1.获取 api server 的地址
直接查看 kubeconfig 配置文件或者 kubectl config
,查看 api server 地址
$kubectl config view |grep server
server: https://172.26.1.199:6443
2.确定 pod 的 service account
#查找目标 pod
$kubectl get pod |grep flink
flinkjm-5866b5496c-2dtz8 1/1 Running 0 2d17h
flinktm-7dbf7d7599-6b4nc 1/1 Running 0 2d17h
flinktm-7dbf7d7599-b78m6 1/1 Running 0 2d17h
#查看指定 pod 的详情
$kubectl describe pod flinkjm-5866b5496c-2dtz8
Name: flinkjm-5866b5496c-2dtz8
Namespace: default
Priority: 1000000
Priority Class Name: high-priority
Node: worker-0007/172.26.1.20
Start Time: Sat, 14 May 2022 09:02:21 +0000
Labels: app=flink
component=jobmanager
pod-template-hash=5866b5496c
Annotations: metrics.alpha.kubernetes.io/custom-endpoints: [{"api":"prometheus", "path":"/metrics", "port":"8080"}]
Status: Running
IP: 10.244.0.165
IPs:
IP: 10.244.0.165
Controlled By: ReplicaSet/flinkjm-5866b5496c
Containers:
jobmanager:
Container ID: docker://e0fb458703a8727786a28f453abd27c2f029aa19692edfe79cca81997afe992f
Image: 172.26.1.199:5000/test/flink:2022.0510.1528.08
省略...
Mounts:
#serveraccount是serviceaccount-test,token是serviceaccount-test-token-g5nwg
/var/run/secrets/kubernetes.io/serviceaccount from serviceaccount-test-token-g5nwg (ro)
3.获取指定 service account 的 token
#查看 serviceaccount
$kubectl describe sa serviceaccount-test
Name: serviceaccount-test
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: serviceaccount-test-token-g5nwg
Tokens: serviceaccount-test-token-g5nwg
#查看指定 token
kubectl describe secrets serviceaccount-test-token-g5nwg
Name: serviceaccount-test-token-g5nwg
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: serviceaccount-test
kubernetes.io/service-account.uid: 4afeee68-df7c-4980-a62a-c7716f6d9c1e
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 3 bytes
token: aaaaabbbbbbccccccdddddxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
4.利用 curl 命令获取资源
下面以 configmap 为例
$curl -k --location --request GET 'https://172.26.1.199:6443/api/v1/namespaces/default/configmaps/test-restserver-leader' --header 'Authorization: Bearer aaaaabbbbbbccccccdddddxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
{
"kind": "ConfigMap",
"apiVersion": "v1",
"metadata": {
"name": "test-restserver-leader",
"namespace": "default",
"uid": "7ba427cd-0557-4ac3-9ddf-c47999f7e01c",
"resourceVersion": "7666109",
"creationTimestamp": "2022-04-26T01:54:19Z",
"labels": {
"app": "test",
"configmap-type": "high-availability",
"type": "flink-native-kubernetes"
},
"annotations": {
"control-plane.alpha.kubernetes.io/leader": "{\"holderIdentity\":\"b9c66fc7-c897-4175-90ca-10876c619d73\",\"leaseDuration\":15.000000000,\"acquireTime\":\"2022-05-14T09:03:06.587000Z\",\"renewTime\":\"2022-05-17T03:03:16.652000Z\",\"leaderTransitions\":47523}"
}
},
"data": {
"address": "http://10.244.1.7:8091",
"sessionId": "5e9ba0d3-fa23-491d-949a-82cb5b3c2fb8"
}
}
网友评论