Kubernetes 配置
我们在这里可以配置 k8s 集群参数。
上游绑定到 k8s 服务,以及集群网关绑定 k8s,都需要先在这里进行配置。
下面我们来配置一个 k8s 集群。
首先点击 Add Kubernetes Cluster 按钮。
给 k8s 集群起个名字。填写好 k8s 集群的主机名和端口信息,以及是否验证,和 token 后点击创建。
k8s 集群配置创建成功。
我们连接 k8s 需要以下权限:
- namespace 的读取权限:get, list, watch
- service 的读取权限:get, list, watch
- endpoint 的读取权限:get, list, watch
- pod 的读取权限:get, list, watch
k8s 使用 token 来鉴权并获取权限,下面我们介绍如何得到一个拥有以上 k8s 权限的 token。
创建 token.yaml
文件
apiVersion: v1
kind: ServiceAccount
metadata:
name: openresty-edge-serviceaccount
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: openresty-edge-clusterrole
rules:
- apiGroups:
- ""
resources:
- namespaces
- services
- endpoints
- pods
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: openresty-edge-clusterrole-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: openresty-edge-clusterrole
subjects:
- kind: ServiceAccount
name: openresty-edge-serviceaccount
namespace: default
执行以下命令获取 token
$ kubectl apply -f token.yml
$ kubectl describe secret $(kubectl get secret | grep openresty-edge-serviceaccount | awk '{print $1}') | grep "token: " | awk '{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6InJOZkJvNWItMDhYOXBfUGw2czBleWxNWXZBWi1KOXFqQ05GdjVCWUdpc3cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im9wZW5yZXN0eS1lZGdlLXNlcnZpY2VhY2NvdW50LXRva2VuLTdkMjk5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Im9wZW5yZXN0eS1lZGdlLXNlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYjkzZTI0MzAtNGFjMi00Y2ZjLWExYzktNzEyZjMxZmM4ZTUzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6b3BlbnJlc3R5LWVkZ2Utc2VydmljZWFjY291bnQifQ.I0x3A0Z1Oe_WQVKtCooYqas6JcQbvSxd0sFpFLecLT4vACDFyB3TsxAoVg1WPIzIue-VXoWUSij9Fa-RCHM_5k_mbY9nyuaJDjq8ziMZdlOHHRcgoACcCjUIK_2-o0D8PaNpHs5X3JZYmbQTXMMjs81Sd0sNsSJ2XIvhwN4Qkg9FCngFxPf_xBWYUh8EbMALde53GyB3LgKwgXu_538skCvoH2SGWXCr6oYc7W1wngHrrmy7Wzq_NlTlL-hQtEz9ST8Rik1zHbItrfQpgmW4d2UOrZ6IL91ZpKDGNS4gNt7pJ8opEvMascg92O28H9Y9kAIgJtOZFBHSQl10DADHBw