如何在 v1.19.2 中使用用户名和密码登录仪表板
how to login dashboard with username & password in v1.19.2
我已经安装了我的 k8s 集群,并安装了 dashboard v2.0.4,我可以使用 token.but 登录 dashboard 如何使用用户名和密码登录?
请帮帮我!
kubectl 版本:
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:41:02Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:58Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
我遵循文档 https://kubernetes.io/docs/reference/access-authn-authz/abac/,并使用
编辑 api-servier 的配置文件
- --authorization-mode=RBAC,Node,ABAC
- --authorization-policy-file=/root/dashboard.policy.yaml
dashboard.policy.yaml 文件内容是 {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"admin","namespace":"*","resource":"*","apiGroup":"*","nonResourcePath":"*"}}
但是 api-server 无法启动。 telnet 192.168.1.5 6443 无法连接。
我遵循了文档 enter link description here(使用 kubeadm 引导集群),所以没有 kube-apiserver.service 文件,我重新启动计算机。
您可以使用 Basic authentication:
Basic authentication is disabled by default. The reason is that
Kubernetes API server needs to be configured with authorization mode
ABAC and --basic-auth-file flag provided. Without that API server
automatically falls back to anonymous user and there is no way to
check if provided credentials are valid.
In order to enable basic auth in Dashboard --authentication-mode=basic
flag has to be provided. By default it is set to
--authentication-mode=token.
您需要配置 Kubernetes 以允许基本身份验证并接受 username/password。这里是 reference.
在您确保您能够即使用配置有 username/password 的 kubectl 访问集群后,您可以为仪表板启用基本身份验证。
这里有一个有用的 step by step guide 展示了如何安装 Kubernetes 仪表板并使用用户名和密码启用身份验证。
我已经安装了我的 k8s 集群,并安装了 dashboard v2.0.4,我可以使用 token.but 登录 dashboard 如何使用用户名和密码登录?
请帮帮我!
kubectl 版本:
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:41:02Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:32:58Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
我遵循文档 https://kubernetes.io/docs/reference/access-authn-authz/abac/,并使用
编辑 api-servier 的配置文件- --authorization-mode=RBAC,Node,ABAC
- --authorization-policy-file=/root/dashboard.policy.yaml
dashboard.policy.yaml 文件内容是 {"apiVersion":"abac.authorization.kubernetes.io/v1beta1","kind":"Policy","spec":{"user":"admin","namespace":"*","resource":"*","apiGroup":"*","nonResourcePath":"*"}}
但是 api-server 无法启动。 telnet 192.168.1.5 6443 无法连接。
我遵循了文档 enter link description here(使用 kubeadm 引导集群),所以没有 kube-apiserver.service 文件,我重新启动计算机。
您可以使用 Basic authentication:
Basic authentication is disabled by default. The reason is that Kubernetes API server needs to be configured with authorization mode ABAC and
--basic-auth-fileflag provided. Without that API server automatically falls back to anonymous user and there is no way to check if provided credentials are valid.In order to enable basic auth in Dashboard
--authentication-mode=basicflag has to be provided. By default it is set to--authentication-mode=token.
您需要配置 Kubernetes 以允许基本身份验证并接受 username/password。这里是 reference.
在您确保您能够即使用配置有 username/password 的 kubectl 访问集群后,您可以为仪表板启用基本身份验证。
这里有一个有用的 step by step guide 展示了如何安装 Kubernetes 仪表板并使用用户名和密码启用身份验证。