当前位置: 首页 > news >正文

K8S获取连接token

news 2025/8/2 21:34:13

1、创建一个具有管理员权限的账户

下载或拷贝文件到主机上,vi k8s-admin.yml

---
apiVersion: v1
kind: ServiceAccount
metadata:name: dashboard-adminnamespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: dashboard-admin
subjects:- kind: ServiceAccountname: dashboard-adminnamespace: kube-system
roleRef:kind: ClusterRolename: cluster-adminapiGroup: rbac.authorization.k8s.io

# kubectl apply -f k8s-admin.yml 

# kubectl apply -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
error: unable to recognize "k8s-admin.yaml": no matches for kind "ClusterRoleBinding" in version "rbac.authorization.k8s.io/v1beta1"

报错,将rbac.authorization.k8s.io/v1beta1修改为rbac.authorization.k8s.io/v1

这是版本不一致的问题。修改完后,继续执行。 

# kubectl -n kube-system get sa dashboard-admin -o yaml

生成一个secrets.

# kubectl apply -f k8s-admin.yml 
serviceaccount/dashboard-admin created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
# kubectl -n kube-system get sa dashboard-admin -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"dashboard-admin","namespace":"kube-system"}}creationTimestamp: "2023-08-28T06:33:09Z"name: dashboard-adminnamespace: kube-systemresourceVersion: "15785"uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb
secrets:
- name: dashboard-admin-token-v2lqr

2、获取新建账户的token

通过获取secrets的值,得到token值

# kubectl describe secret dashboard-admin-token-v2lqr  -n kube-system
Name:         dashboard-admin-token-v2lqr
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-adminkubernetes.io/service-account.uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdbType:  kubernetes.io/service-account-tokenData
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IndoSkNITi05Zmo4eXkxbFQ2QXd3dlI4TWNWYUNmTFhNQ3FGcDk3b0ZCSTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdjJscXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGMxYjZhYWMtMjYyMC00M2VlLTkzYzItMWQ0NDkwYWU2YmRiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.GpgsEjwlatbMLVHNmiOJ2NoNiQ7Dxmhy5w-6RsieoYqZh2OYhsZ4oIIMJv0qAYvt6Ynogm-0okrvXW6bsMaUS1vlNzlH2hrkriMZ8hTGKWLL-rAHu7A6HDGOnJwrmuicmyzTCm9v-38Sbp256X3F9dgWPYilf5CADxxXStJA7mV75R2QTcb9UauwvFU6LX4cXoOp63E7YCntAJqMPLNL4sLtKX2FhadOnqsuihzpxSKnse7feew4uFvaW4Yd2eF1dkHsg9RRs18CeUwKedNBCpA5GaFWcA09i9FPeP-Yezl4Hp5wXcdWmI9cyWuQ1Ku4XZSqM0422xujki8ns6pSMg

获取masterurl信息,能看到具体的ip:6443端口

$ kubectl describe svc kubernetes
Name:              kubernetes
Namespace:         default
Labels:            component=apiserverprovider=kubernetes
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                172.96.0.1
IPs:               172.96.0.1
Port:              https  443/TCP
TargetPort:        6443/TCP
Endpoints:         xx.xx.xx.xx:6443
Session Affinity:  None
Events:            <none>

编写代码测试连接

package com.sk.asia.k8s.api.service;import io.fabric8.kubernetes.api.model.NamespaceList;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;public class ApiService {public static void  main(String[] args){String base64Token = "eyJhlc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYX-----token------qwUsVtPbwQV2-mnRPK43Eond-Hu8VyoEeRnU10gNl055EC4tg";String masterUrl = "https://xx.xx.xx.xx:6443";Config config = new ConfigBuilder().withTrustCerts(true).withMasterUrl(masterUrl).withOauthToken(base64Token).build();KubernetesClient client = new DefaultKubernetesClient(config);NamespaceList namespaceList = client.namespaces().list();namespaceList.getItems().forEach(namespace ->System.out.println(namespace.getMetadata().getName() + ":" + namespace.getStatus().getPhase()));}
}

运行结果

SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
default:Active
kube-flannel:Active
kube-node-lease:Active
kube-public:Active
kube-system:Active
kuboard:ActiveProcess finished with exit code 0

http://www.lryc.cn/news/154123.html

相关文章:

  • CountDownLatch原理-(主线程等待子线程结束再执行)
  • mybatis源码学习-3-解析器模块
  • 解决微信小程序recycle-view使用百分比单位控制宽高时出现的内容溢出问题
  • 如何使用蚂蚁集团自动化混沌工程 ChaosMeta 做 OceanBase 攻防演练?
  • 在 Node.js 中使用 MongoDB 事务
  • IntelliJ IDEA的远程开发(Remote Development)
  • 网络安全-信息收集简介
  • 页面页脚部分CSS分享
  • 微信小程序slot插槽的介绍,以及如何通过uniapp使用动态插槽
  • l8-d6 socket套接字及TCP的实现框架
  • ChatGPT AIGC 完成动态堆积面积图实例
  • 虹科产线实时数采检测方案——高速采集助力智能化升级
  • 用迅为RK3568开发板使用OpenCV处理图像颜色通道提取ROI
  • 低压配电室电力安全解决方案
  • 【Windows 常用工具系列 11 -- 笔记本F5亮度调节关闭】
  • Python小知识 - 【Python】如何使用Pytorch构建机器学习模型
  • 使用Akka的Actor模拟Spark的Master和Worker工作机制
  • 文心一言api接入如何在你的项目里使用文心一言
  • Python匿名函数lambda(R与Python第五篇)
  • 【2023校园招聘】 钉钉AI应用开发平台开始校招拉~
  • Linux系统gdb调试常用命令
  • Sumo中Traci.trafficlight详解(上)
  • 手写Mybatis:第13章-通过注解配置执行SQL语句
  • spring security - 快速整合 springboot
  • NPM 常用命令(二)
  • ctfhub ssrf(3关)
  • 跨源资源共享(CORS)Access-Control-Allow-Origin
  • 【嵌入式软件开发 】学习笔记
  • CentOS 7上安装Python 3.11.5,支持Django
  • COMPFEST 15H「组合数学+容斥」