设置credential
kubectl config set-credentials shiyanlou-admin --token eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InNoaXlhbmxvdS1hZG1pbi10b2tlbi14cm5ucSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzaGl5YW5sb3UtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2YmZjYjMyZi0zNzY4LTQ1ZGQtYWZhZS02NWFiMzIzMzY2ZDciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzaGl5YW5sb3UtYWRtaW4ifQ.duxOkVmA42xXvg0CFfUgMnKk1delNJrX4vWxEPvQKenfGR0mR0EO6xxtXN5es77De23DIkFKnR9m9xcb67E3ceqFBVugNF4sJmLqIyusF2IQCLDkgv-ymbD3z8MkG0ngJ6fvmS2aLldkKCTA-xAKiDwn8xN0JK_LplcAmCQCpW-9vuyX66KDjfH4LBRgboggc43x7-k2pYCDSnWO_TKLSwDNX-NsUSSp_L6z436DEuy6JWGDKUsnZKP9tqwT4Y1CrttZqju-MB8Gj4j6oOY8be5BMe2ReF3QdpcThWb_uvIrleoktcR84n2m_kdH49b9eaXhXNMTjO2XKp-j9JXz2A
查看
kubectl describe secrets shiyanlou-admin-token-xrnnq
添加配置、服务端证书
kubectl config set-cluster k8s-learning --server https://192.168.143.131:6443 --certificate-authority /etc/kubernetes/ssl/ca.pem --embed-certs=true
设置鉴权
kubectl config set-context k8s-learning-ctx --cluster k8s-learning --user shiyanlou-admin
使用新创建的鉴权,使用kubectl get有报错说forbiden说明设置成功,如果要求login说明设置证书有问题
kubectl config use-context k8s-learning-ctx
切换回kubernetes admin的鉴权
kubectl config use-context context-cluster1-admin
鉴权只是说这个账号有没有权限连接api server,通过之后再设置权限
添加角色:
kubectl create role shiyanlou-admin-role --resource pod,service,deployment,secret,ingress --verb create,update,delete,patch,get,list,watch
添加角色绑定
kubectl create rolebinding shiyanlou-admin-rulebinding --role shiyanlou-admin-role --serviceaccount default:shiyanlou-admin
切换鉴权
kubectl config use-context k8s-learning-ctx
使用鉴权查看结果
kubectl get pods