kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
启动服务:
```shell
$ kubectl apply -f k8s-admin.yaml
获取管理员角色的 secret 名称:
$ kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}'
dashboard-admin-token-fz4wf
获取token:
$ kubectl describe secret dashboard-admin-token-dknqx -n kube-system
Name: dashboard-admin-token-fz4wf
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: d95abc09-da72-4535-8995-45590973534f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6Ijd5a29rRWpIdFRjQnlJMWFvWjFjcUJCMHdHZ3RmdHIxaXFreERwQ1Z5b28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tZno0d2YiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZDk1YWJjMDktZGE3Mi00NTM1LTg5OTUtNDU1OTA5NzM1MzRmIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.qaAyhD3H9w2Jum73eS04WUGOBRokxeIf_ujIl1cvIvm_hoRLV84W2_aBz5CkpOizwSJPekvVarNQcEe7np_9SxhUTXhPrZpJIbcVXWR8LnqR4HbnKvBTpR5uPPcjRCyHeNbrEF_NT3SjJdeFz1cK9tXIyt5StOc-3soVwcY8upVdLD-nbSV7VephjfnOLypiFO78T8pUc0sw-PlTEgQJa9ysnGaIIwvjEp7q5Ohhi5eBqTz3spLxJgW0S2ygohiKO5VuKsLe44mt7G7AF0U_1G6E0cJsJl5oaYpaZk3Apqqn8typyj29BDZ8jj02mPeFL3hbocghaoKWfSXknEI6Aw
如果已经熟悉了,可以直接通过组合命令直接获取 token 值:
$ kubectl describe secret dashboard-admin-token-dknqx -n kube-system | grep -E '^token' | awk '{print $2}'
登陆 Dashboard
