后端技术

登录 Kubernetes 仪表盘

默认情况下Kubernetes仪表盘有两种登录方式,kubeconfig和Token.下面记录一下基于Token的登录方法

按照搜索的结果操作下来登录的账号权限比较低,估计是版本原因吧.secrets的位置发生了改变

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# kubectl -n kubernetes-dashboard get secrets 
NAME                               TYPE                                  DATA   AGE
admin-user-token-vmb25             kubernetes.io/service-account-token   3      59d
....

# kubectl -n kubernetes-dashboard describe secrets admin-user-token-vmb25 
Name:         admin-user-token-vmb25
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 21815f5d-7ac0-4a73-81e3-103e572326e4

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1017 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlB3MTA5eVZqTEJGUDYtcVAzQXpRV2sxWWdVU1JrTHcta2ZOdWsxa3F4MWMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXZtYjI1Iiwia3ViZXJuZXRlcy5pby9....

结果里隐去了部分不必要的信息.指的注意的是命名空间kubernetes-dashboard,如果你用命名空间kube-system,也会查到一些secrets.使用命名空间kube-system下的token登录的话,大概率会发现权限不足,无法查看全部信息