8

New to Kubernetes I struggle to log into kubernetes dashboard.

I followed: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

and

kubectl get clusterrolebinding admin-user -n kube-system -o yaml shows:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"admin-user"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"admin-user","namespace":"kube-system"}]}
  creationTimestamp: "2019-01-15T15:48:33Z"
  name: admin-user
  resourceVersion: "2096"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/admin-user
  uid: 0361cb77-18dd-11e9-b02d-bc305b9f3aeb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Now kubectl -n kube-system get secret | egrep admin doesn't show anything (in contradiction to the statement of the page above...) What am I missing?

TIA !

Görkem Mülayim
  • 148
  • 6
tim
  • 81
  • 1
  • 1
  • 3
  • For kubernetes cluster version 1.24 and above, API access token (in secrets) are not injected into service accounts anymore. They are TokenReview controller projected directly into starting pod with the appended subject service accounts. – emag_mI Jul 28 '23 at 00:29

5 Answers5

8

One line solution:

kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode

Found in official documentation: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy

Sergey Kanygin
  • 81
  • 1
  • 1
6

Here is the full example with creating admin user and getting token:

Creating a admin / service account user called k8sadmin

sudo kubectl create serviceaccount k8sadmin -n kube-system

Give the user admin privileges

sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin

Get the token

sudo kubectl -n kube-system describe secret $(sudo kubectl -n kube-system get secret | (grep k8sadmin || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'
Gajen Sunthara
  • 161
  • 1
  • 2
  • I followed your steps and got the following error: `Error from server (NotFound): secrets "k8sadmin" not found` – LostAtSea Aug 28 '20 at 22:45
  • Looks like your K8s admin account not created in your cluster. Verify the service account first. `sudo kubectl get serviceaccount` – Gajen Sunthara Aug 30 '20 at 18:11
  • Nice. I was able to figure out what was going on. I had to do `sudo kubectl get serviceaccount -n `. I initially created the serviceaccount in a different namespace. – LostAtSea Sep 03 '20 at 19:33
  • Is the kube-system an overarching namespace? – LostAtSea Sep 03 '20 at 19:33
  • @LostAtSea this is probably because your Kubernetes version is above 1.22. Since this version secret is not created automatically. – Michael A. Dec 20 '22 at 21:48
2

it's a bit late,

Update Kubernetes CLI(kubectl) to > 1.24(this solved my problem.)

Install dashboard and setup Cluster role:

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

And Run the following command:

kubectl -n kubernetes-dashboard create token admin-user
Mradul Pandey
  • 121
  • 3
  • 4
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 07 '22 at 10:59
0

Use this bash script to obtain the bearer token for the Kubernetes dashboard log in screen. The script will copy the token and to your native OS clipboard so it can be pasted into the login form, token value field.

Evengard
  • 1,764
  • 15
  • 26
javajon
  • 101
  • 2
0

Wiki now includes command to describe secret with token. But if you only want to get token you can use something like below. This will print the token for user admin-user.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | (grep admin-user || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'

If it fails to find secret you will get:

Error from server (NotFound): secrets "admin-user" not found
Görkem Mülayim
  • 148
  • 6