VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token

整体文章

VMware vSphere Tanzu部署_01_Tanzu架构设计

VMware vSphere Tanzu部署_02_ESXI系统安装

VMware vSphere Tanzu部署_03_vCenter部署

VMware vSphere Tanzu部署_04_vCenter管理esxi并迁移网卡到DSwitch

VMware vSphere Tanzu部署_05_vyos虚拟路由器部署

VMware vSphere Tanzu部署_06_haproxy部署

VMware vSphere Tanzu部署_07_tanzu存储策略配置

VMware vSphere Tanzu部署_08_配置tanzu为单节点

VMware vSphere Tanzu部署_09_配置tanzu内容库

VMware vSphere Tanzu部署_10_开启Tanzu功能

VMware vSphere Tanzu部署_11_创建TKC命名空间

VMware vSphere Tanzu部署_12_下载使用Tanzu-K8S工具

VMware vSphere Tanzu部署_13_创建TKC集群

VMware vSphere Tanzu部署_14_部署容器应用

VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token

VMware vSphere Tanzu部署_16_TKC集群节点VM密码获取

TKG Cluster获取永不过期Token

登录TKC集群

$ kubectl vsphere login --server=192.168.203.194 \
--tanzu-kubernetes-cluster-name  tkc-dev-cluster \
--tanzu-kubernetes-cluster-namespace tkc-01 \
--vsphere-username administrator@vsphere.local \
--insecure-skip-tls-verify

生成管理员服务帐户并创建群集角色绑定

$ kubectl create serviceaccount napp-admin -n kube-system
$ kubectl create clusterrolebinding napp-admin --serviceaccount=kube-system:napp-admin --clusterrole=cluster-admin

手动创建管理员服务帐户的身份验证令牌

  • 创建napp-admin.yaml
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
   name: napp-admin
   namespace: kube-system
   annotations:
      kubernetes.io/service-account.name: "napp-admin"
  • 应用napp-admin.yaml文件
$ kubectl apply -f napp-admin.yaml

获取管理员服务帐户和群集证书颁发机构的身份验证令牌

$ SECRET=$(kubectl get secrets napp-admin -n kube-system -ojsonpath='{.metadata.name}')
$ TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d)
$ kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt

获取主管URL上的TKG集群

$ CONTEXT=$(kubectl config view -o jsonpath='{.current-context}')
$ CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}')
$ URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')

为TKG集群生成具有未过期令牌的配置文件

$ TO_BE_CREATED_KUBECONFIG_FILE="kubeconfig.conf"
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER --server=$URL --certificate-authority=./ca.crt --embed-certs=true
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials napp-admin --token=$TOKEN 
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT --cluster=$CLUSTER --user=napp-admin
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT

查看最后生成的文件

令牌文件可以在任何地方进行调用,且永不过期

jianhua@napp:~$ cat kubeconfig.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EY3dNekV6TWpnMU9Gb1hEVE0wTURjd01URXpNek0xT0Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT1Y4CldzY2thdUV2ZGlRR3BlQkl3bUE4bWJackFGU3VrRUJiRlJWMW5QQ0h6UzBIOFUvUjlidWVManhlcFcvcEt2MmYKTUlUM2grV1RNZFpzRkVhd1o4MG5oWStFT2h4QXoxdnhFKzlrSVBCUmVtQ2lXQzBXZHFiNnRVb3RMb2JkSjBjbQpQMzVYUWxPY29BS0ViRTlmL25TZ0Z4anJZeVBmc1pwdGc2eW15VlNhWDA4elZOUzRHam05NUFBcFFtMEFFMS9VCm15TE5DK201OVd4R2hmc3o3SExCZ2Izb0hTME0zRFBVR2dOa1F3VGJKSWFVYTMxZXgvcS9FQTBkMG8wSnJIVHYKZXFDNEprQW9adENIM1E2S1hhU3JtQ285NldvTlJMeFdvSTBiU0NHL3lmSGpEcUlSSDRyV2pncmFCVCtHS1AxdQo0b2RXZTJXSjQ1MmptZ1hDSzNFQ0F3RUFBYU5GTUVNd0RnWURWUjBQQVFIL0JBUURBZ0trTUJJR0ExVWRFd0VCCi93UUlNQVlCQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSGNyWmErT1p2YmNGUVpZaFVPdEhOT0RkdmVtTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQ1pDZFF3L1ZRY2F5R2E5OTJ4bGFhQ3VMMzVvU1BZbThXVkZNUGhaQlk0UUluMwpGTUtPclV3b01YS245cTIyVTQ2S1BsMlhxUnIwY0ZhNHNUYmZycWVZdGVBcXBEa0prQ2ZpMm9kNVZKSmY3UkEvClcvdVdVN3FBZlNPWjUvWG9xRFhpRzhMWUNNZEluNTcrUzZDYWZNMGFKOE41NVRqRCtOSGJMQnNNRHB3MlRaRksKSE0ydUpFT3B6Nnl4NXJlR0NNUjllUDVxcytRdUQyTWhxVnFCTmo5aWlUQ0pNYjhtMERiWktLRHNDSzNtVnpSMQpiN1pmbG5kY2FFN0MzY0JINmRXRlYwQ2RKRUhuaVA4Szd5c25hRUxuMlNFdzdFaVQzekc0OGNyc1BldW5oVlRwCjliajNia05kV0laYmlQYUtGajF1SVdrNmxwRDFIT2VZNVNTSXlaYlUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    server: https://192.168.203.195:6443
  name: 192.168.203.195
contexts:
- context:
    cluster: 192.168.203.195
    user: napp-admin
  name: tkc-dev-cluster
current-context: tkc-dev-cluster
kind: Config
preferences: {}
users:
- name: napp-admin
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjRkdWFybXV5bTJnbnV0M0NZUEh2YVN2TmhmaVRsYllrQl9IRkxfNnUzcG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYXBwLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im5hcHAtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZDM1ZjQwMS1hYjg4LTQ2ZmUtODExNS0zN2NhMjQ3MTQzNGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bmFwcC1hZG1pbiJ9.HL916PaoGSFcIvPudWfnPk384TWTa7x6DCE2LgeB_eGhdN6heiD9XDbwBBlQ5t9nKRzWxHSqBuFmHUfFikK1ttQu9ZqiBcdSBfFi6KuxHp2jCr6AdFHc2dVLh-ZKMCwJ5KNqNseA2oippld2iTumb8qV15hzoyO_Fz8YVxLYE7uwwbl04tzMJowdG11Ph_p6t2Lh0XgwxhLk708eWrVMj9_nSMN2YVnurFiGkB_VipinJI50rsBiVzM4HQBqxK66PMzkCAAkjDTHS1G7X5ydCIXjlaas6Epb_fVy27jU4WJMl71b8Y3R_rvoLX7e4IZ5pcmBiDAGpD8AtDtcteOwYw
jianhua@napp:~$ 

参考文章

posted @ 2024-07-04 17:45  二乘八是十六  阅读(63)  评论(0编辑  收藏  举报