首页 > 系统相关 >VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token

VMware vSphere Tanzu部署_15_TKG Cluster获取永不过期Token

时间:2024-07-04 17:55:13浏览次数:15  
标签:TKG vSphere Tanzu name kubectl -- napp cluster admin

TKG Cluster获取永不过期Token

登录TKC集群

$ kubectl vsphere login --server=192.168.203.194 \
--tanzu-kubernetes-cluster-name  tkc-dev-cluster \
--tanzu-kubernetes-cluster-namespace tkc-01 \
--vsphere-username [email protected] \
--insecure-skip-tls-verify

生成管理员服务帐户并创建群集角色绑定

$ kubectl create serviceaccount napp-admin -n kube-system
$ kubectl create clusterrolebinding napp-admin --serviceaccount=kube-system:napp-admin --clusterrole=cluster-admin

手动创建管理员服务帐户的身份验证令牌

  • 创建napp-admin.yaml
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
   name: napp-admin
   namespace: kube-system
   annotations:
      kubernetes.io/service-account.name: "napp-admin"
  • 应用napp-admin.yaml文件
$ kubectl apply -f napp-admin.yaml

获取管理员服务帐户和群集证书颁发机构的身份验证令牌

$ SECRET=$(kubectl get secrets napp-admin -n kube-system -ojsonpath='{.metadata.name}')
$ TOKEN=$(kubectl get secret $SECRET -n kube-system -ojsonpath='{.data.token}' | base64 -d)
$ kubectl get secrets $SECRET -n kube-system -o jsonpath='{.data.ca\.crt}' | base64 -d > ./ca.crt

获取主管URL上的TKG集群

$ CONTEXT=$(kubectl config view -o jsonpath='{.current-context}')
$ CLUSTER=$(kubectl config view -o jsonpath='{.contexts[?(@.name == "'"$CONTEXT"'")].context.cluster}')
$ URL=$(kubectl config view -o jsonpath='{.clusters[?(@.name == "'"$CLUSTER"'")].cluster.server}')

为TKG集群生成具有未过期令牌的配置文件

$ TO_BE_CREATED_KUBECONFIG_FILE="kubeconfig.conf"
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-cluster $CLUSTER --server=$URL --certificate-authority=./ca.crt --embed-certs=true
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-credentials napp-admin --token=$TOKEN 
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE set-context $CONTEXT --cluster=$CLUSTER --user=napp-admin
$ kubectl config --kubeconfig=$TO_BE_CREATED_KUBECONFIG_FILE use-context $CONTEXT

查看最后生成的文件

令牌文件可以在任何地方进行调用,且永不过期

jianhua@napp:~$ cat kubeconfig.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EY3dNekV6TWpnMU9Gb1hEVE0wTURjd01URXpNek0xT0Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT1Y4CldzY2thdUV2ZGlRR3BlQkl3bUE4bWJackFGU3VrRUJiRlJWMW5QQ0h6UzBIOFUvUjlidWVManhlcFcvcEt2MmYKTUlUM2grV1RNZFpzRkVhd1o4MG5oWStFT2h4QXoxdnhFKzlrSVBCUmVtQ2lXQzBXZHFiNnRVb3RMb2JkSjBjbQpQMzVYUWxPY29BS0ViRTlmL25TZ0Z4anJZeVBmc1pwdGc2eW15VlNhWDA4elZOUzRHam05NUFBcFFtMEFFMS9VCm15TE5DK201OVd4R2hmc3o3SExCZ2Izb0hTME0zRFBVR2dOa1F3VGJKSWFVYTMxZXgvcS9FQTBkMG8wSnJIVHYKZXFDNEprQW9adENIM1E2S1hhU3JtQ285NldvTlJMeFdvSTBiU0NHL3lmSGpEcUlSSDRyV2pncmFCVCtHS1AxdQo0b2RXZTJXSjQ1MmptZ1hDSzNFQ0F3RUFBYU5GTUVNd0RnWURWUjBQQVFIL0JBUURBZ0trTUJJR0ExVWRFd0VCCi93UUlNQVlCQWY4Q0FRQXdIUVlEVlIwT0JCWUVGSGNyWmErT1p2YmNGUVpZaFVPdEhOT0RkdmVtTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQ1pDZFF3L1ZRY2F5R2E5OTJ4bGFhQ3VMMzVvU1BZbThXVkZNUGhaQlk0UUluMwpGTUtPclV3b01YS245cTIyVTQ2S1BsMlhxUnIwY0ZhNHNUYmZycWVZdGVBcXBEa0prQ2ZpMm9kNVZKSmY3UkEvClcvdVdVN3FBZlNPWjUvWG9xRFhpRzhMWUNNZEluNTcrUzZDYWZNMGFKOE41NVRqRCtOSGJMQnNNRHB3MlRaRksKSE0ydUpFT3B6Nnl4NXJlR0NNUjllUDVxcytRdUQyTWhxVnFCTmo5aWlUQ0pNYjhtMERiWktLRHNDSzNtVnpSMQpiN1pmbG5kY2FFN0MzY0JINmRXRlYwQ2RKRUhuaVA4Szd5c25hRUxuMlNFdzdFaVQzekc0OGNyc1BldW5oVlRwCjliajNia05kV0laYmlQYUtGajF1SVdrNmxwRDFIT2VZNVNTSXlaYlUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    server: https://192.168.203.195:6443
  name: 192.168.203.195
contexts:
- context:
    cluster: 192.168.203.195
    user: napp-admin
  name: tkc-dev-cluster
current-context: tkc-dev-cluster
kind: Config
preferences: {}
users:
- name: napp-admin
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjRkdWFybXV5bTJnbnV0M0NZUEh2YVN2TmhmaVRsYllrQl9IRkxfNnUzcG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYXBwLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im5hcHAtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlZDM1ZjQwMS1hYjg4LTQ2ZmUtODExNS0zN2NhMjQ3MTQzNGEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06bmFwcC1hZG1pbiJ9.HL916PaoGSFcIvPudWfnPk384TWTa7x6DCE2LgeB_eGhdN6heiD9XDbwBBlQ5t9nKRzWxHSqBuFmHUfFikK1ttQu9ZqiBcdSBfFi6KuxHp2jCr6AdFHc2dVLh-ZKMCwJ5KNqNseA2oippld2iTumb8qV15hzoyO_Fz8YVxLYE7uwwbl04tzMJowdG11Ph_p6t2Lh0XgwxhLk708eWrVMj9_nSMN2YVnurFiGkB_VipinJI50rsBiVzM4HQBqxK66PMzkCAAkjDTHS1G7X5ydCIXjlaas6Epb_fVy27jU4WJMl71b8Y3R_rvoLX7e4IZ5pcmBiDAGpD8AtDtcteOwYw
jianhua@napp:~$ 

