1、创建一个具有管理员权限的账户
下载或拷贝文件到主机上,vi k8s-admin.yml
bash
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
kubectl apply -f k8s-admin.yml
bash
# kubectl apply -f k8s-admin.yaml
serviceaccount/dashboard-admin created
error: unable to recognize "k8s-admin.yaml": no matches for kind "ClusterRoleBinding" in version "rbac.authorization.k8s.io/v1beta1"
报错,将rbac.authorization.k8s.io/v1beta1修改为rbac.authorization.k8s.io/v1
这是版本不一致的问题。修改完后,继续执行。
kubectl -n kube-system get sa dashboard-admin -o yaml
生成一个secrets.
bash
# kubectl apply -f k8s-admin.yml
serviceaccount/dashboard-admin created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
# kubectl -n kube-system get sa dashboard-admin -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"dashboard-admin","namespace":"kube-system"}}
creationTimestamp: "2023-08-28T06:33:09Z"
name: dashboard-admin
namespace: kube-system
resourceVersion: "15785"
uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb
secrets:
- name: dashboard-admin-token-v2lqr
2、获取新建账户的token
通过获取secrets的值,得到token值
bash
# kubectl describe secret dashboard-admin-token-v2lqr -n kube-system
Name: dashboard-admin-token-v2lqr
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: 0c1b6aac-2620-43ee-93c2-1d4490ae6bdb
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IndoSkNITi05Zmo4eXkxbFQ2QXd3dlI4TWNWYUNmTFhNQ3FGcDk3b0ZCSTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdjJscXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMGMxYjZhYWMtMjYyMC00M2VlLTkzYzItMWQ0NDkwYWU2YmRiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.GpgsEjwlatbMLVHNmiOJ2NoNiQ7Dxmhy5w-6RsieoYqZh2OYhsZ4oIIMJv0qAYvt6Ynogm-0okrvXW6bsMaUS1vlNzlH2hrkriMZ8hTGKWLL-rAHu7A6HDGOnJwrmuicmyzTCm9v-38Sbp256X3F9dgWPYilf5CADxxXStJA7mV75R2QTcb9UauwvFU6LX4cXoOp63E7YCntAJqMPLNL4sLtKX2FhadOnqsuihzpxSKnse7feew4uFvaW4Yd2eF1dkHsg9RRs18CeUwKedNBCpA5GaFWcA09i9FPeP-Yezl4Hp5wXcdWmI9cyWuQ1Ku4XZSqM0422xujki8ns6pSMg
获取masterurl信息,能看到具体的ip:6443端口
bash
$ kubectl describe svc kubernetes
Name: kubernetes
Namespace: default
Labels: component=apiserver
provider=kubernetes
Annotations: <none>
Selector: <none>
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 172.96.0.1
IPs: 172.96.0.1
Port: https 443/TCP
TargetPort: 6443/TCP
Endpoints: xx.xx.xx.xx:6443
Session Affinity: None
Events: <none>
编写代码测试连接
bash
package com.sk.asia.k8s.api.service;
import io.fabric8.kubernetes.api.model.NamespaceList;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;
public class ApiService {
public static void main(String[] args){
String base64Token = "eyJhlc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYX-----token------qwUsVtPbwQV2-mnRPK43Eond-Hu8VyoEeRnU10gNl055EC4tg";
String masterUrl = "https://xx.xx.xx.xx:6443";
Config config = new ConfigBuilder()
.withTrustCerts(true)
.withMasterUrl(masterUrl)
.withOauthToken(base64Token)
.build();
KubernetesClient client = new DefaultKubernetesClient(config);
NamespaceList namespaceList = client.namespaces().list();
namespaceList.getItems()
.forEach(namespace ->
System.out.println(namespace.getMetadata().getName() + ":" + namespace.getStatus().getPhase()));
}
}
运行结果
bash
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
default:Active
kube-flannel:Active
kube-node-lease:Active
kube-public:Active
kube-system:Active
kuboard:Active
Process finished with exit code 0