K8S获取连接token

1、创建一个具有管理员权限的账户

下载或拷贝文件到主机上,vi k8s-admin.yml

bash 复制代码
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

kubectl apply -f k8s-admin.yml

bash 复制代码
# kubectl apply -f k8s-admin.yaml 
serviceaccount/dashboard-admin created
error: unable to recognize "k8s-admin.yaml": no matches for kind "ClusterRoleBinding" in version "rbac.authorization.k8s.io/v1beta1"

报错,将rbac.authorization.k8s.io/v1beta1修改为rbac.authorization.k8s.io/v1

这是版本不一致的问题。修改完后,继续执行。

kubectl -n kube-system get sa dashboard-admin -o yaml

生成一个secrets.

bash 复制代码
# kubectl apply -f k8s-admin.yml 
serviceaccount/dashboard-admin created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
# kubectl -n kube-system get sa dashboard-admin -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"dashboard-admin","namespace":"kube-system"}}
  creationTimestamp: "2023-08-28T06:33:09Z"
  name: dashboard-admin
  namespace: kube-system
  resourceVersion: "15785"
  uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb
secrets:
- name: dashboard-admin-token-v2lqr

2、获取新建账户的token

通过获取secrets的值,得到token值

bash 复制代码
# kubectl describe secret dashboard-admin-token-v2lqr  -n kube-system
Name:         dashboard-admin-token-v2lqr
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IndoSkNITi05Zmo4eXkxbFQ2QXd3dlI4TWNWYUNmTFhNQ3FGcDk3b0ZCSTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdjJscXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGMxYjZhYWMtMjYyMC00M2VlLTkzYzItMWQ0NDkwYWU2YmRiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.GpgsEjwlatbMLVHNmiOJ2NoNiQ7Dxmhy5w-6RsieoYqZh2OYhsZ4oIIMJv0qAYvt6Ynogm-0okrvXW6bsMaUS1vlNzlH2hrkriMZ8hTGKWLL-rAHu7A6HDGOnJwrmuicmyzTCm9v-38Sbp256X3F9dgWPYilf5CADxxXStJA7mV75R2QTcb9UauwvFU6LX4cXoOp63E7YCntAJqMPLNL4sLtKX2FhadOnqsuihzpxSKnse7feew4uFvaW4Yd2eF1dkHsg9RRs18CeUwKedNBCpA5GaFWcA09i9FPeP-Yezl4Hp5wXcdWmI9cyWuQ1Ku4XZSqM0422xujki8ns6pSMg

获取masterurl信息,能看到具体的ip:6443端口

bash 复制代码
$ kubectl describe svc kubernetes
Name:              kubernetes
Namespace:         default
Labels:            component=apiserver
                   provider=kubernetes
Annotations:       <none>
Selector:          <none>
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                172.96.0.1
IPs:               172.96.0.1
Port:              https  443/TCP
TargetPort:        6443/TCP
Endpoints:         xx.xx.xx.xx:6443
Session Affinity:  None
Events:            <none>

编写代码测试连接

bash 复制代码
package com.sk.asia.k8s.api.service;


import io.fabric8.kubernetes.api.model.NamespaceList;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;

public class ApiService {
    public static void  main(String[] args){
        String base64Token = "eyJhlc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYX-----token------qwUsVtPbwQV2-mnRPK43Eond-Hu8VyoEeRnU10gNl055EC4tg";

        String masterUrl = "https://xx.xx.xx.xx:6443";
        Config config = new ConfigBuilder()
                .withTrustCerts(true)
                .withMasterUrl(masterUrl)
                .withOauthToken(base64Token)
                .build();

        KubernetesClient client = new DefaultKubernetesClient(config);
        NamespaceList namespaceList = client.namespaces().list();
        namespaceList.getItems()
                .forEach(namespace ->
                        System.out.println(namespace.getMetadata().getName() + ":" + namespace.getStatus().getPhase()));
    }
}

运行结果

bash 复制代码
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
default:Active
kube-flannel:Active
kube-node-lease:Active
kube-public:Active
kube-system:Active
kuboard:Active

Process finished with exit code 0
相关推荐
菩提树下的凡夫6 分钟前
瑞芯微RV1126目标识别算法Yolov8的部署应用
java·算法·yolo
zyplanke13 分钟前
Kubernetes(四):Service
云原生·容器·kubernetes·k8s
爱隐身的官人15 分钟前
新后端漏洞(上)- Java RMI Registry反序列化漏洞
java·反序列化漏洞
叫我阿柒啊19 分钟前
从Java全栈到前端框架:一次真实的面试对话与技术解析
java·javascript·typescript·vue·springboot·react·前端开发
晚安里28 分钟前
Spring 框架(IoC、AOP、Spring Boot) 的必会知识点汇总
java·spring boot·spring
爱隐身的官人39 分钟前
新后端漏洞(上)- Aapache Tomcat AJP 文件包含漏洞(CVE-2020-1938)
java·tomcat·ajp
@CLoudbays_Martin111 小时前
为什么动态视频业务内容不可以被CDN静态缓存?
java·运维·服务器·javascript·网络·python·php
四谎真好看1 小时前
Java 学习笔记(进阶篇2)
java·笔记·学习
上官浩仁1 小时前
springboot ioc 控制反转入门与实战
java·spring boot·spring
叫我阿柒啊2 小时前
从Java全栈到前端框架:一位程序员的实战之路
java·spring boot·微服务·消息队列·vue3·前端开发·后端开发