112 lines
2.5 KiB
Markdown
112 lines
2.5 KiB
Markdown
### rbac.yaml
|
|
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: prometheus
|
|
namespace: devops
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
type: kubernetes.io/service-account-token
|
|
metadata:
|
|
name: monitoring-token
|
|
namespace: devops
|
|
annotations:
|
|
kubernetes.io/service-account.name: "prometheus"
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: prometheus
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
- nodes/proxy
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- "extensions"
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- nodes/metrics
|
|
verbs:
|
|
- get
|
|
- nonResourceURLs:
|
|
- /metrics
|
|
verbs:
|
|
- get
|
|
---
|
|
#apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: prometheus
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: prometheus
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: prometheus
|
|
namespace: monitoring
|
|
```
|
|
|
|
|
|
|
|
### token.yaml
|
|
|
|
```yaml
|
|
apiVersion: v1
|
|
kind: Secret
|
|
type: kubernetes.io/service-account-token
|
|
metadata:
|
|
name: prometheus
|
|
namespace: devops
|
|
annotations:
|
|
kubernetes.io/service-account.name: "prometheus"
|
|
|
|
```
|
|
|
|
|
|
|
|
### 查看token
|
|
|
|
```bash
|
|
kubectl describe secrets prometheus -n devops
|
|
```
|
|
|
|
```bash
|
|
Name: prometheus
|
|
Namespace: devops
|
|
Labels: <none>
|
|
Annotations: kubernetes.io/service-account.name: prometheus
|
|
kubernetes.io/service-account.uid: fcb541a1-c929-4f77-a759-dd2dda845798
|
|
|
|
Type: kubernetes.io/service-account-token
|
|
|
|
Data
|
|
====
|
|
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InE2V1A1Y2V1QUxTV3BQRkVreDFCMlgwYjFDRXNDc2lpTFlPdk12TFdBYmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZXZvcHMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoicHJvbWV0aGV1cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJwcm9tZXRoZXVzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmNiNTQxYTEtYzkyOS00Zjc3LWE3NTktZGQyZGRhODQ1Nzk4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRldm9wczpwcm9tZXRoZXVzIn0.GNxB8hX7Z_2L9wj4gdlggImkR2yzn2KtUj83u_8po34qirji5R2lmk7U8Re2GIJJ4OWZr8J-LUmyPPamwPtcsVgF9despM-bdz-1xDbaEmvxrhdXUtZXvnCcPRfYivGRWocWloJeinVaRmeu12wRokzHrBIpzEu8GZWpQZFrMH9CSwIBl8rPoeErf5a5FHIg2FTFF_VZCdgB9yTOVO_5iLKyK5CG6yZ-4K4M6xaiv1zdcnNG4eON2_2YJzE5FnAq3KoGMFU00IdUCFgQ29GowWlVj8ldZVP6NYl5SJ1Nf2L1xwgswnteFVN41conKlz6A3DeDSlhIEajoueohalXng
|
|
ca.crt: 570 bytes
|
|
namespace: 6 bytes
|
|
```
|
|
|