如何在k3s部署的Kubernetes Dashboard中使用静态令牌登录?
Absolutely, you can set up a static, reusable token for logging into Kubernetes Dashboard on k3s—no more dealing with random tokens every time you redeploy. Here’s a straightforward, k3s-compatible step-by-step approach:
First, define a service account that will be linked to your static token. Create a file named dashboard-admin-user.yaml with this content:
apiVersion: v1 kind: ServiceAccount metadata: name: dashboard-admin namespace: kube-system
Apply it with:
kubectl apply -f dashboard-admin-user.yaml
To give this account full access to your cluster (adjust the role if you need more restrictive permissions), create a ClusterRoleBinding. Make a file named dashboard-admin-binding.yaml:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dashboard-admin-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: dashboard-admin namespace: kube-system
Apply the binding:
kubectl apply -f dashboard-admin-binding.yaml
This is the key step to get a persistent token. By creating a Secret of type kubernetes.io/service-account-token linked to your service account, Kubernetes (and k3s) will generate a static token that won’t change unless you delete the Secret. Create dashboard-static-token.yaml:
apiVersion: v1 kind: Secret metadata: name: dashboard-static-token namespace: kube-system annotations: kubernetes.io/service-account.name: "dashboard-admin" type: kubernetes.io/service-account-token
Apply the Secret:
kubectl apply -f dashboard-static-token.yaml
Run this command to extract and decode the token:
kubectl -n kube-system get secret dashboard-static-token -o jsonpath='{.data.token}' | base64 -d
Save this token somewhere safe—you can use it every time you log into the Kubernetes Dashboard, even after redeploying k3s or the Dashboard itself (just re-apply the three YAML files above if they’re not persisted in your cluster setup).
Quick Notes
- If you need more restricted access, replace the
cluster-adminrole with a custom ClusterRole that has only the permissions your Dashboard users need. - Ensure your Kubernetes Dashboard deployment has token authentication enabled (this is the default, but double-check the Dashboard pod’s arguments to confirm there’s no restriction on token login).
内容的提问来源于stack exchange,提问作者Rupesh Shinde
