Create a Kubernetes (k8s) admin user
Creating a kubernetes (k8s) admin user is needed to be able to login to the k8s dashboard.
One of the first things you'll need if you spinning up a kubernetes cluster outside of an environment that doesn't provide you a management interface out of the box (gke, aks, kubernetes on aws) is to create an admin user to login to the dashboard.
If you're working on this in a dev environment then you can use minikube
Install dashboard UI
By default kubernetes (k8s) does not come with with dashboard UI enabled.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yamlProxy to the dashboard
You'll need to use kubectl to setup the proxy
...\kubernetes> kubectl proxy
Starting to serve on 127.0.0.1:8001Open the dashboard in your browser
You'll be greeted by a confusing login prompt. The way we get around this is by creating a service account so that we can login with that users token.
Create a file admin-account.yml
--- #Admin Account creation
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-systemThen lets run this with kubectl
...\kubernetes> kubectl apply -f admin-account.yml
serviceaccount/admin created This will create the username admin as a service account. That is still not enough though because we need to give this user permissions to do things with in the cluster.
Now we need to setup the RBAC (Role Based Access Control) to allow our user to connect to the dashboard.
Create a file admin-rbac.yml
--- #grant cluster-admin (superuser) authorization to admin user
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-systemLets run this config against the cluster with kubectl
...\kubernetes> kubectl.exe apply -f .\admin-rbac.yml clusterrolebinding.rbac.authorization.k8s.io/admin createdNow this config being applied has created a secret that we can lookup to get the access token to pass into the dashboard.
Window Users Note: If you're using windows then you will need to install a couple things via Choco
choco install awk vim grepIf you are on a linux/mac machine then those tools are most likely installed already.
Look up the secret token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret |grep admin |awk '{print $1}')
Name: admin-token-gjqgw
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: e1201d63-cb23-440e-9d48-e3f40aeb16da
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImJqelYtSEFtSkRXV2pDUTZkc2JUTTMyb3U3OXZoZmhxS0dXT0tjcktTT1kifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1nanFndyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImUxMjAxZDYzLWNiMjMtNDQwZS05ZDQ4LWUzZjQwYWViMTZkYSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.UWgXavMcBwtqTYeWIhpV_PmjIjKu5Zf6Cb_rL0ieDs0qG--GBMNf5Og3VTsDd-dwW9DnytKJuzU93rdw4lAl_LeN_ALx3gIJg0eYHd3ZjyFp2kbguPrvxNwrBxwYjAi-RO95pF_YiKH8jE38UfXqjgBEf7mKlzbw86sooZ-vL3pL4N5gEkf9BxZWbVx-4B5TjppsMZnz1Xo2tUzlb2V4U8cv4Xr7lwfegSUTWTxX_nqPEkXuXfbmjJUFBp1F_7l6Q7oHSHQiVWaohRaTyz3Kz0A6Md7pn-W-D91aQ3JdIiPLN15ii0CeSYFBEpb4LDch3nowPb3KMTCgriCHjvGK2wYour token that you get back with be different than what's above. But you'll now be able to copy and paste that and goto your dashboard.
Congratulations you now have access to your k8s dashboard using our newly created admin account.