UI: add step to create bearer token for kubernetes dashboard (#7764)

weizhouapache · web-flow · commit 6dd2ce86b53e · 2023-07-25T03:32:58.000+02:00
Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. see kubernetes/kubernetes#108309 To access kubernetes dashboard, users need to create a service account and an optional long-lived Bearer Token for the service account.
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
@@ -1093,6 +1093,8 @@
 "label.kubernetes.cluster.stop": "Stop Kubernetes cluster",
 "label.kubernetes.cluster.upgrade": "Upgrade Kubernetes cluster",
 "label.kubernetes.dashboard": "Kubernetes dashboard UI",
+"label.kubernetes.dashboard.create.token": "Create token for Kubernetes dashboard",
+"label.kubernetes.dashboard.create.token.desc": "Since Kubernetes v1.24.0, there is no auto-generation of secret-based service account token due to security reason. You need to create a service account and an optional long-lived Bearer Token for the service account.",
 "label.kubernetes.isos": "Kubernetes ISOs",
 "label.kubernetes.service": "Kubernetes service",
 "label.kubernetes.version.add": "Add Kubernetes version",
diff --git a/ui/src/views/compute/KubernetesServiceTab.vue b/ui/src/views/compute/KubernetesServiceTab.vue
@@ -79,6 +79,11 @@
                 <a href="http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"><code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></a>
               </p>
             </a-timeline-item>
+            <a-timeline-item>
+              <p v-html="$t('label.kubernetes.dashboard.create.token')"></p>
+              <p v-html="$t('label.kubernetes.dashboard.create.token.desc')"></p>
+              <a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: kubernetes-dashboard-admin-user\n  namespace: kubernetes-dashboard\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: kubernetes-dashboard-admin-user\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kubernetes-dashboard-admin-user\n  namespace: kubernetes-dashboard\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n  name: kubernetes-dashboard-token\n  namespace: kubernetes-dashboard\n  annotations:\n    kubernetes.io/service-account.name: kubernetes-dashboard-admin-user\nEOF'" :rows="10" readonly />
+            </a-timeline-item>
             <a-timeline-item>
               <p>
                 {{ $t('label.token.for.dashboard.login') }}<br><br>
