kubeadm安装的k8s集群默认需要用户登陆认证,无法直接使用命令curl访问。所以首先的第一步就是获取token。

先找到k8s集群中的dns组件coredns,之前的版本使用的是kube-dns。

[root@k8s-master ~]# kubectl -n kube-system get sa coredns -o yaml

apiVersion: v1

kind: ServiceAccount

metadata:

creationTimestamp: "2019-09-26T12:24:32Z"

name: coredns

namespace: kube-system

resourceVersion: "189"

selfLink: /api/v1/namespaces/kube-system/serviceaccounts/coredns

uid: 5c170ec0-be0e-402b-ac34-aaf08b70a7fb

secrets:

获取dns上token信息并转化格式

[root@k8s-master ~]# kubectl get secret coredns-token-pc955 -n kube-system -o jsonpath={".data.token"} | base64 -d eyJhbGciOiJSUzI1NiIsImtpZCI6IjRrbjlkTHBNQWo3NWF2VHRFbGJUT2piOGJzbVVXbng0OGxidEE0WnoyLUEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjb3JlZG5zLXRva2VuLXBjOTU1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNvcmVkbnMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1YzE3MGVjMC1iZTBlLTQwMmItYWMzNC1hYWYwOGI3MGE3ZmIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06Y29yZWRucyJ9.b1HVmLW8V4DpWENArn9tSr-7krevvXAdbuYyqQUeJRHYcjne8epshPYJlU78MsMT1or_5J9ED-p9AV-a5dugJS0DmtmIslmSBKxuD43ldVOW97FXuAhJ3LCGUKsx91Iq7X_Q7Cfjs-WgvlHE7vFhvVYBH_1Bf7hmbeMZtIFqJRBYapPtzM-pAZzuLTLV2unFfGOH9W2lPiZ83qdKlLWjCZuqUSwlyk686cQVgOXLjA_nyeDvUYjpLXkE4D_oFgTkAokCZrtBhdYVlDf-8dNoa5rsFSMYVK9GBNA_asLIuReF3SjQ7WmUamicER_Iq4ZM_UOn-DQszVHkOqUcyS3mAQ

得到的一长串字符就是token,使用curl访问apiserver带上token就可以了

[root@k8s-master ~]# curl -k -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjRrbjlkTHBNQWo3NWF2VHRFbGJUT2piOGJzbVVXbng0OGxidEE0WnoyLUEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjb3JlZG5zLXRva2VuLXBjOTU1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNvcmVkbnMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1YzE3MGVjMC1iZTBlLTQwMmItYWMzNC1hYWYwOGI3MGE3ZmIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06Y29yZWRucyJ9.b1HVmLW8V4DpWENArn9tSr-7krevvXAdbuYyqQUeJRHYcjne8epshPYJlU78MsMT1or_5J9ED-p9AV-a5dugJS0DmtmIslmSBKxuD43ldVOW97FXuAhJ3LCGUKsx91Iq7X_Q7Cfjs-WgvlHE7vFhvVYBH_1Bf7hmbeMZtIFqJRBYapPtzM-pAZzuLTLV2unFfGOH9W2lPiZ83qdKlLWjCZuqUSwlyk686cQVgOXLjA_nyeDvUYjpLXkE4D_oFgTkAokCZrtBhdYVlDf-8dNoa5rsFSMYVK9GBNA_asLIuReF3SjQ7WmUamicER_Iq4ZM_UOn-DQszVHkOqUcyS3mAQ" https://127.0.0.1:6443/api

{

"kind": "APIVersions",

"versions": [

"v1"

],

"serverAddressByClientCIDRs": [

{

"clientCIDR": "0.0.0.0/0",

"serverAddress": "192.168.10.20:6443"

}

]

}

-k 表示忽略证书验证。

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