内容目录
Token登录方式一:创建账号并配置绑定登录权限
执行命令
kubectl -n kubernetes-dashboard create token kubernetes-dashboard,回车会生成一个token值D:\k8s-for-docker-desktop-1.25.0>kubectl -n kubernetes-dashboard create token kubernetes-dashboard eyJhbGciOiJSUzI1NiIsIm*********查看对应的服务状态
kubectl -n kubernetes-dashboard get serviceaccounts kubernetes-dashboardD:\k8s-for-docker-desktop-1.25.0>kubectl -n kubernetes-dashboard get serviceaccounts kubernetes-dashboard NAME SECRETS AGE kubernetes-dashboard 0 3d3hsecrets=0是因为token创建了但是没有保存到secrets里面
查看集群管理员的权限
kubectl -n kubernetes-dashboard describe clusterrole cluster-adminD:\k8s-for-docker-desktop-1.25.0>kubectl -n kubernetes-dashboard describe clusterrole cluster-admin Name: cluster-admin Labels: kubernetes.io/bootstrapping=rbac-defaults Annotations: rbac.authorization.kubernetes.io/autoupdate: true PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- *.* [] [] [*] [*] [] [*]查看kubernetes-dashboard对应的权限
kubectl -n kubernetes-dashboard describe clusterrole kubernetes-dashboardD:\k8s-for-docker-desktop-1.25.0>kubectl -n kubernetes-dashboard describe clusterrole kubernetes-dashboard Name: kubernetes-dashboard Labels: k8s-app=kubernetes-dashboard Annotations: <none> PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- nodes.metrics.k8s.io [] [] [get list watch] pods.metrics.k8s.io [] [] [get list watch]账号绑定权限
kubectl create clusterrolebinding kubernetes-dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard#集群角色绑定(kubernetes-dashboard-cluster-admin名称任意)D:\k8s-for-docker-desktop-1.25.0>kubectl create clusterrolebinding kubernetes-dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-cluster-admin created查看集群绑定的权限
kubectl get clusterrolebindings -o wideD:\k8s-for-docker-desktop-1.25.0>kubectl get clusterrolebindings -o wide NAME ROLE AGE USERS GROUPS SERVICEACCOUNTS cluster-admin ClusterRole/cluster-admin 3d2h system:masters dashboard-admin-bind-cluster-role ClusterRole/cluster-admin 2d23h kubernetes-dashboard/dashboard-admin dashboard-cluster-admin ClusterRole/cluster-admin 3d kube-system/dashboard-admin kubeadm:get-nodes ClusterRole/kubeadm:get-nodes 3d2h system:bootstrappers:kubeadm:default-node-token kubeadm:kubelet-bootstrap ClusterRole/system:node-bootstrapper 3d2h system:bootstrappers:kubeadm:default-node-token kubeadm:node-autoapprove-bootstrap ClusterRole/system:certificates.k8s.io:certificatesigningrequests:nodeclient 3d2h system:bootstrappers:kubeadm:default-node-token kubeadm:node-autoapprove-certificate-rotation ClusterRole/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient 3d2h system:nodes kubeadm:node-proxier ClusterRole/system:node-proxier 3d2h kube-system/kube-proxy kubernetes-dashboard ClusterRole/kubernetes-dashboard 3d2h kubernetes-dashboard/kubernetes-dashboard kubernetes-dashboard-cluster-admin ClusterRole/cluster-admin 38s kubernetes-dashboard/kubernetes-dashboard lucky2-admin-rolebinding ClusterRole/cluster-admin 8m35s lucky2/lucky2-admin storage-provisioner ClusterRole/storage-provisioner 3d2h kube-system/storage-provisioner system:basic-user ClusterRole/system:basic-user 3d2h system:authenticated system:controller:attachdetach-controller ClusterRole/system:controller:attachdetach-controller 3d2h kube-system/attachdetach-controller system:controller:certificate-controller ClusterRole/system:controller:certificate-controller 3d2h kube-system/certificate-controller system:controller:clusterrole-aggregation-controller ClusterRole/system:controller:clusterrole-aggregation-controller 3d2h kube-system/clusterrole-aggregation-controller system:controller:cronjob-controller ClusterRole/system:controller:cronjob-controller 3d2h kube-system/cronjob-controller system:controller:daemon-set-controller ClusterRole/system:controller:daemon-set-controller 3d2h kube-system/daemon-set-controller system:controller:deployment-controller ClusterRole/system:controller:deployment-controller 3d2h kube-system/deployment-controller system:controller:disruption-controller ClusterRole/system:controller:disruption-controller 3d2h kube-system/disruption-controller system:controller:endpoint-controller ClusterRole/system:controller:endpoint-controller 3d2h kube-system/endpoint-controller system:controller:endpointslice-controller ClusterRole/system:controller:endpointslice-controller 3d2h kube-system/endpointslice-controller