在使用lens管理k8s集群的时候,我们会需要创建一个admin的用户,用token去进行授权校验。
创建这个用户,并绑定角色
admin-role.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
生成token
kubectl create -f admin-role.yaml
查看token
kubectl -n kube-system get secret|grep admin-token
admin-token-csddf kubernetes.io/service-account-token 3 65m
kubectl -n kube-system describe secret admin-token-csddf
admin-token-csddf kubernetes.io/service-account-token 3 65m
kubectl -n kube-system describe secret admin-token-csddf
Name: admin-token-csddf
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin
kubernetes.io/service-account.uid: fbf32a86-f108-420f-82da-8b79acc80fc2
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: xxxxxx
创建 kub.conf
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://k8s-apiserver.xxx.com
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: cluster-admin
current-context: cluster-admin
kind: Config
preferences: {}
users:
- name: admin
user:
token: xxxx
lens加载即可