用Kubeconfig或者登录的方式是怎么样的
本篇文章给大家分享的是有关用Kubeconfig或者登录的方式是怎么样的,小编觉得挺实用的,因此分享给大家学习,希望大家阅读完这篇文章后可以有所收获,话不多说,跟着小编一起来看看吧。
创建管理员用户
➜ kubernetes kubectl patch svc -n kube-system kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'
service/kubernetes-dashboard patched
➜ kubernetes kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
➜ kubernetes kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created
确定NAME
➜ kubernetes kubectl get secret -n=kube-system NAME TYPE DATA AGE attachdetach-controller-token-jxx56 kubernetes.io/service-account-token 3 5d3h bootstrap-signer-token-9hb7w kubernetes.io/service-account-token 3 5d3h certificate-controller-token-m8mpc kubernetes.io/service-account-token 3 5d3h clusterrole-aggregation-controller-token-sb7dv kubernetes.io/service-account-token 3 5d3h coredns-token-tdchv kubernetes.io/service-account-token 3 5d3h cronjob-controller-token-2f79z kubernetes.io/service-account-token 3 5d3h daemon-set-controller-token-svzw7 kubernetes.io/service-account-token 3 5d3h dashboard-admin-token-mwjwf kubernetes.io/service-account-token 3 61s default-token-sznp4 kubernetes.io/service-account-token 3 5d3h deployment-controller-token-qdh74 kubernetes.io/service-account-token 3 5d3h disruption-controller-token-hd7sb kubernetes.io/service-account-token 3 5d3h endpoint-controller-token-wnnrr kubernetes.io/service-account-token 3 5d3h expand-controller-token-jc8ls kubernetes.io/service-account-token 3 5d3h generic-garbage-collector-token-x2p5z kubernetes.io/service-account-token 3 5d3h horizontal-pod-autoscaler-token-vf4kn kubernetes.io/service-account-token 3 5d3h job-controller-token-mtz64 kubernetes.io/service-account-token 3 5d3h kube-proxy-token-6xgld kubernetes.io/service-account-token 3 5d3h kubernetes-dashboard-certs Opaque 0 5d3h kubernetes-dashboard-key-holder Opaque 2 5d3h kubernetes-dashboard-token-lx9kx kubernetes.io/service-account-token 3 5d3h namespace-controller-token-8scnl kubernetes.io/service-account-token 3 5d3h node-controller-token-rh5fk kubernetes.io/service-account-token 3 5d3h persistent-volume-binder-token-xhwzv kubernetes.io/service-account-token 3 5d3h pod-garbage-collector-token-7wtzh kubernetes.io/service-account-token 3 5d3h pv-protection-controller-token-9nqsb kubernetes.io/service-account-token 3 5d3h pvc-protection-controller-token-59kcr kubernetes.io/service-account-token 3 5d3h replicaset-controller-token-pq8q9 kubernetes.io/service-account-token 3 5d3h replication-controller-token-tp9zd kubernetes.io/service-account-token 3 5d3h resourcequota-controller-token-wm4j6 kubernetes.io/service-account-token 3 5d3h service-account-controller-token-g2h3r kubernetes.io/service-account-token 3 5d3h service-controller-token-7qrks kubernetes.io/service-account-token 3 5d3h statefulset-controller-token-gcrtq kubernetes.io/service-account-token 3 5d3h token-cleaner-token-swg2m kubernetes.io/service-account-token 3 5d3h ttl-controller-token-tgwnf kubernetes.io/service-account-token 3 5d3h
获取TOKEN
➜ kubernetes kubectl describe secret -n=kube-system dashboard-admin-token-mwjwf Name: dashboard-admin-token-mwjwf Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: dashboard-admin kubernetes.io/service-account.uid: 0c547a29-f000-11e9-a91a-025000000001 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbXdqd2YiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGM1NDdhMjktZjAwMC0xMWU5LWE5MWEtMDI1MDAwMDAwMDAxIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.cvbCJYR98zNWQeRjW4QmEqVPKD4CxL5EpR7bwEfCZqU_hJiNIKJubIGYWAkbB47waEBFOgIU9Aj98BGqtIAki-eL_kZFVYDIrQGzYQHZVngmCcUwG0u_PKazH9bgU_sfsw9t2_FZv-pD8aiVpGXtbS9EFWpf-VTIrZS-CSlTp0LEgPZLir8Jp_T3X4sbBfgtMbHTzkbz8WCvL_SeWxRIf7o-hLY703KNU4hkbNUxhC2ur73Irp3dSpgyANrS3G3cQjM1Uinh7pJl1ay-gRd0jPCwcZxUW3XKfLqS2-vwIpnYZ_j26Dj9oqDChAIxhK2T6VfBOdpp93AlXzT3_0VSYQ
生成Kubeconfig文件
➜ kubernetes DASH_TOCKEN=$(kubectl get secret -n kube-system dashboard-admin-token-mwjwf -o jsonpath={.data.token}|base64 -D)
➜ kubernetes kubectl config set-cluster kubernetes --server=https://kubernetes.docker.internal:6443 --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
Cluster "kubernetes" set.
➜ kubernetes kubectl config set-credentials dashboard-admin --token=$DASH_TOCKEN --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
User "dashboard-admin" set.
➜ kubernetes kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
Context "dashboard-admin@kubernetes" created.
➜ kubernetes kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
Switched to context "dashboard-admin@kubernetes".
启动服务验证
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' 访问:http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
以上就是用Kubeconfig或者登录的方式是怎么样的,小编相信有部分知识点可能是我们日常工作会见到或用到的。希望你能通过这篇文章学到更多知识。更多详情敬请关注行业资讯频道。