.io/v1beta1.
获取用户token
kubectl \
-n kube-system \
describe secret \
$(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
网友评论