参考文章

标签:TKG,vSphere,Tanzu,name,kubectl,--,napp,cluster,admin
From: https://www.cnblogs.com/amsilence/p/18284329

相关文章

  • VMware vSphere Tanzu部署_14_部署容器应用
    1.部署运行容器应用1.1.登录tkc集群jianhua@napp:~/tkc$kubectlvspherelogin--server=192.168.203.194\--tanzu-kubernetes-cluster-nametkc-dev-cluster\--tanzu-kubernetes-cluster-namespacetkc-01\[email protected]\--insecu......
  • VMware vSphere Tanzu部署_13_创建TKC集群
    1.登录tanzu集群登录语法为:kubectlvspherelogin--server=--vsphere-username--insecure-skip-tls-verify$kubectlvspherelogin--server=192.168.203.194--vsphere-usernameadministrator@vsphere.local--insecure-skip-tls-verify登录示例jianhua@napp:~$k......
  • VMware vSphere Tanzu部署_12_下载使用Tanzu-K8S工具
    下载使用Tanzu-K8S工具Tanzu-K8S工具支持windows、linux、macoswindows下载安装tanzu-k8s工具访问命名空间内的链接到CLI工具链接将二进制文件复制到windows内的system32文件夹内linux下载安装tanzu-k8s工具#192.168.203.194这个IP地址替换为您环境下看到的IP地址......
  • VMware vSphere Tanzu部署_11_创建TKC命名空间
    创建TKC命名空间创建命名空间窗口tkc-01命名空间授权命名空间权限配置命名空间的访问权限配置tkc-01命名空间调用的存储配置tkc-01关联的VM服务此处勾选的VM类,将决定tkc集群可部署的集群节点大小和类型......
  • VMware vSphere Tanzu部署_10_开启Tanzu功能
    1.开启Tanzu功能1.1.Tanzu开启的必要条件网络需要为vds网络或者nsx网络esxi集群需要开启DRS和HA功能需要配置Tanzu存储策略需要部署有负载均衡(nsx或者haproxy或者nsxavi)需要配置有TanzuKubernetes内容库1.2.初始化Tanzu启用Tanzu功能选择tanzu网络为VDS网络......
  • VMware vSphere Tanzu部署_08_配置tanzu为单节点
    1.配置tanzu控制节点为单节点1.1.修改控制节点数量参数需要通过ssh登录vcenter,并进入bashshell查看/etc/vmware/wcp/wcpsvc.yaml中控制节点数量root@localhost[~]#sed-n'18,20p'/etc/vmware/wcp/wcpsvc.yamlclusterconfig:minmasters:3maxmasters:3ro......
  • VMware vSphere Tanzu部署_09_配置tanzu内容库
    配置Tanzu内容库Tanzu内容库订阅地址为:https://wp-content.vmware.com/v2/latest/lib.json如下为配置步骤在vcenter中配置内容库即可......
  • VMware vSphere Tanzu部署_07_tanzu存储策略配置
    tanzu存储策略配置tanzu存储类别配置tanzutag标签配置tanzutag标签分配tanzu存储策略配置......
  • VMware vSphere Tanzu部署_05_vyos虚拟路由器部署
    1.VYOS虚拟路由器部署1.1.VYOS虚拟路由器镜像下载在此处可以下载VYOS虚拟路由器镜像:https://vyos.net/get/nightly-builds/1.2.VYOS虚拟路由器部署创建虚拟机时,选择debian10vyos默认用户名和密码均为vyos1.3.VYOS虚拟路由器接口配置setinterfacesethernet......
  • VMware vSphere Tanzu部署_04_vCenter管理esxi并迁移网卡到DSwitch
    本次操作采用powershell来进行操作1.安装powershell和VM插件1.1.安装powershell在如下位置下载powershell进行:https://github.com/PowerShell/PowerShell/releases1.2.安装vm组件在cmd内输入pwsh后,输入:Install-Module-NameVMware.PowerCLI-ScopeCurrentUser......