system:controller:endpointslicemirroring-controller ClusterRole/system:controller:endpointslicemirroring-controller 3d2h kube-system/endpointslicemirroring-controller system:controller:ephemeral-volume-controller ClusterRole/system:controller:ephemeral-volume-controller 3d2h kube-system/ephemeral-volume-controller system:controller:expand-controller ClusterRole/system:controller:expand-controller 3d2h kube-system/expand-controller system:controller:generic-garbage-collector ClusterRole/system:controller:generic-garbage-collector 3d2h kube-system/generic-garbage-collector system:controller:horizontal-pod-autoscaler ClusterRole/system:controller:horizontal-pod-autoscaler 3d2h kube-system/horizontal-pod-autoscaler system:controller:job-controller ClusterRole/system:controller:job-controller 3d2h kube-system/job-controller system:controller:namespace-controller ClusterRole/system:controller:namespace-controller 3d2h kube-system/namespace-controller system:controller:node-controller ClusterRole/system:controller:node-controller 3d2h kube-system/node-controller system:controller:persistent-volume-binder ClusterRole/system:controller:persistent-volume-binder 3d2h kube-system/persistent-volume-binder system:controller:pod-garbage-collector ClusterRole/system:controller:pod-garbage-collector 3d2h kube-system/pod-garbage-collector system:controller:pv-protection-controller ClusterRole/system:controller:pv-protection-controller 3d2h kube-system/pv-protection-controller system:controller:pvc-protection-controller ClusterRole/system:controller:pvc-protection-controller 3d2h kube-system/pvc-protection-controller system:controller:replicaset-controller ClusterRole/system:controller:replicaset-controller 3d2h kube-system/replicaset-controller system:controller:replication-controller ClusterRole/system:controller:replication-controller 3d2h kube-system/replication-controller system:controller:resourcequota-controller ClusterRole/system:controller:resourcequota-controller 3d2h kube-system/resourcequota-controller system:controller:root-ca-cert-publisher ClusterRole/system:controller:root-ca-cert-publisher 3d2h kube-system/root-ca-cert-publisher system:controller:route-controller ClusterRole/system:controller:route-controller 3d2h kube-system/route-controller system:controller:service-account-controller ClusterRole/system:controller:service-account-controller 3d2h kube-system/service-account-controller system:controller:service-controller ClusterRole/system:controller:service-controller 3d2h kube-system/service-controller system:controller:statefulset-controller ClusterRole/system:controller:statefulset-controller 3d2h kube-system/statefulset-controller system:controller:ttl-after-finished-controller ClusterRole/system:controller:ttl-after-finished-controller 3d2h kube-system/ttl-after-finished-controller system:controller:ttl-controller ClusterRole/system:controller:ttl-controller 3d2h kube-system/ttl-controller system:coredns ClusterRole/system:coredns 3d2h kube-system/coredns system:discovery ClusterRole/system:discovery 3d2h system:authenticated system:kube-controller-manager ClusterRole/system:kube-controller-manager 3d2h system:kube-controller-manager system:kube-dns ClusterRole/system:kube-dns 3d2h kube-system/kube-dns system:kube-scheduler ClusterRole/system:kube-scheduler 3d2h system:kube-scheduler system:monitoring ClusterRole/system:monitoring 3d2h system:monitoring system:node ClusterRole/system:node 3d2h system:node-proxier ClusterRole/system:node-proxier 3d2h system:kube-proxy system:public-info-viewer ClusterRole/system:public-info-viewer 3d2h system:authenticated, system:unauthenticated system:service-account-issuer-discovery ClusterRole/system:service-account-issuer-discovery 3d2h system:serviceaccounts system:volume-scheduler ClusterRole/system:volume-scheduler 3d2h system:kube-scheduler vpnkit-controller ClusterRole/vpnkit-controller 3d2h kube-system/vpnkit-controller然后第一步生成的token复制到登录界面内的token输入框,然后选择【登录】
Token登录方式二:创建普通服务账号
手动创建服务账号
kubectl create serviceaccount jenkins使用 kubectl create serviceaccount <名称> 命令, 此命令会在当前的名字空间中生成一个服务账号
C:\Users\Shinelon>kubectl create serviceaccount jenkins serviceaccount/jenkins created创建相关联的令牌
kubectl create token jenkinsC:\Users\Shinelon>kubectl create token jenkins eyJhbGciOiJSUzI1NiIsImtp...- 去到登录界面选择Token登录,将命令行生成的token复制到token输入框,然后选择【登录】
0 条评论
撰写评论