Skip to content

Instantly share code, notes, and snippets.

@hieunt79

hieunt79/dashboard-k8s.md

Created September 13, 2019 11:48
Show Gist options
  • Save hieunt79/2486ced28b2c99b4596c959b06004bf8 to your computer and use it in GitHub Desktop.
Save hieunt79/2486ced28b2c99b4596c959b06004bf8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dashboard-k8s.md

Access dashboard in Kubernetes

In this guide, we will find out how to create a new user using Service Account mechanism of Kubernetes, grant this user admin permissions and log in to Dashboard using bearer token tied to this user.

Copy provided snippets to some xxx.yaml file and use kubectl apply -f xxx.yaml to create them.

Create admin

Create Service Account with name admin-user in namespace kube-system first.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

Create ClusterRoleBinding

From kubernetes v1.8 and later:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Access to dashboard

Open Dashboard:

$ kubectl cluster-info

Kubernetes master is running at https://192.168.2.71:6443
KubeDNS is running at https://192.168.2.71:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://192.168.2.71:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

we can see dashboard is running at the link above.

when access to this dashboard, we see the login window: login window

we take the token by the following command:

$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Name:         admin-user-token-rwnr5
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=b0079867-b4f1-11e8-a79f-525400eaf486

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1090 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXJ3bnI1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMDA3OTg2Ny1iNGYxLTExZTgtYTc5Zi01MjU0MDBlYWY0ODYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.T0hCh7uQbt9j2xYj427QgMLO8zD_qW-nHVscMCXi8wwMtdsSjdfoh9bGkOa8OPS6rQNz0St5hQJie_Boes8F10FcZif3nWzGLJ7lWI32WHPMNBSF-EVNUecOj5FvVGRiNua_ruXjPgHqsyZDNc-iQySfnqy5ommPKinOTUL8fqItkjsVa8XANJ2tRHP5sSlSpvHG1_Acyf2G-JIwJuNyvhuOlgWl5MAYAhT38yrnkkQrN0zaIl9qd5PuS_43abDVKrOxT6sQIY5GRQvPHkXcgAfrOmOpSbcSQDbDxHaAnLVE2-h-7Vba1UCnpbrr_o-K4YV_jJCqRqe0VKu1ZjlfCw

copy token and paste to enter token. Click sign-in and you are logged in as admin

reference: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment