43 lines
1.0 KiB
Markdown
43 lines
1.0 KiB
Markdown
|
### 1. docker部署 kubepi
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
docker run --privileged -d --name kubepi --network=internal -v /root/data/kubepi:/var/lib/kubepi -p 8180:80 --restart=unless-stopped 1panel/kubepi
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 2. 创建用户,绑定集群管理员角色
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
kubectl create sa kubepi-user -n kube-system
|
|||
|
|
kubectl create clusterrolebinding kubepi-user --clusterrole=cluster-admin --serviceaccount=kube-system:kubepi-user
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 3. 获得token
|
|||
|
|
|
|||
|
|
- k8s小于1.27版本自动创建secret
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubepi-user | awk '{print $1}') | grep token: | awk '{print $2}'
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
- k8s大于等于1.27版本取消自动创建token,需要手动创建
|
|||
|
|
|
|||
|
|
```yaml
|
|||
|
|
apiVersion: v1
|
|||
|
|
kind: Secret
|
|||
|
|
metadata:
|
|||
|
|
name: secret-kubepi-user
|
|||
|
|
namespace: kube-system
|
|||
|
|
annotations:
|
|||
|
|
kubernetes.io/service-account.name: kubepi-user
|
|||
|
|
type: kubernetes.io/service-account-token
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
- 创建secret后获取token
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
kubectl describe secret secret-kubepi-user -n kube-system | grep token: | awk '{ print $2}'
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
|
|||
|
|
|