|NO.Z.00018|——————————|^^ 重要 ^^|——|CI/CD&GitLab操作 .V08|——|GitLab.管理K8S集群|

一、利用Gitlab管理k8s集群:权限设置
### --- 获取k8s集群API地址
~~~     查看k8s.apiserver地址

[root@server13 ~]#  kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}'
https://10.10.10.13:6443
### --- 获取k8s集群默认CA证书
~~~     查看k8s.CA 证书

[root@server13 ~]## kubectl get secrets
NAME                  TYPE                                  DATA   AGE
default-token-cvfqx   kubernetes.io/service-account-token   3      3d21h
二、查看secrets证书:default-token-cvfqx 为上面获取到的secrets的名称,用以下命令查看证书
[root@server13 ~]# kubectl get secret default-token-cvfqx  -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTIwMDgxNzA5MjAwMFoXDTMwMDgxNTA5MjAwMFowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIM
iOGHeolaxkE+kqZtc8kDbGFhwqGxNxg4orbIjrz//Z6vrgqo2COn2NjKrVM11bmz
VhHPCruc3snfTLIS+/Z6gZqgpw5ruX8OjfH4nhr9npKxdBon3soa10EovPwMz1KW
laqbuLKTbtTm+oCtAKYXUlzqrFGR//GW2D3bjl1QGOPbAR0pggdxSpPo6oUgtEQJ
QAsNOJ40qMjevi3fnrNDrMqmcNKlSlkw8+Gf4TqM1EfAERRHiEcb/W3hOGWV0gdm
vaq7CE/ENeD1O11NE76BMmk5WO0u6ot4OmP35TTlx8K0N/WPyq76RlH7somiIb8S
1NpAzg+9K0vv1QmILScCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEVgIlTFDoFhb3KA0RMVjckgsP3O
OB7vTEws6w9ZDGJsNlbbCa15f8q3VmERSkfjAhfG4I9gb4KI0CM5Xt3JhU76GWsO
ZXHDfK7AzDGpLPUxlygkK7c7XCES/GEJe5agBxQyCo2pAvcj/nb+JIBeSh8JcG05
pzPhL11it9hDqmS5k92+63xGs/SDEzXEbBVMnyZWiv+AOHlO1/IFofUD3VHcSRMY
wH5j6Irc0p0XTnFg+GHBpqjxwMWxP6IxdVrsOWUALM5oOJYn4aJQy5kSpJFkwNW8
xDvVgtOWq5P9fVfnE4Am0LI/DevzYtcr3O9hUmCfEOnF0hC0n4ghYOPqiB4=
-----END CERTIFICATE-----
三、设置rbac
[root@server13 ~]# vim gitlab-admin-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: gitlab-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: gitlab-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: gitlab-admin
  namespace: kube-system

[root@server13 ~]# kubectl apply -f gitlab-admin-service-account.yaml
serviceaccount/gitlab-admin created
clusterrolebinding.rbac.authorization.k8s.io/gitlab-admin created
四、获取gitlab-admin的token
[root@server13 ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')
Name:         gitlab-admin-token-pmb2h
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: gitlab-admin
              kubernetes.io/service-account.uid: bc9e1f94-088d-41f4-8e18-f31f1e9a9369

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InluNWZyY3V5T1BjNmFFQlpmRVBmOGFOenRmVkx1U0dCRDFhT0s5dEtGeXMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJnaXRsYWItYWRtaW4tdG9rZW4tcG1iMmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZ2l0bGFiLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYmM5ZTFmOTQtMDg4ZC00MWY0LThlMTgtZjMxZjFlOWE5MzY5Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmdpdGxhYi1hZG1pbiJ9.HGNf2_q_NS7ASk2ID6Y658PMpDIruFLr70VGk9I_dAP-rYt81FarjQhIQPn554SrtmiTp-iQ_j7slX_YRsGHlpo74VrBM2SirDToXobuSpe77v6MFx6Ol2UsUrxY0ulm_DAjOhZ16jlohPWlhkP0083KBfywwdpyF2oVdALQnT4sI1aDxgUHs-Pmg6D0NbdN0Ipb--s-Z59QKGr1XH4Pp0Qb9kze6KCJSWOk8-4pwtpQcT7K2MA1ucyEJB283D5ChQSddo9q7pBkEwq94TLy-ZbAhHgO89OqVIjY-3H-rb5Kd3meGrtGJZJscx7xnn6_DEvbBwp8DmCoM4vfFLUUow
五、在gitlab上添加k8s集群
 
 
 
 
 
 
 
 
 
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
                                                                                                                                                   ——W.S.Landor
 

 

posted on   yanqi_vip  阅读(86)  评论(0编辑  收藏  举报

相关博文:
· |NO.Z.00079|——————————|^^ 部署 ^^|——|KuberNetes&kubeadm.V08|5台Server|——|kubernetes-master|直接注册|Token未过期|
· |NO.Z.00382|——————————|CloudNative|——|KuberNetes&CI/CD.V20|——|Jenkins.v08|kubeconfig多集群配置.v02|
· Kubernetes-高级平台开发-全-
· K8S权限管理-普通用户
· 基于kube-vip创建k8s高可用集群
阅读排行:
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· 别再用vector<bool>了!Google高级工程师:这可能是STL最大的设计失误
· 单元测试从入门到精通
< 2025年3月 >
23 24 25 26 27 28 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31 1 2 3 4 5

导航

统计

点击右上角即可分享
微信分享提示