环境
K8S版本:v1.21.2
方法一:使用证书
权限:可访问所有资源
将Master节点的/etc/kubernetes/admin.conf拷贝到$HOME/.kube/config
方法二:使用ServiceAccount
权限:可访问所有资源
- 创建ServiceAccount并授权
cat << EOF > serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: my-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my-admin-clusterrolebinding
subjects:
- kind: ServiceAccount
name: my-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
EOF
kubectl create -f serviceaccount.yaml
会创建一个名为my-admin的ServiceAccount,并授权给名为cluster-admin的集群内置ClusterRole
- 获取Token
kubectl get secret \
$(kubectl get ServiceAccount my-admin -n kube-system -o jsonpath='{.secrets[0].name}') \
-n kube-system -o jsonpath='{.data.token}' | base64 -d
此Token可用于K8S集群访问认证
网友评论