http访问K8s集群
1.创建ServiceAccountkubectl create sa apiviewer -n trainingserviceaccount/apiviewer created2.查看Secretkubectl get sa apiviewer -ojson -n training{"apiVersion": "v1","kind": "ServiceAccount","metadata": {
·
1.创建ServiceAccount
kubectl create sa apiviewer -n training
serviceaccount/apiviewer created
2.查看Secret
kubectl get sa apiviewer -ojson -n training
{
"apiVersion": "v1",
"kind": "ServiceAccount",
"metadata": {
"creationTimestamp": "2019-05-27T08:09:56Z",
"name": "apiviewer",
"namespace": "default",
"resourceVersion": "16750207",
"selfLink": "/api/v1/namespaces/default/serviceaccounts/apiviewer",
"uid": "d078f034-8056-11e9-99bc-0050568417a2"
},
"secrets": [
{
"name": "apiviewer-token-z5bpq"
}
]
}
3.查看Secretes值
kubectl describe secret apiviewer-token-z5bpq -n training
Name: apiviewer-token-z5bpq
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: apiviewer
kubernetes.io/service-account.uid: d078f034-8056-11e9-99bc-0050568417a2
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFwaXZpZXdlci10b2tlbi16NWJwcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhcGl2aWV3ZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkMDc4ZjAzNC04MDU2LTExZTktOTliYy0wMDUwNTY4NDE3YTIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDphcGl2aWV3ZXIifQ.GUd7uCwTntMXhwXEGFvo62tJBTVdI_SNATDIbuxINmbmBI2bjHuQ-whRE5183AXqWiifoM0HjOGoams11f_R2Dtak3fRxPLNRGGFTMyUN1uHmwedPmsAK0GTW0xPgInyIy4SF-uI7lghrpsRzBQ4AmA2AuctwCGdXUC3YuqrZPEnla3HeF6Tz72KpddlgiA3N1T5yvoOHPL4AgQRDPGKJ6L-nEdXumg3BlTWR0ENBNgzAz2eh6RZLRSsKlG0zQ8vhApkMGru7k5a_PKkU3Z3b0ZhKBKmE_LsMJ7bAunr9J9bbG--Id4rnuPpcj1DoJ0ZlJ3G1IP3xTUVncxO_gV4VQ
4.创建ClusterRole、RoleBinding
kubectl create rolebinding apiadmin --clusterrole cluster-admin --serviceaccount training:apiviewer -n training
rolebinding.rbac.authorization.k8s.io/apiadmin created
5.使用Token值,对集群访问
curl -H'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJ0cmFpbmluZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhcGl2aWV3ZXItdG9rZW4tczJwbDkiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYXBpdmlld2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2QyMDBiY2MtYmIzZS00MDgwLTk5M2YtZTFlYTYwN2ZmNzY4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnRyYWluaW5nOmFwaXZpZXdlciJ9.bcnM2ORw7DSKcinL4aGG0M3u5jZJTX0QabmGvsSwHmam-Ov25R26rhpWJBUm7b75JxC6KBnStB_l12bN1F9g7-3w15QyuZzadgNZliaklAXQgEQgwJwlXPPYNFqe8IETI5Y0Joaca-bi0M-3t8hc8rthy_RvO9RqSLWbD2JX1-C66zr_kfB6n6-u6EGBuzwv8FyHTcBYkg03pSjEHZcvLIUkw87ZdE_aJQSd05V0F8UG2_8jWYGpNemTgBMMu15l3QpAjTOblk7aMiwFgf7yMiozC0jUOZX7HlunVoqsXfYCt15nYOLwLeOfB_XOSFulVlDOubV3zFTEokit7D4TeA' https://ip:6443/apis/apps/v1/namespaces/training/deployments
更多推荐
已为社区贡献1条内容
所有评论(0)