### rbac.yaml

```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: prometheus
  namespace: devops

---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: monitoring-token
  namespace: devops
  annotations:
    kubernetes.io/service-account.name: "prometheus"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: prometheus
rules:
- apiGroups:
  - ""
  resources:
  - nodes
  - services
  - endpoints
  - pods
  - nodes/proxy
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - "extensions"
  resources:
    - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - nodes/metrics
  verbs:
  - get
- nonResourceURLs:
  - /metrics
  verbs:
  - get
---
#apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: prometheus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: prometheus
subjects:
- kind: ServiceAccount
  name: prometheus
  namespace: monitoring
```



### token.yaml

```yaml
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: prometheus
  namespace: devops
  annotations:
    kubernetes.io/service-account.name: "prometheus"

```



### 查看token

```bash
kubectl describe secrets  prometheus -n devops
```

```bash
Name:         prometheus
Namespace:    devops
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: prometheus
              kubernetes.io/service-account.uid: fcb541a1-c929-4f77-a759-dd2dda845798

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InE2V1A1Y2V1QUxTV3BQRkVreDFCMlgwYjFDRXNDc2lpTFlPdk12TFdBYmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZXZvcHMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoicHJvbWV0aGV1cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJwcm9tZXRoZXVzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmNiNTQxYTEtYzkyOS00Zjc3LWE3NTktZGQyZGRhODQ1Nzk4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRldm9wczpwcm9tZXRoZXVzIn0.GNxB8hX7Z_2L9wj4gdlggImkR2yzn2KtUj83u_8po34qirji5R2lmk7U8Re2GIJJ4OWZr8J-LUmyPPamwPtcsVgF9despM-bdz-1xDbaEmvxrhdXUtZXvnCcPRfYivGRWocWloJeinVaRmeu12wRokzHrBIpzEu8GZWpQZFrMH9CSwIBl8rPoeErf5a5FHIg2FTFF_VZCdgB9yTOVO_5iLKyK5CG6yZ-4K4M6xaiv1zdcnNG4eON2_2YJzE5FnAq3KoGMFU00IdUCFgQ29GowWlVj8ldZVP6NYl5SJ1Nf2L1xwgswnteFVN41conKlz6A3DeDSlhIEajoueohalXng
ca.crt:     570 bytes
namespace:  6 bytes
```