typora/note/K8S/实战笔记/kubepi连接k8s集群.md

1. docker部署 kubepi

docker run --privileged -d --name kubepi --network=internal -v /root/data/kubepi:/var/lib/kubepi -p 8180:80 --restart=unless-stopped 1panel/kubepi

2. 创建用户，绑定集群管理员角色

kubectl create sa kubepi-user -n kube-system
kubectl create clusterrolebinding kubepi-user --clusterrole=cluster-admin --serviceaccount=kube-system:kubepi-user

3. 获得token

• k8s小于1.27版本自动创建secret

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubepi-user | awk '{print $1}') | grep token: | awk '{print $2}'

• k8s大于等于1.27版本取消自动创建token，需要手动创建

apiVersion: v1
kind: Secret
metadata:
  name: secret-kubepi-user
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: kubepi-user
type: kubernetes.io/service-account-token

• 创建secret后获取token

kubectl describe secret secret-kubepi-user -n kube-system | grep token: | awk '{ print $2}'