Kubernetes 如何使用服务帐户';代币
我安装了Kubernetes的仪表板,现在我正在尝试登录。Kubernetes 如何使用服务帐户';代币,kubernetes,kubernetes-dashboard,Kubernetes,Kubernetes Dashboard,我安装了Kubernetes的仪表板,现在我正在尝试登录。 它要求Kubeconfig或Token,我选择使用Token 我创建了一个新服务: kubectl创建服务帐户myservice master@osboxes:~$ kubectl get serviceaccount myservice -o yaml apiVersion: v1 kind: ServiceAccount metadata: creationTimestamp: 2018-05-27T13:09:16Z na
它要求
KubeconfigTokenTokenkubectl创建服务帐户myservicemaster@osboxes:~$ kubectl get serviceaccount myservice -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2018-05-27T13:09:16Z
name: myservice
namespace: default
resourceVersion: "76189"
selfLink: /api/v1/namespaces/default/serviceaccounts/myservice
uid: 2870f525-61af-11e8-9498-000c29b3c4e0
secrets:
- name: myservice-token-p2rrt
master@osboxes:~$ kubectl get secret myservice-token-p2rrt -o yaml | grep token
token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbTE1YzJWeWRtbGpaUzEwYjJ0bGJpMXdNbkp5ZENJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKdGVYTmxjblpwWTJVaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJeU9EY3daalV5TlMwMk1XRm1MVEV4WlRndE9UUTVPQzB3TURCak1qbGlNMk0wWlRBaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZaR1ZtWVhWc2REcHRlWE5sY25acFkyVWlmUS5IdkFoTDU1a0NTOXFPME5hUXVIV3NTbU5WcnlHdUZfUUJyZXRZRi1VcXNrOTFUTTlfWUx6SktsOWQxRGh6Unpzclhac2FtTF9SNE04dUVjU2g4c0lwNHV6Ul9QdDdTQ0hRQ3JiWi1KeFJwOEhDUENlcUZXMkJ0WTl5NlJ3bDBuZlRMY0l2N1Y5SDZFc1BsSy1zTmMxVTlhcFgxMmNKQ0hoOXpjLVI3RXdlZl80OGtoaHJubGkxZTB4dExXTnFaMTJCaTdZalZGZEU3OTVIZXJOYjR5XzNRMzFIcURlcERCVF9FS01Db0NZYk82MV9jM0t3eDRrMkx5R3ZqSWRFamUxNG9HQnlUSkt2QmRWMVRNb0pnNjdvWG1PbHkwV0VZUGVRaTVnNmw5dEhsRTVLZ3NlZHowV1BCel9ZUUxKMzBQYXBxUTktenhVVVpuX0UySS1vV2cyYmc=
name: myservice-token-p2rrt
selfLink: /api/v1/namespaces/default/secrets/myservice-token-p2rrt
type: kubernetes.io/service-account-token
master@osboxes:~$ echo "ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbTE1YzJWeWRtbGpaUzEwYjJ0bGJpMXdNbkp5ZENJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKdGVYTmxjblpwWTJVaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJeU9EY3daalV5TlMwMk1XRm1MVEV4WlRndE9UUTVPQzB3TURCak1qbGlNMk0wWlRBaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZaR1ZtWVhWc2REcHRlWE5sY25acFkyVWlmUS5IdkFoTDU1a0NTOXFPME5hUXVIV3NTbU5WcnlHdUZfUUJyZXRZRi1VcXNrOTFUTTlfWUx6SktsOWQxRGh6Unpzclhac2FtTF9SNE04dUVjU2g4c0lwNHV6Ul9QdDdTQ0hRQ3JiWi1KeFJwOEhDUENlcUZXMkJ0WTl5NlJ3bDBuZlRMY0l2N1Y5SDZFc1BsSy1zTmMxVTlhcFgxMmNKQ0hoOXpjLVI3RXdlZl80OGtoaHJubGkxZTB4dExXTnFaMTJCaTdZalZGZEU3OTVIZXJOYjR5XzNRMzFIcURlcERCVF9FS01Db0NZYk82MV9jM0t3eDRrMkx5R3ZqSWRFamUxNG9HQnlUSkt2QmRWMVRNb0pnNjdvWG1PbHkwV0VZUGVRaTVnNmw5dEhsRTVLZ3NlZHowV1BCel9ZUUxKMzBQYXBxUTktenhVVVpuX0UySS1vV2cyYmc=" | base64 -d
