In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article introduces the knowledge of "how to add user name and password authentication function to Kubernetes Dashboard". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!
The dashboard is a Web-based Kubernetes user interface. You can use dashboards to deploy containerized applications to Kubernetes clusters, troubleshoot containerized applications, and manage the cluster itself and its accompanying resources. You can use the dashboard to outline the applications running on the cluster and to create or modify individual Kubernetes resources.
After the K8s cluster and Dashboard service are installed by default through the yaml file, you log in using token or Kubeconfig file, which is more secure to use. But if we are deploying a test or experimental environment, it is convenient to enter a long list of token every time. So, here we show how to log in to the Dashboard service using a user name and password.
How to build cluster version in cluster environment version masterv1.20.4kubeadmdashboard:v2.0.4node01v1.20.4kubeadmdashboard:v2.0.4node02v1.20.4kubeadmdashboard:v2.0.4 of dashboard
Create a user file
Format: user, password, userID, "group1,group2"
Note: userID is not repeatable
# create username and password profile # configure username and password $echo 'admin,admin,1' on all master nodes | sudo tee / etc/kubernetes/pki/basic_auth_file
Modify the configuration file
Add the user name and password file created above to the following file
# configuration modification $sudo vim / etc/kubernetes/manifests/kube-apiserver.yaml spec: containers:-command:-kube-apiserver-advertise-address=192.168.30.30-basic-auth-file=/etc/kubernetes/pki/basic_auth_file. VolumeMounts:-mountPath: / etc/kubernetes/basic_auth_file name: basic-auth-file readOnly: true volumes:-hostPath: name: basic-auth-file path: / etc/kubernetes/basic_auth_file
Restart the apiserver service
To make the changes just made effective.
# restart $kubectl apply-f / etc/kubernetes/manifests/kube-apiserver.yaml # View $kubectl get pod-n kube-system | grep apiserver kube-apiserver-k8s-01 1 Running 0 24s kube-apiserver-k8s-02 1 Running 0 44s kube-apiserver-k8s-03 1 Running 0 50s
Bind a user to a permission
Create cluster admin role bindings
# permission binding $kubectl create clusterrolebinding\ login-on-dashboard-with-cluster-admin\-- clusterrole=cluster-admin-- user=admin # View binding $kubectl get clusterrolebinding login-on-dashboard-with-cluster-admin NAME ROLE AGE login-on-dashboard-with-cluster-admin ClusterRole/cluster-admin 2m23s
Enable basic configuration
Modify kubernetes-dashboard.yaml configuration file
$sudo vim kubernetes-dashboard.yaml args:-auto-generate-certificates-namespace=kubernetes-dashboard-token-ttl=43200 # Expiration seconds-authentication-mode=basic # enable basic login # Update $kubectl apply-f kubernetes-dashboard.yaml
Login authentication
Log in to the Dashboard service with a username and password
Dashboard enables username and password login
The content of "how to add user name and password authentication function to Kubernetes Dashboard" is introduced here. Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.