Creating sample user

In this guide, we will find out how to create a new user using Service Account mechanism of Kubernetes, grant this user admin permissions and login to Dashboard using bearer token tied to this user.

IMPORTANT: Make sure that you know what you are doing before proceeding. Granting admin privileges to Dashboard's Service Account might be a security risk.

Copy following snippets for ServiceAccount and ClusterRoleBinding to new manifest file like dashboard-adminuser.yamland use kubectl apply -f dashboard-adminuser.yaml to create them.

Create Service Account

We are creating Service Account with name admin-user in namespace kubernetes-dashboard first.

apiVersion: v1

kind: ServiceAccount

metadata:

  name: admin-user

  namespace: kubernetes-dashboard

Create ClusterRoleBinding

In most cases after provisioning our cluster using kops or kubeadm or any other popular tool, the ClusterRole admin-Role already exists in the cluster. We can use it and create only ClusterRoleBinding for our ServiceAccount.

NOTE: apiVersion of ClusterRoleBinding resource may differ between Kubernetes versions. Prior to Kubernetes v1.8the apiVersion was rbac.authorization.k8s.io/v1beta1.

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

  name: admin-user

roleRef:

  apiGroup: rbac.authorization.k8s.io

  kind: ClusterRole

  name: cluster-admin

subjects:

- kind: ServiceAccount

  name: admin-user

  namespace: kubernetes-dashboard

Bearer Token

Now we need to find token we can use to log in. Execute following command:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

It should print something like:

Name:         admin-user-token-v57nw

Namespace:    kubernetes-dashboard

Labels:       <none>

Annotations:  kubernetes.io/service-account.name: admin-user

              kubernetes.io/service-account.uid: 0303243c-4040-4a58-8a47-849ee9ba79c1

Type:  kubernetes.io/service-account-token

Data

====

ca.crt:     1066 bytes

namespace:  20 bytes

token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ

Now copy the token and paste it into Enter token field on login screen.

Click Sign in button and that's it. You are now logged in as an admin.

In order to find out more about how to grant/deny permissions in Kubernetes read official authentication & authorizationdocumentation.

kubernetes/dashboard Creating sample user的更多相关文章

  1. kubernetes/dashboard Getting Started

    Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to ...

  2. Mac搭建kubernetes dashboard全流程

    1. 下载dashboard文件: curl -o kubernetes-dashboard.yaml https://raw.githubusercontent.com/kubernetes/das ...

  3. Kubernetes Dashboard - 每天5分钟玩转 Docker 容器技术(173)

    前面章节 Kubernetes 所有的操作我们都是通过命令行工具 kubectl 完成的.为了提供更丰富的用户体验,Kubernetes 还开发了一个基于 Web 的 Dashboard,用户可以用 ...

  4. Kubernetes dashboard安装

    1. To download Dashboard plugin deployment YAML file from internet. #cd /home #mkdir k8s #cd k8s # w ...

  5. centos7下kubernetes(5。部署kubernetes dashboard)

    基于WEB的dashboard,用户可以用kubernetes dashboard部署容器话的应用,监控应用的状态,执行故障排查任务以及管理kubernetes各种资源. 在kubernetes da ...

  6. kubernetes学习笔记之十一:kubernetes dashboard认证及分级授权

    第一章.部署dashboard 作为Kubernetes的Web用户界面,用户可以通过Dashboard在Kubernetes集群中部署容器化的应用,对应用进行问题处理和管理,并对集群本身进行管理.通 ...

  7. kubernetes Dashboard 使用RBAC 权限认证控制

    kubernetes RBAC实战 环境准备 先用kubeadm安装好kubernetes集群,[包地址在此](https://market.aliyun.com/products/56014009/ ...

  8. docker for mac 安装 kubernetes、kubernetes dashboard

    安装参考地址(按照此文档,安装成功):https://yq.aliyun.com/articles/508460 官方说明:https://kubernetes.io/docs/tasks/acces ...

  9. Kubernetes学习之路(十九)之Kubernetes dashboard认证访问

    Dashboard:https://github.com/kubernetes/dashboard 一.Dashboard部署 由于需要用到k8s.gcr.io/kubernetes-dashboar ...

随机推荐

  1. Git 命令行解决冲突

    git add filename   将本地工作区文件加入缓存区 git commit filename -m '提交文件注释' git status  查看当前工作区状态 git fetch ori ...

  2. Luogu P4781【模板】拉格朗日插值

    洛谷传送门 板题-注意一下求多个数的乘积的逆元不要一个个快速幂求逆元,那样很慢,时间复杂度就是O(n2log)O(n^2log)O(n2log).直接先乘起来最后求一次逆元就行了.时间复杂度为O(nl ...

  3. 编译参数(-D)

    程序中可以使用#ifdef来控制输出信息 #include<stdio.h> #define DEBUG int main() { ; ; int sum = a + b; #ifdef ...

  4. 泛目录/泛目录程序/泛目录解析/莲花泛目录解析/寄生虫程序/黑帽SEO

    莲花泛目录程序强大之处: 蜘蛛抓取繁殖新页面,对搜索引擎更加友好采用PHP7语言开发,代码执行率高.蜘蛛抓取目录页面触发繁殖新页面,诱导搜索引擎爬虫爬行更多目录页面, 并且在本地生成缓存页面,搜索引擎 ...

  5. [NOIP2018]:旅行(数据加强版)(基环树+搜索+乱搞)

    题目描述 小$Y$是一个爱好旅行的$OIer$.她来到$X$国,打算将各个城市都玩一遍.小$Y$了解到,$X$国的$n$个城市之间有$m$条双向道路.每条双向道路连接两个城市.不存在两条连接同一对城市 ...

  6. in和exists的区别

    表展示 首先,查询中涉及到的两个表,一个user和一个order表,具体表的内容如下: user表: order表: in 确定给定的值是否与子查询或列表中的值相匹配.in在查询的时候,首先查询子查询 ...

  7. java什么时候进行垃圾回收,垃圾回收的执行流程

    java的垃圾回收分为 三个区域新生代 老年代 永久代 一个对象实例化时 先去看伊甸园有没有足够的空间如果有 不进行垃圾回收 ,对象直接在伊甸园存储.如果伊甸园内存已满,会进行一次minor gc然后 ...

  8. 01 关于jupyter的环境安装

      jupyter notebook环境安装 一.什么是Jupyter Notebook? 1. 简介 Jupyter Notebook是基于网页的用于交互计算的应用程序.其可被应用于全过程计算:开发 ...

  9. docker安装redis,并用配置启动

    1.拉取redis镜像 docker pull redis 2.创建redis本地配置文件 ①.去redis官网下载redis,获取redis.conf文件 ②.修改redis.conf文件相关配置, ...

  10. Nginx之配置文件的解析

    1. ngx_command_t 为了统一配置项目的解析,Nginx 定义了如下数据类型对所有的 Nginx 配置项进行了统一的描述. typedef struct ngx_command_s ngx ...