#curl 访问apiserver格式 curl https://hostname:6443/api/v1/pods \ --header "Authorization: Bearer <token>"
#创建user token vim api-acc-sa.yaml apiVersion: v1 kind: ServiceAccount metadata: name: api-acc namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: api-acc roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: api-acc namespace: kube-system
kubectl create token api-acc -n kube-system # --duration 过期时间设定,默认时间很短 kubectl create token api-acc -n kube-system --duration=77760000s #官方文档原文连接url https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
