{"id":237,"date":"2022-01-06T14:48:28","date_gmt":"2022-01-06T06:48:28","guid":{"rendered":"https:\/\/www.db2go.net\/?p=237"},"modified":"2022-01-06T14:48:28","modified_gmt":"2022-01-06T06:48:28","slug":"%e4%bd%bf%e7%94%a8token%e8%ae%bf%e9%97%aeapiserver","status":"publish","type":"post","link":"https:\/\/www.db2go.net\/?p=237","title":{"rendered":"\u4f7f\u7528token\u8bbf\u95eeapiserver"},"content":{"rendered":"
    \n
  1. \u751f\u6210token<\/li>\n<\/ol>\n
    head -c 16 \/dev\/urandom | od -An -t x | tr -d ' ' \n<\/code><\/pre>\n
      \n
    1. \u5c06\u751f\u6210token_auth<\/li>\n<\/ol>\n
      4288abaa5b9552d2bbecb7103ffc9974,bigdaddy,1\n<\/code><\/pre>\n
        \n
      1. \u5728apiserver\u4e0a\u6dfb\u52a0\u9009\u9879<\/li>\n<\/ol>\n
        - --token-auth-file=\/etc\/kubernetes\/pki\/token_auth\n<\/code><\/pre>\n
          \n
        1. \u7ed9user bigdaddy\u751f\u6210\u6743\u9650<\/li>\n<\/ol>\n
          # cat bigdaddy.yaml\napiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: bigdaddy-admin-binding\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: admin\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n  kind: User\n  name: bigdaddy\n<\/code><\/pre>\n
            \n
          1. \u6d4b\u8bd5<\/li>\n<\/ol>\n
            \u4e0d\u52a0token\u7684\uff0c\u4f1a\u63d0\u793a\u6ca1\u6709\u6743\u9650<\/p>\n
            # curl  https:\/\/172.24.18.163:6443\/api -k\n{\n  \"kind\": \"Status\",\n  \"apiVersion\": \"v1\",\n  \"metadata\": {\n\n  },\n  \"status\": \"Failure\",\n  \"message\": \"forbidden: User \\\"system:anonymous\\\" cannot get path \\\"\/api\\\"\",\n  \"reason\": \"Forbidden\",\n  \"details\": {\n\n  },\n  \"code\": 403\n}\n<\/code><\/pre>\n
            \u52a0\u4e0atoken\u7684\uff0c\u4f1a\u8bbf\u95ee\u6b63\u5e38<\/p>\n
            # curl -H \"Authorization:Bearer 4288abaa5b9552d2bbecb7103ffc9974\"  https:\/\/172.24.18.163:6443\/api -k\n{\n  \"kind\": \"APIVersions\",\n  \"versions\": [\n    \"v1\"\n  ],\n  \"serverAddressByClientCIDRs\": [\n    {\n      \"clientCIDR\": \"0.0.0.0\/0\",\n      \"serverAddress\": \"172.24.18.163:6443\"\n    }\n  ]\n}\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
            \u751f\u6210token head -c 16 \/dev\/urandom | od -An -t x | tr -d ‘…<\/p>\n Read More<\/span> \u4f7f\u7528token\u8bbf\u95eeapiserver<\/span><\/a>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"Layout":"","footnotes":""},"categories":[3],"tags":[],"class_list":["entry","author-suredandan","post-237","post","type-post","status-publish","format-standard","category-k8s"],"views":1723,"_links":{"self":[{"href":"https:\/\/www.db2go.net\/index.php?rest_route=\/wp\/v2\/posts\/237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.db2go.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.db2go.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.db2go.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.db2go.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=237"}],"version-history":[{"count":1,"href":"https:\/\/www.db2go.net\/index.php?rest_route=\/wp\/v2\/posts\/237\/revisions"}],"predecessor-version":[{"id":238,"href":"https:\/\/www.db2go.net\/index.php?rest_route=\/wp\/v2\/posts\/237\/revisions\/238"}],"wp:attachment":[{"href":"https:\/\/www.db2go.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.db2go.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.db2go.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}