创建k8s单独命名空间token账号,编辑ns-test1.yaml文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-ns-test1
namespace: ns-test1
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dashboard-ns-test1
namespace: ns-test1
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get","list","watch","exec","create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: dashboard-ns-test1
namespace: ns-test1
subjects:
- kind: ServiceAccount
name: dashboard-ns-test1
namespace: ns-test1
roleRef:
kind: Role
name: dashboard-ns-test1
apiGroup: rbac.authorization.k8s.io
执行生效
kubectl apply -f ns-test1.yaml
获取token,编辑get-token.sh文件
namespacename=$1
if [ "" == "$namespacename" ];then
echo "namespacename is null"
elif [ "admin" == "$namespacename" ];then
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-$namespacename | awk '{print $1}')
else
kubectl -n $namespacename describe secret $(kubectl -n $namespacename get secret | grep dashboard-$namespacename | awk '{print $1}')
fi
执行get-token.sh生效
sh get-token.sh ns-test1
