如何使用服务帐户的令牌登录Kubernetes Dashboard UI

时间:2018-05-27 14:37:08

标签: kubernetes kubernetes-dashboard

我安装了Kubernetes的仪表板,现在我正在尝试登录 它要求tf.assign( t, t2 ) Kubeconfig,我选择使用Token

我创建了一项新服务:
Token 

kubectl create serviceaccount myservice

我导出了服务帐户的令牌:

master@osboxes:~$ kubectl get serviceaccount myservice -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2018-05-27T13:09:16Z
  name: myservice
  namespace: default
  resourceVersion: "76189"
  selfLink: /api/v1/namespaces/default/serviceaccounts/myservice
  uid: 2870f525-61af-11e8-9498-000c29b3c4e0
secrets:
- name: myservice-token-p2rrt

从base64解码:

master@osboxes:~$ kubectl get secret myservice-token-p2rrt -o yaml | grep token
  token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbTE1YzJWeWRtbGpaUzEwYjJ0bGJpMXdNbkp5ZENJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKdGVYTmxjblpwWTJVaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJeU9EY3daalV5TlMwMk1XRm1MVEV4WlRndE9UUTVPQzB3TURCak1qbGlNMk0wWlRBaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZaR1ZtWVhWc2REcHRlWE5sY25acFkyVWlmUS5IdkFoTDU1a0NTOXFPME5hUXVIV3NTbU5WcnlHdUZfUUJyZXRZRi1VcXNrOTFUTTlfWUx6SktsOWQxRGh6Unpzclhac2FtTF9SNE04dUVjU2g4c0lwNHV6Ul9QdDdTQ0hRQ3JiWi1KeFJwOEhDUENlcUZXMkJ0WTl5NlJ3bDBuZlRMY0l2N1Y5SDZFc1BsSy1zTmMxVTlhcFgxMmNKQ0hoOXpjLVI3RXdlZl80OGtoaHJubGkxZTB4dExXTnFaMTJCaTdZalZGZEU3OTVIZXJOYjR5XzNRMzFIcURlcERCVF9FS01Db0NZYk82MV9jM0t3eDRrMkx5R3ZqSWRFamUxNG9HQnlUSkt2QmRWMVRNb0pnNjdvWG1PbHkwV0VZUGVRaTVnNmw5dEhsRTVLZ3NlZHowV1BCel9ZUUxKMzBQYXBxUTktenhVVVpuX0UySS1vV2cyYmc=
  name: myservice-token-p2rrt
  selfLink: /api/v1/namespaces/default/secrets/myservice-token-p2rrt
type: kubernetes.io/service-account-token

但是当我输入解码后的令牌时,它失败了:
enter image description here

修改
这是我附加Pod并尝试登录后的日志:

master@osboxes:~$ echo "ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbTE1YzJWeWRtbGpaUzEwYjJ0bGJpMXdNbkp5ZENJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKdGVYTmxjblpwWTJVaUxDSnJkV0psY201bGRHVnpMbWx2TDNObGNuWnBZMlZoWTJOdmRXNTBMM05sY25acFkyVXRZV05qYjNWdWRDNTFhV1FpT2lJeU9EY3daalV5TlMwMk1XRm1MVEV4WlRndE9UUTVPQzB3TURCak1qbGlNMk0wWlRBaUxDSnpkV0lpT2lKemVYTjBaVzA2YzJWeWRtbGpaV0ZqWTI5MWJuUTZaR1ZtWVhWc2REcHRlWE5sY25acFkyVWlmUS5IdkFoTDU1a0NTOXFPME5hUXVIV3NTbU5WcnlHdUZfUUJyZXRZRi1VcXNrOTFUTTlfWUx6SktsOWQxRGh6Unpzclhac2FtTF9SNE04dUVjU2g4c0lwNHV6Ul9QdDdTQ0hRQ3JiWi1KeFJwOEhDUENlcUZXMkJ0WTl5NlJ3bDBuZlRMY0l2N1Y5SDZFc1BsSy1zTmMxVTlhcFgxMmNKQ0hoOXpjLVI3RXdlZl80OGtoaHJubGkxZTB4dExXTnFaMTJCaTdZalZGZEU3OTVIZXJOYjR5XzNRMzFIcURlcERCVF9FS01Db0NZYk82MV9jM0t3eDRrMkx5R3ZqSWRFamUxNG9HQnlUSkt2QmRWMVRNb0pnNjdvWG1PbHkwV0VZUGVRaTVnNmw5dEhsRTVLZ3NlZHowV1BCel9ZUUxKMzBQYXBxUTktenhVVVpuX0UySS1vV2cyYmc=" | base64 -d
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15c2VydmljZS10b2tlbi1wMnJydCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteXNlcnZpY2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyODcwZjUyNS02MWFmLTExZTgtOTQ5OC0wMDBjMjliM2M0ZTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpteXNlcnZpY2UifQ.HvAhL55kCS9qO0NaQuHWsSmNVryGuF_QBretYF-Uqsk91TM9_YLzJKl9d1DhzRzsrXZsamL_R4M8uEcSh8sIp4uzR_Pt7SCHQCrbZ-JxRp8HCPCeqFW2BtY9y6Rwl0nfTLcIv7V9H6EsPlK-sNc1U9apX12cJCHh9zc-R7Ewef_48khhrnli1e0xtLWNqZ12Bi7YjVFdE795HerNb4y_3Q31HqDepDBT_EKMCoCYbO61_c3Kwx4k2LyGvjIdEje14oGByTJKvBdV1TMoJg67oXmOly0WEYPeQi5g6l9tHlE5Kgsedz0WPBz_YQLJ30PapqQ9-zxUUZn_E2I-oWg2bg

1 个答案:

答案 0 :(得分:0)

好的,阅读日志我可以看到所使用的令牌最后有错误:

master@osboxes

我猜你错误地复制了shell用户名。

正确的令牌应该只是:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15c2VydmljZS10b2tlbi1wMnJydCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteXNlcnZpY2UiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyODcwZjUyNS02MWFmLTExZTgtOTQ5OC0wMDBjMjliM2M0ZTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpteXNlcnZpY2UifQ.HvAhL55kCS9qO0NaQuHWsSmNVryGuF_QBretYF-Uqsk91TM9_YLzJKl9d1DhzRzsrXZsamL_R4M8uEcSh8sIp4uzR_Pt7SCHQCrbZ-JxRp8HCPCeqFW2BtY9y6Rwl0nfTLcIv7V9H6EsPlK-sNc1U9apX12cJCHh9zc-R7Ewef_48khhrnli1e0xtLWNqZ12Bi7YjVFdE795HerNb4y_3Q31HqDepDBT_EKMCoCYbO61_c3Kwx4k2LyGvjIdEje14oGByTJKvBdV1TMoJg67oXmOly0WEYPeQi5g6l9tHlE5Kgsedz0WPBz_YQLJ30PapqQ9-zxUUZn_E2I-oWg2bg
相关问题
最新问题