dashboard的kube-config需要使用serviceaccount账户,创建方式和 User Account 类似
除了可以使用证书来创建kube-config文件,还可以使用Token来创建,以下以Token方式创建kube-config文件:
# 获取token信息,注意:使用describe获取的token末尾可能缺少字符串"=="导致解码失败
[root@hdss7-21 ~]# server_token=$(kubectl get secret kubernetes-dashboard-admin-token-lz9rl -n kube-system -o jsonpath={.data.token}|base64 -d)
# 创建config文件
[root@hdss7-21 ~]# kubectl config set-cluster kubernetes --certificate-authority=/opt/apps/kubernetes/server/bin/certs/ca.pem --embed-certs=true --server=https://10.4.7.10:7443 --kubeconfig=/root/dashboard-admin.config
[root@hdss7-21 ~]# kubectl config set-credentials kubernetes-dashboard-admin --token=$server_token --kubeconfig=/root/dashboard-admin.config
[root@hdss7-21 ~]# kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=kubernetes-dashboard-admin --kubeconfig=/root/dashboard-admin.config
[root@hdss7-21 ~]# kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/root/dashboard-admin.config
# 清除临时变量
[root@hdss7-21 ~]# unset server_token
[root@hdss7-21 ~]# kubectl config view --kubeconfig=/root/dashboard-admin.config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.4.7.10:7443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-dashboard-admin
name: dashboard-admin@kubernetes
current-context: dashboard-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-dashboard-admin
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi1sejlybCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQzYzY0NWFiLTc0MGMtNDNlOS05ZWZmLTUwMTZmMmQwMWM3NSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.Ixik7h42Zfavi_RjgOOw3Exq0TS4IAEjs_mlTWXBeOQ3zxu-hFy4Y2BMSrk2hCHQRxac8Lqz-3L0e7NPMOqu_jK8M6J65xPok4apgzcDWLu17fmH32TvmezvGi0NVT_3EtxsmDfneKFpSZ-XDNwR2TUsNcpQSMMZm32Jj3ohvqXTPeW1gQBFjTY2SdbzLIxFJqFICo_du67m7Gm0N6XugSOSs9pVDz5ucoANsTMsjJ_FAznorT54Xzo8B0aHpkTSRb7Jzz-iLt9QIK2WBDaRbNVdVMlhAFoyMoqG4e1kE-LA5i4912VBqGhmKmduLhDK-z2QyjbyX6qZE5VhWGh3Gg