详细分析用Kubeconfig或者Token登录的方式

创建管理员用户

➜  kubernetes  kubectl patch svc -n kube-system kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'
service/kubernetes-dashboard patched  
➜  kubernetes  kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created  
➜  kubernetes  kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-cluster-admin created  

确定NAME

➜  kubernetes  kubectl get secret -n=kube-system
NAME                                             TYPE                                  DATA   AGE  
attachdetach-controller-token-jxx56              kubernetes.io/service-account-token   3      5d3h  
bootstrap-signer-token-9hb7w                     kubernetes.io/service-account-token   3      5d3h  
certificate-controller-token-m8mpc               kubernetes.io/service-account-token   3      5d3h  
clusterrole-aggregation-controller-token-sb7dv   kubernetes.io/service-account-token   3      5d3h  
coredns-token-tdchv                              kubernetes.io/service-account-token   3      5d3h  
cronjob-controller-token-2f79z                   kubernetes.io/service-account-token   3      5d3h  
daemon-set-controller-token-svzw7                kubernetes.io/service-account-token   3      5d3h  
dashboard-admin-token-mwjwf                      kubernetes.io/service-account-token   3      61s  
default-token-sznp4                              kubernetes.io/service-account-token   3      5d3h  
deployment-controller-token-qdh74                kubernetes.io/service-account-token   3      5d3h  
disruption-controller-token-hd7sb                kubernetes.io/service-account-token   3      5d3h  
endpoint-controller-token-wnnrr                  kubernetes.io/service-account-token   3      5d3h  
expand-controller-token-jc8ls                    kubernetes.io/service-account-token   3      5d3h  
generic-garbage-collector-token-x2p5z            kubernetes.io/service-account-token   3      5d3h  
horizontal-pod-autoscaler-token-vf4kn            kubernetes.io/service-account-token   3      5d3h  
job-controller-token-mtz64                       kubernetes.io/service-account-token   3      5d3h  
kube-proxy-token-6xgld                           kubernetes.io/service-account-token   3      5d3h  
kubernetes-dashboard-certs                       Opaque                                0      5d3h  
kubernetes-dashboard-key-holder                  Opaque                                2      5d3h  
kubernetes-dashboard-token-lx9kx                 kubernetes.io/service-account-token   3      5d3h  
namespace-controller-token-8scnl                 kubernetes.io/service-account-token   3      5d3h  
node-controller-token-rh4fk                      kubernetes.io/service-account-token   3      5d3h  
persistent-volume-binder-token-xhwzv             kubernetes.io/service-account-token   3      5d3h  
pod-garbage-collector-token-7wtzh                kubernetes.io/service-account-token   3      5d3h  
pv-protection-controller-token-9nqsb             kubernetes.io/service-account-token   3      5d3h  
pvc-protection-controller-token-59kcr            kubernetes.io/service-account-token   3      5d3h  
replicaset-controller-token-pq8q9                kubernetes.io/service-account-token   3      5d3h  
replication-controller-token-tp9zd               kubernetes.io/service-account-token   3      5d3h  
resourcequota-controller-token-wm4j6             kubernetes.io/service-account-token   3      5d3h  
service-account-controller-token-g2h2r           kubernetes.io/service-account-token   3      5d3h  
service-controller-token-7qrks                   kubernetes.io/service-account-token   3      5d3h  
statefulset-controller-token-gcrtq               kubernetes.io/service-account-token   3      5d3h  
token-cleaner-token-swg2m                        kubernetes.io/service-account-token   3      5d3h  
ttl-controller-token-tgwnf                       kubernetes.io/service-account-token   3      5d3h  

获取TOKEN

➜  kubernetes  kubectl describe secret -n=kube-system dashboard-admin-token-mwjwf
Name:         dashboard-admin-token-mwjwf  
Namespace:    kube-system  
Labels:       <none>  
Annotations:  kubernetes.io/service-account.name: dashboard-admin  
              kubernetes.io/service-account.uid: 0c547a29-f000-11e9-a91a-025000000001

Type:  kubernetes.io/service-account-token

Data  
====
ca.crt:     1025 bytes  
namespace:  11 bytes  
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tbXdqd2YiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGM1NDdhMjktZjAwMC0xMWU5LWE5MWEtMDI1MDAwMDAwMDAxIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.cvbCJYR98zNWQeRjW4QmEqVPKD4CxL5EpR7bwEfCZqU_hJiNIKJubIGYWAkbB47waEBFOgIU9Aj98BGqtIAki-eL_kZFVYDIrQGzYQHZVngmCcUwG0u_PKazH9bgU_sfsw9t2_FZv-pD8aiVpGXtbS9EFWpf-VTIrZS-CSlTp0LEgPZLir8Jp_T3X4sbBfgtMbHTzkbz8WCvL_SeWxRIf7o-hLY703KNU4hkbNUxhC2ur73Irp3dSpgyANrS3G3cQjM1Uinh7pJl1ay-gRd0jPCwcZxUW3XKfLqS2-vwIpnYZ_j26Dj9oqDChAIxhK2T6VfBOdpp93AlXzT3_0VSYQ  

生成Kubeconfig文件

➜  kubernetes  DASH_TOCKEN=$(kubectl get secret -n kube-system dashboard-admin-token-mwjwf -o jsonpath={.data.token}|base64 -D)
➜  kubernetes  kubectl config set-cluster kubernetes --server=https://kubernetes.docker.internal:6443 --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
Cluster "kubernetes" set.  
➜  kubernetes  kubectl config set-credentials dashboard-admin --token=$DASH_TOCKEN --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
User "dashboard-admin" set.  
➜  kubernetes  kubectl config set-context dashboard-admin@kubernetes --cluster=kubernetes --user=dashboard-admin --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
Context "dashboard-admin@kubernetes" created.  
➜  kubernetes  kubectl config use-context dashboard-admin@kubernetes --kubeconfig=/Users/chenyuan/Tools/Docker/kubernetes/dashbord-admin.conf
Switched to context "dashboard-admin@kubernetes".  

启动服务验证

kubectl proxy --address='0.0.0.0'  --accept-hosts='^*$'  

访问:http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ 

http://static.cyblogs.com/WX20191016-190028@2x.png