TKG Cluster获取永不过期Token
登录TKC集群
$ kubectl vsphere login --server=192.168.203.194 \
--tanzu-kubernetes-cluster-name tkc-dev-cluster \
--tanzu-kubernetes-cluster-namespace tkc-01 \
--vsphere-username [email protected] \
--insecure-skip-tls-verify
生成管理员服务帐户并创建群集角色绑定
$ kubectl create serviceaccount napp-admin -n kube-system
$ kubectl create clusterrolebinding napp-admin --serviceaccount=kube-system:napp-admin --clusterrole=cluster-admin
手动创建管理员服务帐户的身份验证令牌
- 创建napp-admin.yaml
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: napp-admin
namespace: kube-system
annotations:
kubernetes.io/service-account.name: "napp-admin"
- 应用napp-admin.yaml文件
$ kubectl apply -f napp-admin.yaml
获取管理员服务帐户和群集证书颁发机构的身份验证令牌
$ SECRET=$(kubectl get secrets napp-admin -n kube-system -ojsonpath='{.metadata.name}')
$ TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d)
$ kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt
获取主管URL上的TKG集群
$ CONTEXT=$(kubectl config view -o jsonpath='{.current-context}')
$ CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}')
$ URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')
为TKG集群生成具有未过期令牌的配置文件
$ TO_BE_CREATED_KUBECONFIG_FILE="kubeconfig.conf"
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER --server=$URL --certificate-authority=./ca.crt --embed-certs=true
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials napp-admin --token=$TOKEN
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT --cluster=$CLUSTER --user=napp-admin
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT
查看最后生成的文件
令牌文件可以在任何地方进行调用,且永不过期
jianhua@napp:~$ cat kubeconfig.conf
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EY3dNekV6TWpnMU9Gb1hEVE0wTURjd01URXpNek0xT0Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT1Y4CldzY2thdUV2ZGlRR3BlQkl3bUE4bWJackFGU3VrRUJiRlJWMW5QQ0h6UzBIOFUvUjlidWVManhlcFcvcEt2MmYKTUlUM2grV1RNZFpzRkVhd1o4MG5oWStFT2h4QXoxdnhFKzlrSVBCUmVtQ2lXQzBXZHFiNnRVb3RMb2JkSjBjbQpQMzVYUWxPY29BS0ViRTlmL25TZ0Z4anJZeVBmc1pwdGc2eW15VlNhWDA4elZOUzRHam05NUFBcFFtMEFFMS9VCm15TE5DK201OVd4R2hmc3o3SExCZ2Izb0hTME0zRFBVR2dOa1F3VGJKSWFVYTMxZXgvcS9FQTBkMG8wSnJIVHYKZXFDNEprQW9adENIM1E2S1hhU3JtQ285NldvTlJMeFdvSTBiU0NHL3lmSGpEcUlSSDRyV2pncmFCVCtHS1AxdQo0b2RXZTJXSjQ1MmptZ1hDSzNFQ0F3RUFBYU5GTUVNd0RnWURWUjBQQVFIL0JBUURBZ0trTUJJR0ExVWRFd0VCCi93UUlNQVlCQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSGNyWmErT1p2YmNGUVpZaFVPdEhOT0RkdmVtTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQ1pDZFF3L1ZRY2F5R2E5OTJ4bGFhQ3VMMzVvU1BZbThXVkZNUGhaQlk0UUluMwpGTUtPclV3b01YS245cTIyVTQ2S1BsMlhxUnIwY0ZhNHNUYmZycWVZdGVBcXBEa0prQ2ZpMm9kNVZKSmY3UkEvClcvdVdVN3FBZlNPWjUvWG9xRFhpRzhMWUNNZEluNTcrUzZDYWZNMGFKOE41NVRqRCtOSGJMQnNNRHB3MlRaRksKSE0ydUpFT3B6Nnl4NXJlR0NNUjllUDVxcytRdUQyTWhxVnFCTmo5aWlUQ0pNYjhtMERiWktLRHNDSzNtVnpSMQpiN1pmbG5kY2FFN0MzY0JINmRXRlYwQ2RKRUhuaVA4Szd5c25hRUxuMlNFdzdFaVQzekc0OGNyc1BldW5oVlRwCjliajNia05kV0laYmlQYUtGajF1SVdrNmxwRDFIT2VZNVNTSXlaYlUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://192.168.203.195:6443
name: 192.168.203.195
contexts:
- context:
cluster: 192.168.203.195
user: napp-admin
name: tkc-dev-cluster
current-context: tkc-dev-cluster
kind: Config
preferences: {}
users:
- name: napp-admin
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjRkdWFybXV5bTJnbnV0M0NZUEh2YVN2TmhmaVRsYllrQl9IRkxfNnUzcG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYXBwLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im5hcHAtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZDM1ZjQwMS1hYjg4LTQ2ZmUtODExNS0zN2NhMjQ3MTQzNGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bmFwcC1hZG1pbiJ9.HL916PaoGSFcIvPudWfnPk384TWTa7x6DCE2LgeB_eGhdN6heiD9XDbwBBlQ5t9nKRzWxHSqBuFmHUfFikK1ttQu9ZqiBcdSBfFi6KuxHp2jCr6AdFHc2dVLh-ZKMCwJ5KNqNseA2oippld2iTumb8qV15hzoyO_Fz8YVxLYE7uwwbl04tzMJowdG11Ph_p6t2Lh0XgwxhLk708eWrVMj9_nSMN2YVnurFiGkB_VipinJI50rsBiVzM4HQBqxK66PMzkCAAkjDTHS1G7X5ydCIXjlaas6Epb_fVy27jU4WJMl71b8Y3R_rvoLX7e4IZ5pcmBiDAGpD8AtDtcteOwYw
jianhua@napp:~$