9

New to Kubernetes I struggle to log into kubernetes dashboard.

I followed: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

and

kubectl get clusterrolebinding admin-user -n kube-system -o yaml shows:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"admin-user"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"cluster-admin"},"subjects":[{"kind":"ServiceAccount","name":"admin-user","namespace":"kube-system"}]}
  creationTimestamp: "2019-01-15T15:48:33Z"
  name: admin-user
  resourceVersion: "2096"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/admin-user
  uid: 0361cb77-18dd-11e9-b02d-bc305b9f3aeb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Now kubectl -n kube-system get secret | egrep admin doesn't show anything (in contradiction to the statement of the page above...) What am I missing?

TIA !

Improve this question
2
  • For kubernetes cluster version 1.24 and above, API access token (in secrets) are not injected into service accounts anymore. They are TokenReview controller projected directly into starting pod with the appended subject service accounts.
    – emag_mI
    Commented Jul 28, 2023 at 0:29
  • For EKS: aws eks get-token --cluster-name my-cluster | jq -r '.status.token'
    – Mauricio Scheffer
    Commented Oct 18, 2023 at 14:31

5 Answers 5

Reset to default
8

Here is the full example with creating admin user and getting token:

Creating a admin / service account user called k8sadmin

sudo kubectl create serviceaccount k8sadmin -n kube-system

Give the user admin privileges

sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin

Get the token

sudo kubectl -n kube-system describe secret $(sudo kubectl -n kube-system get secret | (grep k8sadmin || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'
Improve this answer
5
  • I followed your steps and got the following error: Error from server (NotFound): secrets "k8sadmin" not found
    – burnah-boiii
    Commented Aug 28, 2020 at 22:45
  • Looks like your K8s admin account not created in your cluster. Verify the service account first. sudo kubectl get serviceaccount
    – Gajen Sunthara
    Commented Aug 30, 2020 at 18:11
  • Nice. I was able to figure out what was going on. I had to do sudo kubectl get serviceaccount -n <my-namespace>. I initially created the serviceaccount in a different namespace.
    – burnah-boiii
    Commented Sep 3, 2020 at 19:33
  • Is the kube-system an overarching namespace?
    – burnah-boiii
    Commented Sep 3, 2020 at 19:33
  • 1
    @LostAtSea this is probably because your Kubernetes version is above 1.22. Since this version secret is not created automatically.
    – Michael A.
    Commented Dec 20, 2022 at 21:48
8

One line solution:

kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode

Found in official documentation: https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/#without-kubectl-proxy

Improve this answer
2

it's a bit late,

Update Kubernetes CLI(kubectl) to > 1.24(this solved my problem.)

Install dashboard and setup Cluster role:

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

And Run the following command:

kubectl -n kubernetes-dashboard create token admin-user
Improve this answer
1
  • 4
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Aug 7, 2022 at 10:59
1

Use this bash script to obtain the bearer token for the Kubernetes dashboard log in screen. The script will copy the token and to your native OS clipboard so it can be pasted into the login form, token value field.

Improve this answer
0

Wiki now includes command to describe secret with token. But if you only want to get token you can use something like below. This will print the token for user admin-user.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | (grep admin-user || echo "$_") | awk '{print $1}') | grep token: | awk '{print $2}'

If it fails to find secret you will get:

Error from server (NotFound): secrets "admin-user" not found
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .