KubernetesAPI接口启用注意事项

其他 2020-04-27 12:54:22 阅读次数: 0

KubernetesAPI接口启用注意事项

1.API授权访问

admin没有足够的权限,需要给admin选择一个合适的clusterrole.将admin这个user与clusterrole:cluster-admin bind到一起。
命令如下:
#kubectl create clusterrolebinding login-on-dashboard-with-cluster-admin --clusterrole=cluster-admin --user=admin
返回:clusterrolebinding.rbac.authorization.k8s.io "login-on-dashboard-with-cluster-admin" created
确认命令:
# kubectl get clusterrolebinding/login-on-dashboard-with-cluster-admin -o yaml
返回:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: 2018-04-26T06:22:23Z
  name: login-on-dashboard-with-cluster-admin
  resourceVersion: "3649"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/login-on-dashboard-with-cluster-admin
  uid: 2e85e277-491a-11e8-8665-000c2989f32f
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: admin

2.查看令牌

新版本访问系统页面需要令牌。
命令如下:
#kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
返回:
Name:         admin-user-token-7xnn4
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=bb669eea-4916-11e8-8665-000c2989f32f

Type:  kubernetes.io/service-account-token

Data
====
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTd4bm40Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiYjY2OWVlYS00OTE2LTExZTgtODY2NS0wMDBjMjk4OWYzMmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.iJ1QZ1JLwjI7DF0mrBpgUFSftOX-vd0Mk_6mXrMrjYPFiQo6lDHP-sO3Jyun02Y9lJTr2zNPW74bTF1fu0JuoStWsa3vj4QA4Aylv_wLpnMLuWDMGvpwL1xcZrwZgLwMnmcUyWjpmW6vEYZPQ-xhBPTZgyaVtL7KyN0PE8JBU1krTW4Fh-nuEbgCF8rQ2E_REbt0EqUAPNKaKRz00vWTglAVN-vIR5tgz7-xAZJmlayw2jyVBNRVEByfQS8YWYN6g6iDJecEGFFpXbyXltTtgMK6WPar81YUgpEWyVAKtzm41Rd7ITVxaoj1NExQlYklG9UOxURXHptSbi0av-P2AQ
ca.crt:     1346 bytes

3.删除用户

终端命令操作删除用户:
# curl -i -k -XDELETE https://192.168.1.183:6443/api/v1/namespaces/test —basic -u admin:test1234
注释:test是对应的用户名,-u后面是用户名密码
24K不怕
原创文章 29 获赞 81 访问量 1万+
关注 私信

猜你喜欢

转载自blog.csdn.net/cuixhao110/article/details/105269606
今日推荐
Apache Doris 2.0.10 版本正式发布!
开源日报 | 大模型开战;大模型独角兽被曝卖身;周鸿祎建议谷歌开源所有产品;最大开源AI社区提供1000万美元共享GPU
开源日报 | Chrome内置Gemini的意义不在于Gemini;中国AI追随之路的五大误区;ECharts创始人“下海”养鱼;谷歌I/O开发者大会什么都有,只是没有惊喜
微软回应中国区AI团队“打包赴美”传闻
基于大语言模型的开源知识库问答系统 MaxKB GitHub Star 数量突破 5,000 个!
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
周排行
阿里云短信服务平台注册
Windows下的字符串处理(1)
sqoop: mysql导入数据到hdfs, hive, hbase
commons.lang中常用的工具类
离线安装PostgreSQL11.6
使用PyTorch简单实现卷积神经网络模型
一文彻底搞定谱聚类
一道面试题引发的血案
One Chat for Mac(聊天工具)
TCP/IP的底层队列是如何实现的?
每日归档
更多
2024-05-17(34)
2024-05-16(6)
2024-05-15(24)
2024-05-14(0)
2024-05-13(18)
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022