k8s replicationcontrollers is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"

本文轉載自查看原文 2022-03-14 15:45 1365

k8s dashboard安裝完成之后，kubectl describe secret kubernetes-dashboard-token-7nxrg -n kubernetes-dashboard,輸入得到的token，然后瀏覽器登錄發現資源一個都沒有，右上角一直報錯

費了老大的功夫才明白是serviceaccount的問題,k8sdashboard出廠的serviceaccount權限太低，需要配置一個admin用戶，用它的token登錄即可。

創建Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

創建ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

獲取admin的token

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

用這個token重新登錄

官方文檔：https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

14274815.html

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 Error: configmaps is forbidden: User "system:serviceaccount:kube-system:default" cannot list resource "configmaps" in API group "" in the namespace "kube-system" 【K8S】K8S 1.18.2安裝dashboard（基於kubernetes-dashboard 2.0.0版本）【K8S】K8S 1.18.2安裝dashboard（基於kubernetes-dashboard 2.0.0版本） kubernetes-dashboard登錄出現forbidden 403 K8s運行dashboard命令啟動報錯："no endpoints available for service \"kubernetes-dashboard\"" kubernetes-dashboard安裝部署kubernetes-dashboard 安裝kubernetes-dashboard K8S 1.20.6安裝dashboard（基於kubernetes-dashboard 2.0.0版本）刪除kubernetes-dashboard