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15c2VydmljZS10b2tlbi1wMnJydCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteXNlcnZpY2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyODcwZjUyNS02MWFmLTExZTgtOTQ5OC0wMDBjMjliM2M0ZTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpteXNlcnZpY2UifQ.HvAhL55kCS9qO0NaQuHWsSmNVryGuF_QBretYF-Uqsk91TM9_YLzJKl9d1DhzRzsrXZsamL_R4M8uEcSh8sIp4uzR_Pt7SCHQCrbZ-JxRp8HCPCeqFW2BtY9y6Rwl0nfTLcIv7V9H6EsPlK-sNc1U9apX12cJCHh9zc-R7Ewef_48khhrnli1e0xtLWNqZ12Bi7YjVFdE795HerNb4y_3Q31HqDepDBT_EKMCoCYbO61_c3Kwx4k2LyGvjIdEje14oGByTJKvBdV1TMoJg67oXmOly0WEYPeQi5g6l9tHlE5Kgsedz0WPBz_YQLJ30PapqQ9-zxUUZn_E2I-oWg2bg
编辑:
以下是我连接Pod并尝试登录后的日志:
2018/05/27 15:58:47 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2018/05/27 15:58:57 [2018-05-27T15:58:57Z] Incoming HTTP/2.0 GET /api/v1/csrftoken/login request from 10.244.0.0:58976: {}
2018/05/27 15:58:57 [2018-05-27T15:58:57Z] Outcoming response to 10.244.0.0:58976 with 200 status code
2018/05/27 15:58:57 [2018-05-27T15:58:57Z] Incoming HTTP/2.0 POST /api/v1/login request from 10.244.0.0:58976: {
"kubeConfig": "",
"password": "",
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15c2VydmljZS10b2tlbi1wMnJydCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteXNlcnZpY2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyODcwZjUyNS02MWFmLTExZTgtOTQ5OC0wMDBjMjliM2M0ZTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpteXNlcnZpY2UifQ.HvAhL55kCS9qO0NaQuHWsSmNVryGuF_QBretYF-Uqsk91TM9_YLzJKl9d1DhzRzsrXZsamL_R4M8uEcSh8sIp4uzR_Pt7SCHQCrbZ-JxRp8HCPCeqFW2BtY9y6Rwl0nfTLcIv7V9H6EsPlK-sNc1U9apX12cJCHh9zc-R7Ewef_48khhrnli1e0xtLWNqZ12Bi7YjVFdE795HerNb4y_3Q31HqDepDBT_EKMCoCYbO61_c3Kwx4k2LyGvjIdEje14oGByTJKvBdV1TMoJg67oXmOly0WEYPeQi5g6l9tHlE5Kgsedz0WPBz_YQLJ30PapqQ9-zxUUZn_E2I-oWg2bgmaster@osboxes",
"username": ""
}
2018/05/27 15:58:57 Non-critical error occurred during resource retrieval: the server has asked for the client to provide credentials
2018/05/27 15:58:57 [2018-05-27T15:58:57Z] Outcoming response to 10.244.0.0:58976 with 200 status code
好的,阅读日志,我可以看到使用的令牌在末尾有一个错误:
master@osboxes
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15c2VydmljZS10b2tlbi1wMnJydCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteXNlcnZpY2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyODcwZjUyNS02MWFmLTExZTgtOTQ5OC0wMDBjMjliM2M0ZTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpteXNlcnZpY2UifQ.HvAhL55kCS9qO0NaQuHWsSmNVryGuF_QBretYF-Uqsk91TM9_YLzJKl9d1DhzRzsrXZsamL_R4M8uEcSh8sIp4uzR_Pt7SCHQCrbZ-JxRp8HCPCeqFW2BtY9y6Rwl0nfTLcIv7V9H6EsPlK-sNc1U9apX12cJCHh9zc-R7Ewef_48khhrnli1e0xtLWNqZ12Bi7YjVFdE795HerNb4y_3Q31HqDepDBT_EKMCoCYbO61_c3Kwx4k2LyGvjIdEje14oGByTJKvBdV1TMoJg67oXmOly0WEYPeQi5g6l9tHlE5Kgsedz0WPBz_YQLJ30PapqQ9-zxUUZn_E2I-oWg2bg
程序是正确的,当您点击登录时,我可以看到仪表盘日志吗?@IgnacioMillán我添加了日志。错误:
度量客户端运行状况检查失败:服务器找不到请求的资源(get services heapster)。30秒后重试完整日志在我编辑的问题中。谢谢!刚刚发布了一个关于该错误的可能解决方案,这只是因为dashboard在集群中找不到heapster(heapster是一个收集度量的工具)。仪表板将正常工作,但不会显示有关资源使用情况的图表。哦,我不敢相信我错过了它:)谢谢!