[英]Access Kubernetes API from container within Kubernetes
Yaml:
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: orchestration
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: orchestration
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: orchestration
roleRef:
kind: ClusterRole
name: orchestration
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: orchestration
namespace: default
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: orchestration-master
spec:
replicas: 1
template:
metadata:
labels:
app: orchestration
spec:
serviceAccountName: orchestration
containers:
- name: orchestration
image: joan38/orchestration:latest
ports:
- name: ui
containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: orchestration-ui
spec:
type: NodePort
selector:
app: orchestration
ports:
- name: http
protocol: TCP
port: 80
nodePort: 31010
targetPort: 8080
kubectl exec -ti --namespace default myContainer bash
curl -k https://kubernetes.default.svc.cluster.local/api/v1
Unauthorized
為什么? 如何認證?
服務帳戶的憑據安裝在/var/run/secrets/kubernetes.io/serviceaccount
curl https://kubernetes.default.svc.cluster.local/api/v1 \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.