k8s replicationcontrollers is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"

k8s dashboard安装完成之后,kubectl describe secret kubernetes-dashboard-token-7nxrg -n kubernetes-dashboard,输入得到的token,然后浏览器登录发现资源一个都没有,右上角一直报错

 

 

 费了老大的功夫才明白是serviceaccount的问题,k8sdashboard出厂的serviceaccount权限太低,需要配置一个admin用户,用它的token登录即可。

创建Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

创建ClusterRoleBinding

复制代码
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
复制代码

获取admin的token

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

用这个token重新登录

 

 官方文档:https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

 转载k8s之RBAC授权模式 https://www.cnblogs.com/liusy01/p/14274815.html

posted @   风的低吟  阅读(1682)  评论(0编辑  收藏  举报
相关博文:
· clickhouse建表报错:MergeTree storages require data path.
· springboot+fabric8多层layer部署docker
· |NO.Z.00233|——————————|^^ 失败 ^^|——|KuberNetes&细粒度权限控制.V17|——|RBAC.v00|dashboard|
· k8s 安装kubernetes-dashboard
· 新建Token来访问K8S apiserver
阅读排行:
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
点击右上角即可分享
微信分享提示