K8S获取连接token

1、创建一个具有管理员权限的账户

下载或拷贝文件到主机上,vi k8s-admin.yml

bash 复制代码
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

kubectl apply -f k8s-admin.yml

bash 复制代码
# kubectl apply -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
error: unable to recognize "k8s-admin.yaml": no matches for kind "ClusterRoleBinding" in version "rbac.authorization.k8s.io/v1beta1"

报错,将rbac.authorization.k8s.io/v1beta1修改为rbac.authorization.k8s.io/v1

这是版本不一致的问题。修改完后,继续执行。

kubectl -n kube-system get sa dashboard-admin -o yaml

生成一个secrets.

bash 复制代码
# kubectl apply -f k8s-admin.yml 
serviceaccount/dashboard-admin created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
# kubectl -n kube-system get sa dashboard-admin -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"dashboard-admin","namespace":"kube-system"}}
  creationTimestamp: "2023-08-28T06:33:09Z"
  name: dashboard-admin
  namespace: kube-system
  resourceVersion: "15785"
  uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb
secrets:
- name: dashboard-admin-token-v2lqr

2、获取新建账户的token

通过获取secrets的值,得到token值

bash 复制代码
# kubectl describe secret dashboard-admin-token-v2lqr  -n kube-system
Name:         dashboard-admin-token-v2lqr
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IndoSkNITi05Zmo4eXkxbFQ2QXd3dlI4TWNWYUNmTFhNQ3FGcDk3b0ZCSTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdjJscXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGMxYjZhYWMtMjYyMC00M2VlLTkzYzItMWQ0NDkwYWU2YmRiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.GpgsEjwlatbMLVHNmiOJ2NoNiQ7Dxmhy5w-6RsieoYqZh2OYhsZ4oIIMJv0qAYvt6Ynogm-0okrvXW6bsMaUS1vlNzlH2hrkriMZ8hTGKWLL-rAHu7A6HDGOnJwrmuicmyzTCm9v-38Sbp256X3F9dgWPYilf5CADxxXStJA7mV75R2QTcb9UauwvFU6LX4cXoOp63E7YCntAJqMPLNL4sLtKX2FhadOnqsuihzpxSKnse7feew4uFvaW4Yd2eF1dkHsg9RRs18CeUwKedNBCpA5GaFWcA09i9FPeP-Yezl4Hp5wXcdWmI9cyWuQ1Ku4XZSqM0422xujki8ns6pSMg

获取masterurl信息,能看到具体的ip:6443端口

bash 复制代码
$ kubectl describe svc kubernetes
Name:              kubernetes
Namespace:         default
Labels:            component=apiserver
                   provider=kubernetes
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                172.96.0.1
IPs:               172.96.0.1
Port:              https  443/TCP
TargetPort:        6443/TCP
Endpoints:         xx.xx.xx.xx:6443
Session Affinity:  None
Events:            <none>

编写代码测试连接

bash 复制代码
package com.sk.asia.k8s.api.service;


import io.fabric8.kubernetes.api.model.NamespaceList;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;

public class ApiService {
    public static void  main(String[] args){
        String base64Token = "eyJhlc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYX-----token------qwUsVtPbwQV2-mnRPK43Eond-Hu8VyoEeRnU10gNl055EC4tg";

        String masterUrl = "https://xx.xx.xx.xx:6443";
        Config config = new ConfigBuilder()
                .withTrustCerts(true)
                .withMasterUrl(masterUrl)
                .withOauthToken(base64Token)
                .build();

        KubernetesClient client = new DefaultKubernetesClient(config);
        NamespaceList namespaceList = client.namespaces().list();
        namespaceList.getItems()
                .forEach(namespace ->
                        System.out.println(namespace.getMetadata().getName() + ":" + namespace.getStatus().getPhase()));
    }
}

运行结果

bash 复制代码
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
default:Active
kube-flannel:Active
kube-node-lease:Active
kube-public:Active
kube-system:Active
kuboard:Active

Process finished with exit code 0
相关推荐
敲代码的小王!1 小时前
MD5加密算法和BCrypt密码加密算法
java·算法·安全
drebander4 小时前
Docker 安全基础:权限、用户、隔离机制
安全·docker·容器
Marcel1116 小时前
WSL2使用Kind创建K8S集群时出现IPV6网络创建失败
云原生·kubernetes·kind
罗政6 小时前
冒险岛079 V8 整合版源码搭建教程+IDEA启动
java·ide·intellij-idea
架构默片7 小时前
【JAVA工程师从0开始学AI】,第五步:Python类的“七十二变“——当Java的铠甲遇见Python的液态金属
java·开发语言·python
不只会拍照的程序猿7 小时前
从插入排序到希尔排序
java·开发语言·数据结构·算法·排序算法
柳鲲鹏8 小时前
docker push镜像到阿里云
阿里云·docker·容器
我荔枝呢!8 小时前
Java中的hashCode和equals方法之间有什么联系
java·开发语言·equals·hashcode
望未来无悔9 小时前
系统学习算法:专题十一 floodfill算法
java·算法
黑客老李9 小时前
新手小白如何挖掘cnvd通用漏洞之存储xss漏洞(利用xss钓鱼)
java·运维·服务器·前端·xss