美文网首页
k8s官方文档实践系列-创建用户并获取token

k8s官方文档实践系列-创建用户并获取token

作者: JerryAi | 来源:发表于2019-08-01 23:29 被阅读0次

本文参考 https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

创建 Service Account

创建配置文件 dashboard-service-account.yaml

cat <<EOF > dashboard-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
EOF

应用配置文件 dashboard-service-account.yaml

kubectl apply -f dashboard-service-account.yaml

创建 ClusterRoleBinding

In most cases after provisioning our cluster using kops or kubeadm or any other popular tool, the ClusterRole admin-Role already exists in the cluster. We can use it and create only ClusterRoleBinding for our ServiceAccount.

大多数情况下,在使用kops、kubeadm或任何其他流行工具提供集群之后,集群角色admin-Role已经在集群中存在。我们可以使用它,并仅为ServiceAccount创建ClusterRoleBinding。

创建配置文件 dashboard-cluster-role-binding.yaml

cat <<EOF > dashboard-cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
EOF

应用配置文件 dashboard-cluster-role-binding.yaml

kubectl apply -f dashboard-cluster-role-binding.yaml

NOTE: apiVersion of ClusterRoleBinding resource may differ between Kubernetes versions. Prior to Kubernetes v1.8 the apiVersion was rbac.authorization.k8s.io/v1beta1.

获取用户token

kubectl \
-n kube-system \
describe secret \
$(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

相关文章

网友评论

      本文标题:k8s官方文档实践系列-创建用户并获取token

      本文链接:https://www.haomeiwen.com/subject/tuihdctx.html