k8s1.12.3集群使用token访问api

32次阅读

共计 866 个字符,预计需要花费 3 分钟才能阅读完成。

1. 开启相关参数
KUBE_API_ARGS=”–service-node-port-range=30000-32767 –enable-swagger-ui=true –apiserver-count=3 –audit-log-maxage=30 –audit-log-maxbackup=3 –audit-log-maxsize=100 –audit-log-path=/var/log/k8s/audit.log –event-ttl=1h”
2. 创建用户,给 cluster—admin 角色,执行(kubectl create -f“yaml 文件名”)
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ecdataapi
subjects:
– kind: ServiceAccount
name: ecdataapi
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
3. 获取 token
kubectl get secret -n kube-system|grep admin
kubectl describe secret“上条命令执行结果(例:ecdataapi-token-9w7zj)”-n kube-system

4. 拿到 token 后,postman(6.7.1)中
file>settings>General>ssl certficate verification 关闭

5. 获取服务地址
kubectl cluster-info
获取地址后复制地址到 postman,将刚才生成的 token 复制到 Authorization>type>bearer-Token
6. 访问目标地址

正文完
 0