7

We have created kubernetes dashboard using below command.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

kubectl patch svc -n kubernetes-dashboard kubernetes-dashboard --type='json' -p '[{"op":"replace","path":"/spec/type","value":"NodePort"}]'

created dashboard-adminuser.yaml file like below.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

Created ClusterRoleBinding.yaml file like below

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

And then run the below command at the end we got a token to login dashboard.

kubectl apply -f dashboard-adminuser.yaml
kubectl apply -f ClusterRoleBinding.yaml
kubectl -n kubernetes-dashboard create token admin-user

But the problem is the token which we generated got expired in one hour. We couldn't able to use the same token again, if dashboard logged out.

So can we create a token without expiry or at least minimum 6 months?

What is the command/procedure to create a token for long time use?

And one more thing is that can now we are accessing kubernetes dashboard like below in outside.

https://server_ip_address:PORT_NUMBER

Now we want to open the kubernetes dashboard using our website URL like below and it should login automatically to the dashboard.

https://my-domain-name.com/kubernetes-dashboard/{kubernetes-dashboard-goto-url}

Vignesh Kumar
  • 99
  • 1
  • 4

1 Answers1

6

you can set --duration=0s:

    --duration=0s:
    Requested lifetime of the issued token. The server may return a token with a longer or shorter lifetime.

so this should work

kubectl -n kubernetes-dashboard create token admin-user --duration=times

you can check the further option

kubectl  create token --help

kubectl-commands--toke

After play around with token, it seems like the maximum expiration is 720h.

kubectl create token default --duration=488h --output yaml

and the output shows

kind: TokenRequest
metadata:
  creationTimestamp: null
spec:
  audiences:
  - https://container.googleapis.com/v1/projects/test/clusters/test
  boundObjectRef: null
  expirationSeconds: **172800**
status:
  expirationTimestamp: "2022-08-21T12:37:02Z"
  token: eyJhbGciOiJSUzI1N....

So the other option is to go with kubeconfig as the dashboard also accepts config.

dashboard-auth-kubeconfig

Adiii
  • 54,482
  • 7
  • 145
  • 148
  • 1
    The maximum duration of 48h does not apply for me. I tried 720h and it worked. – John Jan 18 '23 at 13:17
  • could be distro dependend, but for me there is no limit, at least it works for +100 years didn't tried more – cinatic Jul 29 '23 at 10:13