aliyun k8s get token
2024-09-11kubectl get secret -n default $(kubectl get sa admin-token-sa -n default -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 -d
kubectl get sa admin-token-sa -n default -o yaml
1、cat << EOF > default-token.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-token-sa
namespace: default
secrets:
- name: admin-token-secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-token-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-token-sa
namespace: default
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: admin-token-secret
namespace: default
annotations:
kubernetes.io/service-account.name: "admin-token-sa"
EOF
2、kubectl apply -f default-token.yaml
serviceaccount/admin-token-sa created
clusterrolebinding.rbac.authorization.k8s.io/admin-token-clusterrolebinding created
secret/admin-token-secret created
3、kuboard
default
secret保密字典
admin-token-secret
编辑
4、token有效期
kubectl edit sa admin-token-sa -n default
creationTimestamp: "2024-09-11T09:25:46Z"
在Secrets:下添加
expirationTimestamp: "2034-09-11T09:25:46Z"设置token有效期
5、vi get_kuboard_token.sh
echo -e "\033[31m$(kubectl -n kuboard get secret $(kubectl -n kuboard get secret kuboard-admin-token | grep kuboard-admin-token | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)\033[0m"
kubectl -n kuboard get secret kuboard-admin-token -o go-template='{{.data.token}}' |base64 -d
分类:Linux | 标签: |