介绍


我们用程序调用Kubernetes API 时,需要使用Kubernetes的Token
Service Account 对象的作用,就是 Kubernetes 系统内置的一种“服务账户”,它是 Kubernetes 进行权限分配的对象。比如, Service Account A,可以只被允许对 Kubernetes API 进行 GET 操作,而 Service Account B,则可以有 Kubernetes API 的所有操作权限。

创建 kubernetes.io/service-account-token


创建一个k8s-admin.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

应用k8s-admin.yaml配置


kubectl apply -f k8s-admin.yaml

获取admin-token名字

[root@k8s-master01 token]# kubectl get secret -n kube-system|grep admin
dashboard-admin-token-slc8x                      kubernetes.io/service-account-token   3      2m

查询token内容


kubectl describe secret dashboard-admin-token-slc8x -n kube-system
Name:         dashboard-admin-token-slc8x
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: c1b01bec-c8a8-49b8-8199-c609d525e555

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlE3MDhCbHxxxxxxxxxx

token: eyJhbGciOiJSUzI1NiIsImtpZCI6IlE3MDhCbHxxxxxxxxxx
由于token过长,这里用xxx代替

最后将token与APISERVER地址返回内容复制到程序主机内, 供脚本使用.

CSDN_码404:如何获取k8s admin token?
https://www.code404.icu/1401.html

Logo

开源、云原生的融合云平台

更多推荐