【转】Creating admin user to access Kubernetes dashboard

原文：https://medium.com/@kanrangsan/creating-admin-user-to-access-kubernetes-dashboard-723d6c9764e4

测试成功

----------------------

Creating admin user to access Kubernetes dashboard

The newly created kubernetes cluster (version 1.13.4) I built cannot use kube admin config to access the dashboard. The error said Not enough data to create auth info structure. This github closed issue explain well enough why it doesn’t work. In this guide, I’ll show how to create simple admin user using Service Account, grant it the admin permission then use the token to access the kubernetes dashboard.

Error when use admin.conf file to log in K8S dashboard

1. Create Admin Service Account

Create below snippet code to dashboard-adminuser.ymland run the kubectl apply command

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

　　

dashboard-adminuser.yml

$ kubectl apply -f dashboard-adminuser.yml
serviceaccount/admin-user created

2. Create ClusterRoleBinding

In most case, the cluster-admin role should be already exist in the cluster. We can use it and create only ClusterRoleBinding. Copy below code to admin-role-binding.ymlfile and run kubectl apply command.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

　　

admin-role-binding.yml

$ kubectl apply -f admin-role-binding.yml
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

3. Get Token

Now we’re ready to get the token from admin-user by following command.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

The result will look like this.

Name:         admin-user-token-bmmrdNamespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: a164478c-4545-11e9-a69b-0800276c3e95
Type:         kubernetes.io/service-account-tokenData
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      <your token will be shown here>

Copy the token value and paste it into form then click sign in. You’ll be able to login with admin permission.

 

Check out more details about Kubernetes authentication and authorization.