k3d 通过kubectl 配置dashboard 并自定义用户获取token 保姆教程

已于 2025-05-30 22:37:02 修改
阅读量222 收藏 4
点赞数 5
分类专栏: docker 文章标签: docker elasticsearch 运维
于 2025-05-30 19:02:40 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/csdn_tom_168/article/details/148342078
版权

1. 获取 dashboard 的recommended.yaml

#获取recommended.yaml
curl  https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml -o recommended.yaml
#改名 recommended.yaml
mv recommended.yaml k3d-dashboard-recommended.yaml

2. 创建dashboard的namespace

kubectl create namespace kubernetes-dashboard

3. 实施dashboard

kubectl apply -f k3d-dashboard-recommended.yaml

4. 端口映射

nohup  kubectl port-forward svc/kubernetes-dashboard 8443:443 -n kubernetes-dashboard >/dev/null &

5. 页面访问
https://localhost:8443/#/login在这里插入图片描述
6. 查看默认用户 角色 绑定情况

#查看用户
kubectl get serviceAccounts -n kubernetes-dashboard
NAME                   SECRETS   AGE
default                0         97m
kubernetes-dashboard   0         97m

#查看Role
kubectl get ClusterRole
NAME                                                                   CREATED AT
admin                                                                  2025-05-30T07:49:51Z
cluster-admin                                                          2025-05-30T07:49:51Z
clustercidrs-node                                                      2025-05-30T07:49:56Z
edit                                                                   2025-05-30T07:49:51Z
k3s-cloud-controller-manager                                           2025-05-30T07:49:55Z
kubernetes-dashboard                                                   2025-05-30T08:20:04Z
local-path-provisioner-role                                            2025-05-30T07:49:55Z
system:aggregate-to-admin                                              2025-05-30T07:49:51Z
system:aggregate-to-edit                                               2025-05-30T07:49:51Z
system:aggregate-to-view                                               2025-05-30T07:49:51Z
system:aggregated-metrics-reader                                       2025-05-30T07:49:55Z
system:auth-delegator                                                  2025-05-30T07:49:51Z
system:basic-user                                                      2025-05-30T07:49:51Z
system:certificates.k8s.io:certificatesigningrequests:nodeclient       2025-05-30T07:49:51Z
system:certificates.k8s.io:certificatesigningrequests:selfnodeclient   2025-05-30T07:49:51Z
system:certificates.k8s.io:kube-apiserver-client-approver              2025-05-30T07:49:51Z
system:certificates.k8s.io:kube-apiserver-client-kubelet-approver      2025-05-30T07:49:52Z
system:certificates.k8s.io:kubelet-serving-approver                    2025-05-30T07:49:51Z
system:certificates.k8s.io:legacy-unknown-approver                     2025-05-30T07:49:51Z
system:controller:attachdetach-controller                              2025-05-30T07:49:52Z
system:controller:certificate-controller                               2025-05-30T07:49:52Z
system:controller:clusterrole-aggregation-controller                   2025-05-30T07:49:52Z
system:controller:cronjob-controller                                   2025-05-30T07:49:52Z
system:controller:daemon-set-controller                                2025-05-30T07:49:52Z
system:controller:deployment-controller                                2025-05-30T07:49:52Z
system:controller:disruption-controller                                2025-05-30T07:49:52Z
system:controller:endpoint-controller                                  2025-05-30T07:49:52Z
system:controller:endpointslice-controller                             2025-05-30T07:49:52Z
system:controller:endpointslicemirroring-controller                    2025-05-30T07:49:52Z
system:controller:ephemeral-volume-controller                          2025-05-30T07:49:52Z
system:controller:expand-controller                                    2025-05-30T07:49:52Z
