apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

UI: add step to create bearer token for kubernetes dashboard (#7764)

Browse Source 
Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. see https://github.com/kubernetes/kubernetes/pull/108309

To access kubernetes dashboard, users need to create a service account and an optional long-lived Bearer Token for the service account.
This commit is contained in:
Wei Zhou 2023-07-25 09:32:58 +08:00 committed by GitHub
parent 63216425d5
commit 6dd2ce86b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ui/public/locales/en.json
View File

@ -1093,6 +1093,8 @@
"label.kubernetes.cluster.stop": "Stop Kubernetes cluster", "label.kubernetes.cluster.stop": "Stop Kubernetes cluster",
"label.kubernetes.cluster.upgrade": "Upgrade Kubernetes cluster", "label.kubernetes.cluster.upgrade": "Upgrade Kubernetes cluster",
"label.kubernetes.dashboard": "Kubernetes dashboard UI", "label.kubernetes.dashboard": "Kubernetes dashboard UI",
"label.kubernetes.dashboard.create.token": "Create token for Kubernetes dashboard",
"label.kubernetes.dashboard.create.token.desc": "Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. You need to create a service account and an optional long-lived Bearer Token for the service account.",
"label.kubernetes.isos": "Kubernetes ISOs", "label.kubernetes.isos": "Kubernetes ISOs",
"label.kubernetes.service": "Kubernetes service", "label.kubernetes.service": "Kubernetes service",
"label.kubernetes.version.add": "Add Kubernetes version", "label.kubernetes.version.add": "Add Kubernetes version",

5
ui/src/views/compute/KubernetesServiceTab.vue
View File

@ -79,6 +79,11 @@
<a href="http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"><code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></a> <a href="http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"><code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></a>
</p> </p>
</a-timeline-item> </a-timeline-item>
<a-timeline-item>
<p v-html="$t('label.kubernetes.dashboard.create.token')"></p>
<p v-html="$t('label.kubernetes.dashboard.create.token.desc')"></p>
<a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: kubernetes-dashboard-admin-user\n namespace: kubernetes-dashboard\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: kubernetes-dashboard-admin-user\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n name: kubernetes-dashboard-admin-user\n namespace: kubernetes-dashboard\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n name: kubernetes-dashboard-token\n namespace: kubernetes-dashboard\n annotations:\n kubernetes.io/service-account.name: kubernetes-dashboard-admin-user\nEOF'" :rows="10" readonly />
</a-timeline-item>
<a-timeline-item> <a-timeline-item>
<p> <p>
{{ $t('label.token.for.dashboard.login') }}<br><br> {{ $t('label.token.for.dashboard.login') }}<br><br>