[k8s]关于鉴权

设置credential

kubectl config set-credentials shiyanlou-admin --token eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InNoaXlhbmxvdS1hZG1pbi10b2tlbi14cm5ucSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzaGl5YW5sb3UtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2YmZjYjMyZi0zNzY4LTQ1ZGQtYWZhZS02NWFiMzIzMzY2ZDciLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzaGl5YW5sb3UtYWRtaW4ifQ.duxOkVmA42xXvg0CFfUgMnKk1delNJrX4vWxEPvQKenfGR0mR0EO6xxtXN5es77De23DIkFKnR9m9xcb67E3ceqFBVugNF4sJmLqIyusF2IQCLDkgv-ymbD3z8MkG0ngJ6fvmS2aLldkKCTA-xAKiDwn8xN0JK_LplcAmCQCpW-9vuyX66KDjfH4LBRgboggc43x7-k2pYCDSnWO_TKLSwDNX-NsUSSp_L6z436DEuy6JWGDKUsnZKP9tqwT4Y1CrttZqju-MB8Gj4j6oOY8be5BMe2ReF3QdpcThWb_uvIrleoktcR84n2m_kdH49b9eaXhXNMTjO2XKp-j9JXz2A

查看

kubectl describe secrets shiyanlou-admin-token-xrnnq

添加配置、服务端证书

kubectl config set-cluster k8s-learning --server https://192.168.143.131:6443 --certificate-authority /etc/kubernetes/ssl/ca.pem --embed-certs=true

设置鉴权

kubectl config set-context k8s-learning-ctx --cluster k8s-learning --user shiyanlou-admin

　　

使用新创建的鉴权,使用kubectl get有报错说forbiden说明设置成功，如果要求login说明设置证书有问题

kubectl config use-context k8s-learning-ctx

　　

切换回kubernetes admin的鉴权

kubectl config use-context context-cluster1-admin

鉴权只是说这个账号有没有权限连接api server，通过之后再设置权限

添加角色：

kubectl create role shiyanlou-admin-role --resource pod,service,deployment,secret,ingress --verb create,update,delete,patch,get,list,watch

　　

添加角色绑定

kubectl create rolebinding shiyanlou-admin-rulebinding --role shiyanlou-admin-role --serviceaccount default:shiyanlou-admin

　　

切换鉴权

kubectl config use-context k8s-learning-ctx

使用鉴权查看结果

kubectl get pods