system:controller:generic-garbage-collector                            2025-05-30T07:49:52Z
system:controller:horizontal-pod-autoscaler                            2025-05-30T07:49:52Z
system:controller:job-controller                                       2025-05-30T07:49:52Z
system:controller:legacy-service-account-token-cleaner                 2025-05-30T07:49:52Z
system:controller:namespace-controller                                 2025-05-30T07:49:52Z
system:controller:node-controller                                      2025-05-30T07:49:52Z
system:controller:persistent-volume-binder                             2025-05-30T07:49:52Z
system:controller:pod-garbage-collector                                2025-05-30T07:49:52Z
system:controller:pv-protection-controller                             2025-05-30T07:49:52Z
system:controller:pvc-protection-controller                            2025-05-30T07:49:52Z
system:controller:replicaset-controller                                2025-05-30T07:49:52Z
system:controller:replication-controller                               2025-05-30T07:49:52Z
system:controller:resourcequota-controller                             2025-05-30T07:49:52Z
system:controller:root-ca-cert-publisher                               2025-05-30T07:49:52Z
system:controller:route-controller                                     2025-05-30T07:49:52Z
system:controller:service-account-controller                           2025-05-30T07:49:52Z
system:controller:service-controller                                   2025-05-30T07:49:52Z
system:controller:statefulset-controller                               2025-05-30T07:49:52Z
system:controller:ttl-after-finished-controller                        2025-05-30T07:49:52Z
system:controller:ttl-controller                                       2025-05-30T07:49:52Z
system:controller:validatingadmissionpolicy-status-controller          2025-05-30T07:49:52Z
system:coredns                                                         2025-05-30T07:49:55Z
system:discovery                                                       2025-05-30T07:49:51Z
system:heapster                                                        2025-05-30T07:49:51Z
system:k3s-controller                                                  2025-05-30T07:49:56Z
system:kube-aggregator                                                 2025-05-30T07:49:51Z
system:kube-controller-manager                                         2025-05-30T07:49:51Z
system:kube-dns                                                        2025-05-30T07:49:51Z
system:kube-scheduler                                                  2025-05-30T07:49:52Z
system:kubelet-api-admin                                               2025-05-30T07:49:51Z
system:metrics-server                                                  2025-05-30T07:49:56Z
system:monitoring                                                      2025-05-30T07:49:51Z
system:node                                                            2025-05-30T07:49:51Z
system:node-bootstrapper                                               2025-05-30T07:49:51Z
system:node-problem-detector                                           2025-05-30T07:49:51Z
system:node-proxier                                                    2025-05-30T07:49:52Z
system:persistent-volume-provisioner                                   2025-05-30T07:49:51Z
system:public-info-viewer                                              2025-05-30T07:49:51Z
system:service-account-issuer-discovery                                2025-05-30T07:49:52Z
system:volume-scheduler                                                2025-05-30T07:49:51Z
traefik-kube-system                                                    2025-05-30T07:51:58Z
view                                                                   2025-05-30T07:49:51Z

