• 生成集群admin token

生成集群admin token

在 K8s 中生成集群admin token需要创建一个admin用户并授予admin角色绑定，使用下面的yaml文件创建admin用户并赋予他管理员权限，然后可以通过token访问kubernetes：

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

然后执行下面的命令创建 serviceaccount 和角色绑定:

kubectl create -f admin-role.yaml

创建完成后获取secret中token的值:

# 获取admin-token的secret名字
$ kubectl -n kube-system get secret|grep admin-token
admin-token-nwphb                          kubernetes.io/service-account-token   3         6m
# 获取token的值
$ kubectl -n kube-system describe secret admin-token-nwphb
Name:        admin-token-nwphb
Namespace:    kube-system
Labels:        <none>
Annotations:    kubernetes.io/service-account.name=admin
        kubernetes.io/service-account.uid=f37bd044-bfb3-11e7-87c0-f4e9d49f8ed0
Type:    kubernetes.io/service-account-token
Data
====
namespace:    11 bytes
token:        非常长的字符串
ca.crt:        1310 bytes