9

New to Kubernetes I struggle to log into kubernetes dashboard.

I followed: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

and

kubectl get clusterrolebinding admin-user -n kube-system -o yaml shows:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"admin-user"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"admin-user","namespace":"kube-system"}]}
  creationTimestamp: "2019-01-15T15:48:33Z"
  name: admin-user
  resourceVersion: "2096"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/admin-user
  uid: 0361cb77-18dd-11e9-b02d-bc305b9f3aeb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Now kubectl -n kube-system get secret | egrep admin doesn't show anything (in contradiction to the statement of the page above...) What am I missing?

TIA !

Görkem Mülayim
  • 148
tim
  • 91

5 Answers5

8

Here is the full example with creating admin user and getting token:

Creating a admin / service account user called k8sadmin

sudo kubectl create serviceaccount k8sadmin -n kube-system

Give the user admin privileges

sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin

Get the token

sudo kubectl -n kube-system describe secret $(sudo kubectl -n kube-system get secret | (grep k8sadmin || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'
Gajen Sunthara
  • 181
8

One line solution:

kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode

Found in official documentation: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy

Sergey Kanygin
  • 81
1

Use this bash script to obtain the bearer token for the Kubernetes dashboard log in screen. The script will copy the token and to your native OS clipboard so it can be pasted into the login form, token value field.

Evengard
  • 1,804
javajon
  • 111
1

it's a bit late,

Update Kubernetes CLI(kubectl) to > 1.24(this solved my problem.)

Install dashboard and setup Cluster role:

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

And Run the following command:

kubectl -n kubernetes-dashboard create token admin-user
Mradul Pandey
  • 119
0

Wiki now includes command to describe secret with token. But if you only want to get token you can use something like below. This will print the token for user admin-user.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | (grep admin-user || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'

If it fails to find secret you will get:

Error from server (NotFound): secrets "admin-user" not found
Görkem Mülayim
  • 148