#查看用户角色绑定

kubectl get ClusterRoleBinding
NAME                                                            ROLE                                                                        AGE
cluster-admin                                                   ClusterRole/cluster-admin                                                   73m
clustercidrs-node                                               ClusterRole/clustercidrs-node                                               73m
helm-kube-system-traefik                                        ClusterRole/cluster-admin                                                   73m
helm-kube-system-traefik-crd                                    ClusterRole/cluster-admin                                                   73m
k3s-cloud-controller-manager                                    ClusterRole/k3s-cloud-controller-manager                                    73m
k3s-cloud-controller-manager-auth-delegator                     ClusterRole/system:auth-delegator                                           73m
kube-apiserver-kubelet-admin                                    ClusterRole/system:kubelet-api-admin                                        73m
kubernetes-dashboard                                            ClusterRole/kubernetes-dashboard                                            43m
local-path-provisioner-bind                                     ClusterRole/local-path-provisioner-role                                     73m
metrics-server:system:auth-delegator                            ClusterRole/system:auth-delegator                                           73m
system:basic-user                                               ClusterRole/system:basic-user                                               73m
system:controller:attachdetach-controller                       ClusterRole/system:controller:attachdetach-controller                       73m
system:controller:certificate-controller                        ClusterRole/system:controller:certificate-controller                        73m
system:controller:clusterrole-aggregation-controller            ClusterRole/system:controller:clusterrole-aggregation-controller            73m
system:controller:cronjob-controller                            ClusterRole/system:controller:cronjob-controller                            73m
system:controller:daemon-set-controller                         ClusterRole/system:controller:daemon-set-controller                         73m
system:controller:deployment-controller                         ClusterRole/system:controller:deployment-controller                         73m
system:controller:disruption-controller                         ClusterRole/system:controller:disruption-controller                         73m
system:controller:endpoint-controller                           ClusterRole/system:controller:endpoint-controller                           73m
system:controller:endpointslice-controller                      ClusterRole/system:controller:endpointslice-controller                      73m
system:controller:endpointslicemirroring-controller             ClusterRole/system:controller:endpointslicemirroring-controller             73m
system:controller:ephemeral-volume-controller                   ClusterRole/system:controller:ephemeral-volume-controller                   73m
system:controller:expand-controller                             ClusterRole/system:controller:expand-controller                             73m
system:controller:generic-garbage-collector                     ClusterRole/system:controller:generic-garbage-collector                     73m
system:controller:horizontal-pod-autoscaler                     ClusterRole/system:controller:horizontal-pod-autoscaler                     73m
system:controller:job-controller                                ClusterRole/system:controller:job-controller                                73m
system:controller:legacy-service-account-token-cleaner          ClusterRole/system:controller:legacy-service-account-token-cleaner          73m
system:controller:namespace-controller                          ClusterRole/system:controller:namespace-controller                          73m
system:controller:node-controller                               ClusterRole/system:controller:node-controller                               73m
system:controller:persistent-volume-binder                      ClusterRole/system:controller:persistent-volume-binder                      73m
system:controller:pod-garbage-collector                         ClusterRole/system:controller:pod-garbage-collector                         73m
system:controller:pv-protection-controller                      ClusterRole/system:controller:pv-protection-controller                      73m
system:controller:pvc-protection-controller                     ClusterRole/system:controller:pvc-protection-controller                     73m
system:controller:replicaset-controller                         ClusterRole/system:controller:replicaset-controller                         73m
system:controller:replication-controller                        ClusterRole/system:controller:replication-controller                        73m
system:controller:resourcequota-controller                      ClusterRole/system:controller:resourcequota-controller                      73m
system:controller:root-ca-cert-publisher                        ClusterRole/system:controller:root-ca-cert-publisher                        73m
system:controller:route-controller                              ClusterRole/system:controller:route-controller                              73m
system:controller:service-account-controller                    ClusterRole/system:controller:service-account-controller                    73m
system:controller:service-controller                            ClusterRole/system:controller:service-controller                            73m
system:controller:statefulset-controller                        ClusterRole/system:controller:statefulset-controller                        73m
system:controller:ttl-after-finished-controller                 ClusterRole/system:controller:ttl-after-finished-controller                 73m
system:controller:ttl-controller                                ClusterRole/system:controller:ttl-controller                                73m
system:controller:validatingadmissionpolicy-status-controller   ClusterRole/system:controller:validatingadmissionpolicy-status-controller   73m
system:coredns                                                  ClusterRole/system:coredns                                                  73m
system:discovery                                                ClusterRole/system:discovery                                                73m
system:k3s-controller                                           ClusterRole/system:k3s-controller                                           73m
system:kube-controller-manager                                  ClusterRole/system:kube-controller-manager                                  73m
system:kube-dns                                                 ClusterRole/system:kube-dns                                                 73m
system:kube-scheduler                                           ClusterRole/system:kube-scheduler                                           73m
system:metrics-server                                           ClusterRole/system:metrics-server                                           73m
system:monitoring                                               ClusterRole/system:monitoring                                               73m
system:node                                                     ClusterRole/system:node                                                     73m
system:node-proxier                                             ClusterRole/system:node-proxier                                             73m
system:public-info-viewer                                       ClusterRole/system:public-info-viewer                                       73m
system:service-account-issuer-discovery                         ClusterRole/system:service-account-issuer-discovery                         73m
system:volume-scheduler                                         ClusterRole/system:volume-scheduler                                         73m
traefik-kube-system                                             ClusterRole/traefik-kube-system                                             71m

7. 用户创建
7.1 创建用户配置文件 dashboard-cluster-admin.yaml

#配置用户
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
#用户角色绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

7.2 实施创建用户

kubectl apply -f dashboard-cluster-admin.yaml

8. 生成Token

8.1 临时token生成方式

#获取临时token
kubectl -n kubernetes-dashboard create token admin-user

8.2 长期token生成方式
8.2.1 创建自动生成Token的Secret 配置文件dashboard-longtime-token.yaml

#长期token配置
apiVersion: v1
kind: Secret
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token

8.2.2 获取长期token

#实施 Secret 配置
kubectl apply -f dashboard-longtime-token.yaml
#获取长期token(如出现%结尾,不要复制这个%)
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 --decode

9. 登录验证
在这里插入图片描述
在这里插入图片描述

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值