1.创建集群权限的SA ，并绑定ClusterRole：cluster-admin

cat jumpserver-admin.yaml 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jumpserver-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jumpserver-admin
subjects:
  - kind: ServiceAccount
    name: jumpserver-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

2.查看创建的sa

 kubectl  get sa -n kube-system  jumpserver-admin 
 kubectl  get secrets -n kube-system jumpserver-admin-token-rpdvt 

3.获取jumpserver-admin token

kubectl  get secrets -n kube-system jumpserver-admin-token-rpdvt -o jsonpath={.data.token}
ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklpSjkuZXlKcGMzTWlPaUpyZFdKbGNtNWxkR1Z6TDNObGNuWnBZMlZoWTJOdmRXNTBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5dVlXMWxjM0JoWTJVaU9pSnJkV0psTFhONWMzUmxiU0lzSW10MVltVnlibVYwWlhNdWFXOHZjMlZ5ZG1salpXRmpZMjkxYm5RdmMyVmpjbVYwTG01aGJXVWlPaUpxZFcxd2MyVnlkbVZ5TFdGa2JXbHVMWFJ2YTJWdUxYSndaSFowSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXpaWEoyYVdObExXRmpZMjkxYm5RdWJtRnRaU0k2SW1wMWJYQnpaWEoyWlhJdFlXUnRhVzRpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1MWFXUWlPaUppTW1NMVkySXpOaTFtWXpBNUxURXhaV0l0WW1OaVpDMW1ZVEUyTTJVNE1URmlZelVpTENKemRXSWlPaUp6ZVhOMFpXMDZjMlZ5ZG1salpXRmpZMjkxYm5RNmEzVmlaUzF6ZVhOMFpXMDZhblZ0Y0hObGNuWmxjaTFoWkcxcGJpSjkuQjluVGxUOXlBdVdFdkRTRWZxTndFVk5VWW1PZzFiSFN5ajgxQjl61ZG13MWdWMDhtOVJwUXZ6YUhuY3lOcmhMa0d5OUVRM0EzOEtkbDczU2t0NW5nZVRVUXpSRGJnUVFQV0tFb0pQSkZMWGFtcDlhbkVUb1B1ZURBOU42UWw4UXprT3QwSGhoRldRYXM3LWRieWdTR09GUzhQTmJHOWlNRl9mMUQ1c0pDRUwxckFYNVpLbEdFVFc0ekliTmFZU25CeDQtU3FCMVNDUWhYc2txSVAwwwZnA3RjJhejBSVXdLM1dNdFAzUmRDeEpLaW9vbEJIVV9DRUVXZks4UzRSUmhtdWZaTzY0OXhCYWl5WF92YzdkUzZERDdmNDhzTk1YOTlxRDU2TzJmNExMZzlEY0hQSWhFOFJVYUI1WXlXMXhiT3QzaXRONXBvWWk4dVptUWlTc2lSMm5B

4.token转码

kubectl  get secrets -n kube-system jumpserver-admin-token-rpdvt -o jsonpath={.data.token} |base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImty1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiO33iJqdW1wc2VydmVyLWFkbWluLXRva2VuLXJwZHZ0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imp1bXBzZXJ2ZXItYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMmM1Y2IzNi1mYzA5LTExZWItYmNiZC1mYTE2M2U4MTFiYzUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06anVtcHNlcnZlci1hZG1pbiJ9.B9nTlT9yAuWEvDSEfqNwEVNUYmOg1bHSyj81B9zdmw1gV08m9RpQvzaHn3cyNrhLkGy9EQ3A38Kdl73Skt5ngeTUQzRDbgQQPWKEoJPJFLXamp9anEToPueDA9N6Ql8QzkOt0HhhFWQas7-dbygSGOFS8PNbG9iMF_f1D5sJCEL1rAX5ZKlGETW4zIbNaYSnBx4-SqB1SCQhXskqIP0fp7F2az0RUwK3WMtP3RdCxJKioolBHU_CEEWfK8S4RRhmufZO649xBaiyX_vc7dS6DD7fw48sNMX99qD56O2f4LLg9DcHPIhE8RUaB5YyW1xbOt3itN5poYi8uZmQiSsiR2nA

5.使用token访问集群测试

curl -k -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImty1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiO33iJqdW1wc2VydmVyLWFkbWluLXRva2VuLXJwZHZ0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imp1bXBzZXJ2ZXItYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMmM1Y2IzNi1mYzA5LTExZWItYmNiZC1mYTE2M2U4MTFiYzUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06anVtcHNlcnZlci1hZG1pbiJ9.B9nTlT9yAuWEvDSEfqNwEVNUYmOg1bHSyj81B9zdmw1gV08m9RpQvzaHn3cyNrhLkGy9EQ3A38Kdl73Skt5ngeTUQzRDbgQQPWKEoJPJFLXamp9anEToPueDA9N6Ql8QzkOt0HhhFWQas7-dbygSGOFS8PNbG9iMF_f1D5sJCEL1rAX5ZKlGETW4zIbNaYSnBx4-SqB1SCQhXskqIP0fp7F2az0RUwK3WMtP3RdCxJKioolBHU_CEEWfK8S4RRhmufZO649xBaiyX_vc7dS6DD7fw48sNMX99qD56O2f4LLg9DcHPIhE8RUaB5YyW1xbOt3itN5poYi8uZmQiSsiR2nA'  https://kmaster-vapi:8443/healthz
ok

可以看到使用token访问k8s集群返回成功。

6.配置jumpserver

登陆成功