我為我的用戶定義了帶有 ClusterRoles 的 Kubernetes,并通過 (RoleBindings) 命名空間定義了權限。我希望這些用戶可以通過自定義權限訪問 Kubernetes 儀表板。但是,當他們嘗試使用 kubeconfig 選項登錄時,會收到以下訊息:
"Internal error (500): Not enough data to create auth info structure."
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md -- 本指南僅用于創建 ADMIN 用戶,不適用于具有自定義權限或沒有權限的用戶...(已編輯)
uj5u.com熱心網友回復:
更新已解決:
你必須這樣做:
- 為每個用戶創建 ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
name: NAME-user
namespace: kubernetes-dashboard
- 調整 RoleBinding 添加此 SA
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: PUT YOUR CR HERE
namespace: PUT YOUR NS HERE
subjects:
- kind: User
name: PUT YOUR CR HERE
apiGroup: 'rbac.authorization.k8s.io'
- kind: ServiceAccount
name: NAME-user
namespace: kubernetes-dashboard
roleRef:
kind: ClusterRole
name: PUT YOUR CR HERE
apiGroup: 'rbac.authorization.k8s.io'
- 獲取令牌:
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/NAME-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
- 將令牌添加到您的 kubeconfig 檔案中。你的知識庫應該包含這樣的內容:
apiVersion: v1
clusters:
- cluster:
server: https://XXXX
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: YOUR UER
name: kubernetes
current-context: "kubernetes"
kind: Config
preferences: {}
users:
- name: YOUR USER
user:
client-certificate-data: CODED
client-key-data: CODED
token: CODED ---> ADD TOKEN HERE
- 登錄
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/383976.html
標籤:用户界面 Kubernetes 仪表板
上一篇:反應原生中的密碼要求切換模式