在使用lens管理k8s集群的时候，我们会需要创建一个admin的用户，用token去进行授权校验。
创建这个用户，并绑定角色
admin-role.yaml

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

生成token

kubectl create -f admin-role.yaml

查看token

kubectl -n kube-system get secret|grep admin-token

admin-token-csddf                                kubernetes.io/service-account-token   3      65m

kubectl -n kube-system describe secret admin-token-csddf

admin-token-csddf                                kubernetes.io/service-account-token   3      65m

 kubectl -n kube-system describe secret admin-token-csddf

Name:         admin-token-csddf
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: fbf32a86-f108-420f-82da-8b79acc80fc2

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      xxxxxx

创建 kub.conf

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://k8s-apiserver.xxx.com
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: admin
  name: cluster-admin
current-context: cluster-admin
kind: Config
preferences: {}
users:
- name: admin
  user:
    token: xxxx

lens加载即可