jumpserver管理k8s集群(token认证)
1.创建集群权限的SA ,并绑定ClusterRole:cluster-admincat jumpserver-admin.yamlapiVersion: v1kind: ServiceAccountmetadata:name: jumpserver-adminnamespace: kube-system---kind: ClusterRoleBindingapiVersion: rbac.aut
·
1.创建集群权限的SA ,并绑定ClusterRole:cluster-admin
cat jumpserver-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jumpserver-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jumpserver-admin
subjects:
- kind: ServiceAccount
name: jumpserver-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
2.查看创建的sa
kubectl get sa -n kube-system jumpserver-admin
kubectl get secrets -n kube-system jumpserver-admin-token-rpdvt
3.获取jumpserver-admin token
kubectl get secrets -n kube-system jumpserver-admin-token-rpdvt -o jsonpath={.data.token}
ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnJkV0psTFhONWMzUmxiU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVmpjbVYwTG01aGJXVWlPaUpxZFcxd2MyVnlkbVZ5TFdGa2JXbHVMWFJ2YTJWdUxYSndaSFowSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW1wMWJYQnpaWEoyWlhJdFlXUnRhVzRpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUppTW1NMVkySXpOaTFtWXpBNUxURXhaV0l0WW1OaVpDMW1ZVEUyTTJVNE1URmlZelVpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmEzVmlaUzF6ZVhOMFpXMDZhblZ0Y0hObGNuWmxjaTFoWkcxcGJpSjkuQjluVGxUOXlBdVdFdkRTRWZxTndFVk5VWW1PZzFiSFN5ajgxQjl61ZG13MWdWMDhtOVJwUXZ6YUhuY3lOcmhMa0d5OUVRM0EzOEtkbDczU2t0NW5nZVRVUXpSRGJnUVFQV0tFb0pQSkZMWGFtcDlhbkVUb1B1ZURBOU42UWw4UXprT3QwSGhoRldRYXM3LWRieWdTR09GUzhQTmJHOWlNRl9mMUQ1c0pDRUwxckFYNVpLbEdFVFc0ekliTmFZU25CeDQtU3FCMVNDUWhYc2txSVAwwwZnA3RjJhejBSVXdLM1dNdFAzUmRDeEpLaW9vbEJIVV9DRUVXZks4UzRSUmhtdWZaTzY0OXhCYWl5WF92YzdkUzZERDdmNDhzTk1YOTlxRDU2TzJmNExMZzlEY0hQSWhFOFJVYUI1WXlXMXhiT3QzaXRONXBvWWk4dVptUWlTc2lSMm5B
4.token转码
kubectl get secrets -n kube-system jumpserver-admin-token-rpdvt -o jsonpath={.data.token} |base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImty1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiO33iJqdW1wc2VydmVyLWFkbWluLXRva2VuLXJwZHZ0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imp1bXBzZXJ2ZXItYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMmM1Y2IzNi1mYzA5LTExZWItYmNiZC1mYTE2M2U4MTFiYzUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06anVtcHNlcnZlci1hZG1pbiJ9.B9nTlT9yAuWEvDSEfqNwEVNUYmOg1bHSyj81B9zdmw1gV08m9RpQvzaHn3cyNrhLkGy9EQ3A38Kdl73Skt5ngeTUQzRDbgQQPWKEoJPJFLXamp9anEToPueDA9N6Ql8QzkOt0HhhFWQas7-dbygSGOFS8PNbG9iMF_f1D5sJCEL1rAX5ZKlGETW4zIbNaYSnBx4-SqB1SCQhXskqIP0fp7F2az0RUwK3WMtP3RdCxJKioolBHU_CEEWfK8S4RRhmufZO649xBaiyX_vc7dS6DD7fw48sNMX99qD56O2f4LLg9DcHPIhE8RUaB5YyW1xbOt3itN5poYi8uZmQiSsiR2nA
5.使用token访问集群测试
curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImty1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiO33iJqdW1wc2VydmVyLWFkbWluLXRva2VuLXJwZHZ0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imp1bXBzZXJ2ZXItYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMmM1Y2IzNi1mYzA5LTExZWItYmNiZC1mYTE2M2U4MTFiYzUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06anVtcHNlcnZlci1hZG1pbiJ9.B9nTlT9yAuWEvDSEfqNwEVNUYmOg1bHSyj81B9zdmw1gV08m9RpQvzaHn3cyNrhLkGy9EQ3A38Kdl73Skt5ngeTUQzRDbgQQPWKEoJPJFLXamp9anEToPueDA9N6Ql8QzkOt0HhhFWQas7-dbygSGOFS8PNbG9iMF_f1D5sJCEL1rAX5ZKlGETW4zIbNaYSnBx4-SqB1SCQhXskqIP0fp7F2az0RUwK3WMtP3RdCxJKioolBHU_CEEWfK8S4RRhmufZO649xBaiyX_vc7dS6DD7fw48sNMX99qD56O2f4LLg9DcHPIhE8RUaB5YyW1xbOt3itN5poYi8uZmQiSsiR2nA' https://kmaster-vapi:8443/healthz
ok
可以看到使用token访问k8s集群返回成功。
6.配置jumpserver
登陆成功
更多推荐
已为社区贡献10条内容
所有评论(0)