Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to add user name and password authentication function to Kubernetes Dashboard". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

The dashboard is a Web-based Kubernetes user interface. You can use dashboards to deploy containerized applications to Kubernetes clusters, troubleshoot containerized applications, and manage the cluster itself and its accompanying resources. You can use the dashboard to outline the applications running on the cluster and to create or modify individual Kubernetes resources.

After the K8s cluster and Dashboard service are installed by default through the yaml file, you log in using token or Kubeconfig file, which is more secure to use. But if we are deploying a test or experimental environment, it is convenient to enter a long list of token every time. So, here we show how to log in to the Dashboard service using a user name and password.

How to build cluster version in cluster environment version masterv1.20.4kubeadmdashboard:v2.0.4node01v1.20.4kubeadmdashboard:v2.0.4node02v1.20.4kubeadmdashboard:v2.0.4 of dashboard

Create a user file

Format: user, password, userID, "group1,group2"

Note: userID is not repeatable

# create username and password profile # configure username and password $echo 'admin,admin,1' on all master nodes | sudo tee / etc/kubernetes/pki/basic_auth_file

Modify the configuration file

Add the user name and password file created above to the following file

# configuration modification $sudo vim / etc/kubernetes/manifests/kube-apiserver.yaml spec: containers:-command:-kube-apiserver-advertise-address=192.168.30.30-basic-auth-file=/etc/kubernetes/pki/basic_auth_file. VolumeMounts:-mountPath: / etc/kubernetes/basic_auth_file name: basic-auth-file readOnly: true volumes:-hostPath: name: basic-auth-file path: / etc/kubernetes/basic_auth_file

Restart the apiserver service

To make the changes just made effective.

# restart $kubectl apply-f / etc/kubernetes/manifests/kube-apiserver.yaml # View $kubectl get pod-n kube-system | grep apiserver kube-apiserver-k8s-01 1 Running 0 24s kube-apiserver-k8s-02 1 Running 0 44s kube-apiserver-k8s-03 1 Running 0 50s

Bind a user to a permission

Create cluster admin role bindings

# permission binding $kubectl create clusterrolebinding\ login-on-dashboard-with-cluster-admin\-- clusterrole=cluster-admin-- user=admin # View binding $kubectl get clusterrolebinding login-on-dashboard-with-cluster-admin NAME ROLE AGE login-on-dashboard-with-cluster-admin ClusterRole/cluster-admin 2m23s

Enable basic configuration

Modify kubernetes-dashboard.yaml configuration file

$sudo vim kubernetes-dashboard.yaml args:-auto-generate-certificates-namespace=kubernetes-dashboard-token-ttl=43200 # Expiration seconds-authentication-mode=basic # enable basic login # Update $kubectl apply-f kubernetes-dashboard.yaml

Login authentication

Log in to the Dashboard service with a username and password

Dashboard enables username and password login

The content of "how to add user name and password authentication function to Kubernetes Dashboard" is introduced here. Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.