以获取Dashboard的登录Token为例:
#!/bin/bash
#创建RBAC&Token
kubectl apply -f - << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
#创建角色绑定关系
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
---
#创建secret(重点是这个创建secret指定类型为token)
apiVersion: v1
kind: Secret
metadata:
name: dashboard-admin-secret
namespace: kube-system
annotations:
kubernetes.io/service-account.name: "dashboard-admin"
type: kubernetes.io/service-account-token
EOF
#关联token证书
kubectl patch sa dashboard-admin -p '{"secrets": [{"name": "dashboard-admin-secret"}]}' -n kube-system
#查看token
kubectl get secret -n kube-system $(kubectl get serviceaccount dashboard-admin -n kube-system -o jsonpath='{.secrets[0].name}') -o go-template='{{ .data.token | base64decode }}'
微信扫一扫,打赏作者吧~