Kubernetes Dashboard Static Password FIle uer cannot list

Question

I had tried Access-control#admin-privileges to use dashboard and it works. Then I tried Static Password File to login dashboard.

I added --basic-auth-file= to /etc/kubernetes/manifests/kube-apiserver.yaml, added --authentication-mode=basic to dashboard; then restarted kubelet.

The content of passowrd file is something like this:

admin123,admin,admin

When I login dashboard as admin/admin identity, there is no common information but a lot of error messages shown:

persistentvolumeclaims is forbidden: User "admin" cannot list persistentvolumeclaims in the namespace "default"
configmaps is forbidden: User "admin" cannot list configmaps in the namespace "default"
...

Seems the privilege of admin user was not enough, did I miss anything?

score 0 · Accepted Answer · answered May 18 '18 at 14:57

0

If you use rbac, try to give admin a proper clusterrole, like 'view', or you can give admin priviledge in abac.jsonl file.

answered May 18 '18 at 14:57

Kun Li

2,570
10
15

kubectl create clusterrolebinding admin --clusterrole=admin --user=admin – gavinlin May 21 '18 at 08:02
The above command creates a user call admin with admin privilege(clusterrole). – gavinlin May 21 '18 at 08:03

Kubernetes Dashboard Static Password FIle uer cannot list

1 Answers1